Digital signature solutions for e-Tendering, e-Submissions and Secure Web Form Uploads
Secure Web Form Uploads
The volume of web-based business interactions is ever-increasing in the drive to cut paper process by moving to automated online services. Common applications are e-Submissions or e-Filings, where end-users review and perhaps upload completed documents to a central service. Other example applications include forms based systems such as online account management, online purchasing plus local government services and central services such as e-tax, and e-Procurements. e-Tendering is a growing part of public sector business and has some specific requirements.
The underlying requirement for all such applications is that the transaction or document offers proof of authenticity, data integrity and non-repudiation. In the paper world ink is used. In the new electronic age digital signatures meet these requirements and do it better than ink. The signing key must be unique to the signer, under their control and the act of signing must be performed wilfully by the end-user. Typically this means signing using just a standard Internet browser and a locally-held signing key on a smartcard or USB token, however there are other options discussed later.
For public procurement confidentiality is a growing requirement. Currently systems protect information within a tender application but there is often weak legal binding. Privacy is also a concern since privileged users may be able to access very sensitive data. Encryption therefore requires strong cryptography. The decryption of data or documents can now be controlled by a security server that logs the action. Advanced security requirements may insist that the central authority cannot decrypt the tender information until after the official tender opening date and time). Furthermore the decryption process may need to offer a properly authorised and fully auditable operation. Multiple members of a jury may need to agree before the decryption process is authorised.
When assessing the tenders, all end-users signatures must be verified as part of determining that adequate trust exists. Within the EU it is entirely possible that the end-user’s qualified certificate may have been issued by any one of a large number of Certificate Authorities (CAs). Verifying the end-users’ digital signatures and assessing their quality and acceptability for the intended purpose can become a substantial challenge!
Once successfully decrypted and verified, the application may then also require to securely archive the document and any verification process metadata within a secure archive system for long-term availability either for regulatory/legal reasons or for dispute resolution purposes.
The benefits of e-submission process compared with a paper-based system include:
| Manual Paper-based Processes | Automated Electronic Processes |
| Expensive to handle and transfer | Up to 80% cheaper |
| Extended delivery times with concern about deadlines being missed | Immediate delivery |
| No proof document was received (assumes no recorded delivery for bulk documents) | Documents are uploaded to central site and acknowledgments or receipts are routinely provided. These should of course be signed and timestamped
|
- Paper documents need to be scanned in for further processing
- Recipient may reject document because of missing information or scanning errors
| - Documents can follow a straight-through-processing workflow
- Automated validation of key data as soon as document is received and verified as trusted
|
- Requires large scale, expensive storage space to archive many millions of documents
- Difficult to search through archive
- Difficult to back-up or duplicate the archive and requires even more storage!
| - Automated archiving easily performed after documents are received
- Easy to find the original document using metadata searches
- Easy to back-up and maintain resilient copies of archive
- Able to protect the authenticity and integrity of archived data using digital signatures and timestamps
- Easy to re-evidence for long-term preservation
- Able to archive hundreds of millions of documents on a single hard-disk!
|
- Requires expensive paper and transport with a negative impact on environment
| - Green alternative with a positive impact on the environment
|