E-Signature Law Opens New Doors for Security Firms

Sign on the dotted line. Autograph there by the X. Put your John Hancock right here.

Or if you prefer: Slide your “smart card” in the sensor, look into the iris scanner and double-click your mouse.

Technologies to verify a person’s identity in cyberspace got a big boost Friday when President Clinton inked his name on a bill that makes so-called digital signatures as legally binding as pen on paper.

The federal law means new opportunities for many computer security companies, including several in Southern California. They anticipate increased demand for security products that both enable electronic signatures to be made and reduce the risk of theft or wrongful use.

Large e-commerce security firms, such as VeriSign Inc. in Mountain View, Calif., and Entrust Technologies Inc. in Plano, Texas, stand to benefit from the new law. The measure also will give a boost to dozens of smaller companies, such as Litronic Inc. and Rainbow Technologies Inc., both based in Irvine, which produce software, biometric devices and smart-card systems.

“There couldn’t be better news for us than that bill,” said Litronic Chief Executive Kris Shah. “It puts credibility behind what we’ve been saying for years.”

Businesses and consumers already are using such technologies to sign supply contracts, loan agreements and insurance policies over the Internet. Several states have adopted laws giving legal muscle to online agreements.

But experts say the federal law will probably pave the way for a higher level of big-money transactions, particularly for brokerage houses, banks and other financial services industries.

Though it validates the use of digital signatures, the new law does not go far in defining them or in deciding which technologies should be used to create a legally binding agreement in cyberspace.

“There are about 12 different kinds of technologies, and 12 equally compelling stories about why each one is the best,” said James Van Dyke, a senior analyst at the market research firm Jupiter Communications. “The whole market is incredibly fragmented.”

Loosely defined, a digital signature is a long, unique string of electronic gibberish assigned to an individual. When a person applies that secret code to a document or transaction, it is assumed they intended to sign it.

But the challenge is in making sure that those who use digital signatures are who they claim to be. And that’s where the technology gets interesting.

A digital signature can be verified in one of three ways. The most widely used verification method is based on something you know, such as a password or your mother’s maiden name.

A second method is pegged to something you have, such as a so-called smart card that looks like a credit card and stores personal digital information. Some store information on a computer disk or on a key that plugs into the computer.

The third method, known as biometrics, is based on who you are. This identifies you using a device that digitally scans fingerprints, facial structure or the retina or iris of the eye.

Most security programs combine two or three technologies as checks and balances to verify signatures and identities.

Van Dyke predicts that the growing acceptance of electronic signatures will have the greatest impact on business-to-business transactions. “I’m sure this will take off, but I don’t think it will happen at the consumer level with any widespread adoption in the next two to three years,” he said.

That’s because consumers are generally reticent to embrace new technology if it means downloading a lot of software or buying new equipment just to do something online that they already can do relatively easily on paper. The burden will be on businesses to make electronic signatures worthwhile to their customers, Van Dyke said.

Still, business and financial institutions say the prospect of signing mortgages and closing other high-stakes financial deals over the Internet could save them hundreds of dollars in document preparation, overnight delivery and document storage costs on each transaction.

For online brokerage DLJDirect, an advocate of the federal law, the new rules will mean customers can open new accounts, change beneficiaries, authorize account rollovers and immediately transfer assets online.

“You’re dealing with consumers who have already chosen the online channel,” said Michael Hogan, general counsel of the Jersey City, N.J.-based brokerage. “They expect to be able to do business in real time, and this is going to allow us to meet those expectations.”

The new law also will spur many companies that use only mainstream technology to view e-signatures as more stable sooner than they otherwise would have, said industry analyst Eric Hemmendinger of the Aberdeen Group in Boston.

As acceptance of digital signatures in the marketplace increases, a handful of Southern California companies are vying for visibility and market share in an industry they say has enormous growth potential.

Litronic, which mostly has focused on securing computers for government agencies, is now courting businesses ranging from banks to stock brokerages and e-commerce Web sites. Its signature software operates with everything from smart cards to digital fingerprints.

This week, Litronic became the first to market a computer program that links e-signatures with a digital scan from the iris of a person’s eye to verify identity. A small desktop device emits a beam of red light from a lens to measure the unique patterns of a user’s inner eye before permission to use a digital signature is granted.

Rainbow Technologies offers the iKey, a little rod that houses the owner’s digital identity and plugs into the computer. When you leave your computer, you take the key--and your digital identity--with you.

Unlike smart cards, which require a separate card reader, the iKey plugs directly into a computer’s existing data port. A version of the product, developed by Rainbow and its encryption division, Mykotronx, is used in the White House communications office.

Meanwhile, Camarillo’s Interlink Electronics Inc. is betting that even in a world that operates at Internet speed, people will continue to place a sentimental value on the old-fashioned personal signature.

With a high-tech flat sensor screen, the company’s ePad can turn a traditional autograph into a biometric identification. Users sign their name on a glass surface that looks like the electronic signature pads used for credit card transactions in department stores.

But ePad signatures offer a higher level of security than the Bloomingdale’s checkout counter. Because the pad is pressure-sensitive, it is nearly impossible to forge a signature, the company says. The device remembers how hard you press down for each letter, whether you dot your I’s mid-word or at the end and how quickly you sign.

Ethentica of Lake Forest breaks a digital signature into fragments and houses the bits of information on several servers so that it cannot be stolen. With a $199 pop-out fingerprint sensor that plugs into a computer, a person can get his identity verified by Ethentica, which then reassembles the digital signature so the user can sign a document.

Year-old SignOnline Inc. in Irvine also offers signing and storage services. With SignOnline, two parties can visit a secure Web site for what the company calls “signing ceremonies” to review a document and sign it with their own digital imprint. The documents are stored electronically on SignOnline’s servers in Tucson.

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Virtual I.D.

With the stroke of an actual pen, President Clinton on Friday endorsed a bill allowing the use of digital signatures for legal documents. The new law opens the door for computer security companies that offer an array of digital identification devices:

* Pressure-sensitive pads that remember how you sign your name.

* Credit-card-size “smart cards” that store personal information.

* Devices that digitally scan fingerprints or the iris to verify identity.

* Keys that plug into computers and house your digital identity.