Improving with age

Review: Digital signature technology still requires planning, but products are better than ever

It's no secret that government has not made the shift to the paperless office. In many agencies and departments, processing and routing old-fashioned manila envelopes with memos and forms inside is still a chore that takes up a good deal of staff time. E-mail is, of course, faster and more efficient than hard-copy forms, but how to collect that all-important signature?

Digital and electronic signatures offer the allure of delivering signed electronic documents across a network or around the world in the blink of an eye. A digital signature encrypts a series of numbers that identify the originator of the encryption, the validity of the signature and whether any changes to the signature have been made. An electronic signature adds a visible image of a handwritten signature to the encrypted digital signature.

Many information technology decision-makers, however, have been hesitant to embrace digital and electronic signatures and automated forms for two reasons. First, there has been widespread sentiment that these technologies are not yet mature enough to securely handle highly sensitive documents. Second, there is a lot of confusion in general about the digital signature marketplace.

But agencies that have evaluated signature technologies and workflow automation in the past will definitely want to revisit the solutions now available. As we found during our recent evaluation, the technology has improved significantly. Solutions now available have improved usability, security and scalability.

Whether routing within the agency, across multiple agencies, with external business partners or citizens, solutions are available to make the process seamless and much less painful than the traditional manila envelopes or snail mail.

The only real drawback I found during my evaluation is that many of the solutions in this category are limited to Microsoft Corp. Windows-based technologies. This can complicate things for agencies that may be using Linux, Apple Computer Inc. Macintosh, Sun Microsystems Inc. Solaris or other computing platforms. To their credit, digital signature solution providers are beginning to adopt forms standards, such as HTML, Extensible Markup Language (XML) and Adobe Systems Inc.'s PDF, all of which easily can transcend platforms.

A word of caution to agency representatives who may be evaluating digital signature solutions: Check solution implementation requirements carefully.

Many solutions that support forms that are formatted in PDF, HTML, XML and others also require you to use a particular e-mail application or Web server to implement the solution. Care should be exercised to match available solutions to your computing environment. Providers in this category should also consider adopting a wider range of the industry standards, platforms and technologies that agencies use today.

To decide what solution your agency might need, it is best to divide this technology category into three segments. Probably the most developed and well-known segment is public-key infrastructure (PKI). Products in this category enable agencies to incorporate public and private key pairs, certificates and digital signatures into various applications, such as e-mail.

And a new breed of products has emerged that can augment a PKI strategy by increasing security and usability. If your agency is using or considering smart cards, fingerprint readers or retinal scan solutions, these are considered to be access add-ons that complement a PKI.

Most of the recent growth in digital signature tools comes from a third category of typically software-based solutions that can work with or without a PKI. These products are mainly concerned with integrating signature capabilities with agency business processes. They usually include repository services, workflow automation and authentication.

In this review, I examined a PKI service solution from VeriSign Inc. In addition, I tested Silanis Technology Inc.'s ApproveIt and Cardiff Software Inc.'s LiquidOffice — two software-based solutions that integrate neatly with agency processes.

I found that all three solutions are well prepared to go the distance for agencies that need to implement digital signature technologies in order to support interagency activities or secure transactions and messaging with business partners or the general public.

I also investigated a fourth solution from Digital Signature Trust Co., but did not include it in this comparison because the company was in the process of being acquired by Identrus LLC during my evaluation. However, the company's solutions are expected to continue once the acquisition has been completed.

Silanis' ApproveIt

Silanis' ApproveIt solution includes the ApproveIt Desktop and the ApproveIt Collaboration Server. ApproveIt neatly combines digital signature support with electronic signature capabilities. Joining the two technologies assures agencies that the signer is the authorized person.

I had no trouble setting up ApproveIt on a Windows 2000 platform. The client portion of the solution, ApproveIt Desktop, also can be installed on Windows 95/98 and Windows NT. The ApproveIt Collaboration Server installs on Windows 2000, but requires Microsoft SQL Server. The product also requires that form originators use Microsoft Outlook and that an Internet Information Server is available. This is fine if your agency is a Windows-based shop, but not such a good match if you use other vendors' e-mail solutions, databases or Web servers.

However, platform limitations aside, ApproveIt was marvelously easy to set up and use. The first step was to create an electronic signature file, which ApproveIt calls an ePersona file. The solution includes a handy tool that enables you to build an image file of your signature from various sources.

I tried creating several signature files. One file I created from a previously scanned signature, another using the mouse, one from a fax and one directly from my scanner. ApproveIt enables you to use a number of input devices to create your signature file.

Once the signature file is created, the user can select what type of digital signature to combine with the signature image file. ApproveIt supports third-party digital certificates from providers, such as VeriSign and Entrust Inc., but it also lets you generate a self-signed certificate.

The combining of electronic and digital signatures is handled transparently to the user, and the signature file is password-protected. Authorized users have the ability to modify their signatures, if necessary. Users can also view their own signature information to verify the validity of the file before signing documents.

ApproveIt supports signature capabilities on documents that are formatted using Microsoft Office documents, PDF files and output from Adobe Accelio's Capture FormFlow. This differs from Cardiff's LiquidOffice, which supports both PDF- and HTML-based forms.

I had no trouble inserting multiple signatures in Word documents and PDF files. Different users can be granted different rights based on their signing authority. For example, a consumer might fill out and electronically sign a request for federal grant money, but agency representatives could be given rights to validate the consumer's signature and approve or deny the request via their own signature.

Signers of documents would want to verify any previous signatures on a document, and ApproveIt prompts you to do this. You can tell if a signature is valid, has been revalidated, invalid or unusable based on icons that ApproveIt displays with documents and forms. ApproveIt is tightly integrated with Office, Adobe Acrobat and FormFlow via menu options that are added to these products during the installation of ApproveIt.

The ApproveIt Desktop can also be used with the ApproveIt Collaboration Server. The combined solution is ideal for agencies whose processes require signature activity with other agencies, business partners or citizens. As long as the other party has Office, Acrobat or FormFlow, the ApproveIt Collaboration Server automatically downloads the appropriate plug-in so the other party can sign documents and forms.

Silanis' ApproveIt is a solid solution that can easily be used within or outside of the agency for signature activities. Its tools and facilities are very easy to use and will require minimal training for agency staffers. Expansion of platform support to include Unix, Linux, Macintosh and other platforms as well as the inclusion of other formats, such as HTML and XML, would make ApproveIt even more valuable as a signature solution for a broader audience.

Cardiff's LiquidOffice

As with the Silanis ApproveIt solution, I had no trouble setting up Cardiff's LiquidOffice eForm Management System. The Cardiff solution combines three tools. The first is the Forms Designer, which I installed on a Windows 2000 platform. This graphical form-building tool can also be installed on Windows 98, Me, NT or XP. It cannot be installed on non-Windows platforms, such as Mac OS X or Linux.

The LiquidOffice Forms Server can be installed on Windows 2000, Windows NT or Solaris Version 8, and it can be used with Microsoft SQL Server or with Oracle Corp. databases. The third piece of the LiquidOffice solution is the Web Desktop, which supplies authenticated access to forms for processing and sign-off. The Web Desktop is browser-accessible, and the company officially supports access via Netscape Communication Corp.'s Versions 4.7 or 6.1 and Microsoft's Internet Explorer Version 5.01 and later. However, I also had no trouble accessing the Web Desktop using other browsers from Opera Software, the Mozilla Organization and Galeon.

I began by creating several forms using the Forms Designer. I had no trouble building forms using the included palette, which offers various form elements as well as access to fields you might want to add or hide as needed.

When adding signature blocks to our forms, I was able to select what attributes would be in play when the form was accessed and used. For example, I could lock certain form fields until a particular signature was provided. I could also define what the signature implied — approval, acknowledgment and so on.

I also had the choice of authenticating the signature using a LiquidOffice password, click-through on the part of the user or a certificate. These choices are good because a nonsensitive document could easily have signatures authenticated via click-through, while certificates could be used for information that required greater security.

After creating forms, I configured the options that would enable me to connect to the Forms Server to publish my forms. I merely added the Form Server URL and my user identification and password for access. I was then able to connect and publish forms in either PDF or HTML.

The publishing process is seamless to the user and it completes relatively quickly. Using a built-in publishing wizard, the user can determine if the form will be made publicly available or will be published for access by a specific group of individuals, such as the financial department.

Once published, I found it easy to use various Web browsers to access the Web Desktop to manipulate the published forms that I was authorized to use.

I logged on to the Web Desktop using Opera on Linux, Mozilla on Mac OS X, and both Netscape and Internet Explorer on several Windows platforms. I had no trouble accessing either PDF or HTML versions of the forms, and I was able to sign and route several documents and forms without incident.

LiquidOffice is a sound solution that combines easy-to-use form-building and publishing tools with industry-standard output, such as PDF and HTML. Its server component and Web-based accessibility make it ideal for a variety of agencies.

Like Silanis' ApproveIt, LiquidOffice supports verifiable digital signatures, but it does not include an image of your actual signature.

VeriSign's Managed PKI Service

VeriSign's Managed PKI for Server IDs Certificate Management System enables agencies to implement digital certificate technology across a broad range of platforms, systems and applications. Rather than implement this technology at an agency via a software-based approach, the VeriSign service speeds digital certificate implementation by making it available via the Web.

Under the umbrella of the VeriSign service, extranets, intranets, virtual private networks and e-commerce applications can easily be outfitted with digital signature technology. The company also supports digital certificates for major agency platforms, such as Lotus Development Corp.'s Notes, Microsoft Exchange and SAP AG's products, as well as securing technologies for wireless and smart card applications.

I decided to test-drive VeriSign's Managed PKI for Server IDs and the company's OnSite client. The former product can be used to implement digital certificate-based authentication and encryption across Web sites or for intranets. The latter is a useful tool that enables administrators to easily create and implement digital signatures.

I found it simple to interact with both the Managed PKI for Server IDs and the OnSite client. VeriSign has created wizard-based interfaces that are browser-accessible. I was able to step through the wizards in a short period of time and quickly implement secure digital certificates for our test environment.

VeriSign's services offer a different approach to implementing digital signature technologies when compared with the solutions offered by Cardiff and Silanis. For agencies, the upside of a service-based approach to digital signatures is that the deployment is outsourced, which may be well-suited to agencies that are under the gun to implement the technology.

The downside of this approach is that your agency has to have a pretty good understanding of digital signature technology and the knowledge of where it should be inserted in agency processes. VeriSign does offer consulting services and training to help their customers hit the ground running.

For agencies that need both digital certificates and electronic signatures (actual images of physically generated signatures), a combination solution that joins external PKI services to software-based add-on products may be the best approach.

What a Difference

ApproveIt and LiquidOffice are both sound software-based solutions that demonstrate just how much digital and electronic signature technology is maturing when compared with solutions available even just a year ago.

They differ on some details — one integrates with other products such as Office and Acrobat while the other supplies tools to generate and publish PDF- and HTML-based forms — but they both offer functionality that is reliable and ready to implement in agency workflow environments.

VeriSign's service offerings provide a different strategy for agencies that need to deploy digital signature technologies. By using one or more of the available service-based VeriSign solutions, agencies can outsource the creation and management of digital certificates.

These services enable the rapid implementation of digitally secured transactions, e-mail, and other server-based interactions across extranets and intranets supported by major agency platforms.

Before selecting a digital or electronic signature strategy, note what platforms, e-mail solutions, databases, and Web servers your agency has in play. In addition, account for all document formats your agency needs to support. You also need to consider platforms in use by the general public and at any partner organizations, including other agencies and businesses.

After careful evaluation of available services and solutions, your agency might be able to finally ditch those manila envelopes and reduce the amount of manual forms processing needed to conduct agency operations.

Biggs has more than 15 years of business and IT experience in the financial sector.

REPORT CARDS

ApproveIt Desktop/ApproveIt Collaboration Server

Score: B+

Silanis Technology Inc.

(888) 745-2647

www.silanis.com

General Services Administration pricing for ApproveIt Desktop is $143 per user. ApproveIt Collaboration Server pricing is available via GSA's contract schedule.

Silanis Technology's ApproveIt solution combines digital and electronic signature technology to support automated signing of multiple document types, including Microsoft Corp. Office and PDF. Forms can be created in any of the supported formats and easily routed via the Collaboration Server within an agency or to other agencies that also may need to sign the document.

Platforms: ApproveIt Desktop works with Windows 95/98, NT or 2000; ApproveIt Collaboration Server works with Windows 2000.

***

LiquidOffice eForm Management System

Score: B+

Cardiff Software Inc.

(888) 254-8918

www.cardiff.com

The LiquidOffice eForm Management System costs $15,000, which includes one Form Designer license, one Form Server and 50 full user log-in licenses. Government buyers receive a 17 percent discount.

Cardiff offers an easy-to-use digital signature solution that combines a forms designer and a forms repository with secure Web-based access to agency forms. The solution manages PDF, HTML and Extensible Markup Language-based forms and also supplies conversion tools for other formats, such as Microsoft Corp. Word.

Forms Designer works with Windows 98, Me, NT, 2000 or XP. Forms Server works with Sun Microsystems Inc. Solaris Version 8. Web Desktop with Windows 98, Me, NT, 2000 or XP; Microsoft's Internet Explorer 5.01 or later; and Netscape Communication Corp.'s Version 4.7 and 6.1.

***

Managed PKI/OnSite/GoSecure

Score: B+

VeriSign Inc.

(650) 426-5115

www.verisign.com

Pricing data is available via the General Services Administration contract schedule. VeriSign provides managed public-key infrastructure services and PKI add-on services for major applications, such as SAP AG's products, Lotus Development Corp.'s Notes and others. The company's offerings are easily accessible via a Web browser, and they integrate well with a variety of systems. Any browser-capable platform and major e-mail and transactional systems.

NEXT STORY: Calling for FISMA systems count