Electronic notaries can provide safe transmission

Several methods exist for ensuring confidentiality of the information and authenticity
of the partners. None has achieved widespread acceptance, in part because of the federal
law enforcement and intelligence communities' stubborn advocacy of technologies
unacceptable to most private firms.

Another problem is cost. Hardware-based solutions using key cards or smart cards may
cost as little as $100. But most of us are content to write and mail checks, and this
tendency extends to large organizations such as federal agencies.

The occasional late fee or timely refund may inspire dreams of electronic transactions,
but few of us would bother to dream further, even when paying taxes.

We need the means to make electronic commerce easy and trustworthy. The digital notary
may do this, according to Ken Gilpatric, a Justice Department lawyer, working on the
National Performance Review team.

Gilpatric describes the digital notary as similar to its paper counterpart. A customer
brings an electronic document to the digital notary for transmission to another party. The
notary checks the customer's identification, and if satisfied, uses his digital signature
to transmit the document with a note attesting to the identity of the source.

Like his paper counterpart, the notary would not need to read the document but simply
certify its source.

The digital notary would charge a nominal fee for his electronic signature
authenticating the message. For a larger fee, he could assure the integrity of the message
and nonrepudiation of its having been sent and received. For those requiring
confidentiality, he could also encrypt the message.

Instead of getting a seal from the state, the digital notary could get his certificate
from either a public or private certifying authority. The Postal Service has talked of
issuing public keys, which is basically what a digital notary's electronic seal is.

But companies like Verisign Inc. of Mountain View, Calif., might beat USPS to market,
thanks to help they are getting from certifying Microsoft's ActiveX routines.

USPS' advantage is its tens of thousands of offices. But Verisign and Netscape
Communications Corp. can recruit notaries electronically from the thousands of customers
who have vouched for themselves with credit cards and other personal information.

Their training and deployment costs would be relative to those of the Postal Service.
Their principal obstacle would be assuring themselves that their notary, John Doe, is who
he says he is. The Postal Service can safely assume the veracity of its employees'

Other potential competitors in the electronic commerce market are First Virtual Corp.
of Santa Clara, Calif., Cybercash Inc. of Reston, Va., and CommerceNet of Palo Alto,

An enterprising digital notary may need to sign up with several certifying authorities
because their solutions and methods may be incompatible, based on differing
public/private-key algorithms.

One gets a secret private key and a public key to be widely distributed, like a
telephone number. Text encoded with the public key can only be decoded with the private
key. If I send you a message encoded with your public key, only your private key will
decode it.

If I encode a message with my private key and then send it to you, it can only be
decoded with my public key, ensuring its authenticity as a message from me.

Many systems use faster single key algorithms and then hide that key by encrypting it
with the recipient's public key.

If secrecy is not necessary, message integrity can be guaranteed by using a so-called
hash algorithm. When I am ready to send, the message text is converted into a many-bit
number using the hash algorithm, and that number is encoded with both my private key and
the recipient's public key.

The slightest change in the message will result in a very different number when the
hash algorithm is applied by the recipient. The number can only be decoded by the
recipient's private key. The recipient knows the message is authentic-from only me-because
only my public key will decode the hash number.

Software can deal with these complexities. Now that intelligence agencies and the FBI
have backed off the Clipper chip and Fortezza card campaigns, vendors are coming to market
with solutions-even if the administration won't let them export the products.

Let's hope the domestic market for digital notaries will be enough to get the concept

Walter R. Houser, who has more than two decades of experience in federal information
management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpug.org/user/houser.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above