Lesson 7: Key Decision 1 - Type of Credential Used
- How Credentials Are Issued
- Most credentials issued by or registered with the system require protection as they travel between registrant and system.
- Credentials that are registered (rather than issued) may need the system to enforce strength requirements and—where issued by a third party—ensure authenticity.
- Credentials that incorporate biometrics or include cryptographic keys will need specialized technologies to support them.
- Credentials issued in connection with hardware tokens will require support for users' implementation.
- Approach to Binding Signatures to Document Content
- Credentials that include cryptographic keys may execute signatures that are automatically bound to the document being signed by incorporating a message digest or hash value uniquely related to the document content.
- Other kinds of credentials lack this functionality, and so require an independent approach to signature binding.
- How Signatures Are Validated
- Signatures executed with third party credentials require interaction with the issuing authority to determine that the credentials are authentic.
- Credentials that provide cryptographic keys may require decryption functionality for validation of the signatures they execute.
- How Signatures Are Included in the COR As defined in § 3.3 of CROMERR, a true and correct copy of an electronic document received by an electronic document receiving system, which copy can be viewed in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information. A copy of record includes: 1) All electronic signatures contained in or logically associated with that document; 2) The date and time of receipt; and 3) Any other information used to record the meaning of the document or the circumstances of its receipt.
Credentials that are included "in the clear" in the signatures they execute (for example, as a PIN or password) need to be "shielded" in some way on the copies of record (COR), for example, by being encrypted or hashed.