Digital-signature app lets DOD users work their way up to PKI

Digital-signature app lets DOD users work their way up to PKI

Carl Saenz

For David White, electronic-signature capability is sometimes a matter of life or death. For Carl Saenz, it's a matter of convenience.

Both work for the Defense Department, and both are tired of waiting for DOD to adopt a full-scale public-key infrastructure. So both have turned to the ApproveIt digital-signature application from Silanis Technology Inc. of Montreal.

White, project director of the Army Medical Department's electronic support systems, negotiated a $1.5 million enterprise license for 40,000 copies of the software for his medical command crew worldwide.

'Even though we didn't have PKI, we wanted to take advantage of electronic signatures and leverage the PKI technology when it became available,' White said.

Saenz has been testing digital signature software for the past three years. Last year, he bought 1,200 copies of ApproveIt for $143 per copy through a General Services Administration schedule order. He expects to raise that to about 3,000 this year depending on the force at White Sands Missile Range, N.M.

'We're waiting for DOD to make a decision,' said Saenz, an information systems manager at White Sands. 'This is kind of preparing us for PKI.'

Silanis officials said the software will be compatible with the PKI program that Defense chooses, even if it is based on smart cards.

Saenz said that even with PKI, agencies still need a way to sign. So he thinks he's moving in the right direction.

Check before licensing

Barry West, chairman of the PKI Business Working Group of the PKI Steering Committee in GSA's Office of Governmentwide Policy, cautioned that agencies should be wary of licensing software that might not work with a future Defense PKI.

'My biggest concern down the road is how it is going to fit in,' West said.

Silanis claims customers at 80 federal agencies, some of which already have large-scale PKI. Company officials said an IRS office recently bought several thousand licenses, and the Mint bought about 2,000 licenses for $143 each through a GSA schedule contract.

ApproveIt runs under Microsoft Windows, and PC users run the application with the default encryption in their browsers. 'We sit on top of the security that's already there,' said Lynne Boyd, vice president of the federal division of Silanis in McLean, Va.

'There's a hash [algorithm] that binds together the document, the signature, the time you signed and how you signed,' she said. 'It's like creating an invisible audit token.'

Each time a user signs, a field pops up for entering a password and personal identification number. Nothing subsequently can be changed without the original signer's password and PIN.

The security of the digitally signed documents is not in question, West said, but 'there's no guarantee that it's going to be interoperable' with what DOD eventually chooses.

For small offices, the application is useful, he said, but for larger ones it could be a waste of money. 'It really isn't a replacement for PKI,' West said.

The application runs under Microsoft Windows 9x, NT 3.51, NT 4.1 and 2000. It can digitally sign documents in Microsoft Word and Excel, Adobe Acrobat, JetForm FormFlow, Extensible Markup Language and Hypertext Markup Language formats.

For documents in XML or HTML, a $10,000 ApproveIt developers' kit is required.

Users can digitally sign documents three ways. They can create an ePersona signature file with a $225 digital ePad, or manually sign a printed copy of the electronic signature form and fax it to Silanis for conversion. Or they can use the ePersona Server software, which lets them sign with a mouse.

Both White and Saenz use an ePad, which remains in a systems administrator's office. White said new personnel enter their signatures when they have their fingerprints and photos taken.

White has integrated the software and drivers into his forms management system, the Army Medical Electronic Forms Support System.

'If there's a form that a patient needs to sign, you want that person to sign electronically so you can keep that form in an electronic state,' he said. 'You never want to resort to paper printing.'

Leave requests ASAP

Saenz said he can get requests for leave approved and signed in 15 minutes instead of days. His personnel use it to sign and send documents through different chains of command, he said.

Between 1996 and 1999, White Sands made 25 million photocopies of documents, and now 'we have a very good future in saving time and paper,' he said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above