Difference Between Direct & Arbitrated Digital Signature

The desire of businesses and individuals to go paperless has been hindered by the inability to sign legal and contractual documents other than by the traditional means of printing and completing in ink. The advent of the digital signature, either direct or arbitrated, has alleviated this roadblock for many. A digital signature is able to incorporate security measures using private keys (known only by the sender) and public keys (known by both sender and receiver). The public keys "unlock" the encrypted signature upon receipt. Since these keys are known only by the sender, receiver and in some instances an arbiter of the digitally signed document, they can be verified as authentic, if required.

Understanding a direct digital signature begins by recognizing there are only two parties involved in the passing of the signed information: the sender and the receiver. Direct digital signatures only require these two entities because the receiver of the data (digital signature) knows the public key used by the sender. And the sender of the signature trusts the receiver not to alter the document in any way.

Implementing an arbitrated digital signature invites a third party into the process called a "trusted arbiter." The role of the trusted arbiter is usually twofold: first this independent third party verifies the integrity of the signed message or data. Second, the trusted arbiter dates, or time-stamps, the document, verifying receipt and the passing on of the signed document to its intended final destination.

Knowing the potential problems with a direct digital signature will help to differentiate it from an arbitrated digital document. Perhaps the biggest concern is the need for trust between the sender and receiver since there is no independent verification process in place. This process also requires the sender to have a private key (the receiver only has the public key they both share), and if the sender says it was lost or stolen, he can claim the signature is forged. Having the private key actually stolen, and subsequently forging signatures, is a potential security threat using a direct digital signature.

Filling many of the concerns of the direct signature by using a trusted arbiter, an arbitrated signature has shortcomings of its own. Using an arbiter requires complete trust from both the sender and receiver that the arbiter will not only time-stamp and forward the document as instructed, but also not alter the data in any way. There is also the possibility that an arbiter may show bias toward one party or the other should any discretion arise.