In 1970, when Stevie Wonder sang, "Signed, Sealed, Delivered, I'm Yours," the notion of the Internet and certainly an eMortgage--electronic mortgage--had not been conceived. However, today the lyrics aptly describe a special type of signature--the tamper seat--that enables the signing, securing and transit of eMortgage documents.
[ILLUSTRATION OMITTED]
What exactly is a tamper seal? There isn't a definition to consult; the term does not exist in the dictionary. A search on Wikipedia returns no results and suggests, "Do you mean Tampere Hall?" Tampere Hall has nothing at all to do with electronic signatures--it is a concert venue in Finland (maybe Stevie Wonder sang "Signed, Sealed, Delivered" there?). In order to understand what a tamper seal is and what it provides, one needs to look at how the act of signing a document changes in the electronic world.
When a legal document is signed on paper, all parties are acting on centuries of convention and law for written contracts. There is a presumption that the signer is bound to whatever the document states, that nothing changes once signed and that a signature from one document will not be transferred fraudulently to another. Traditional law and forgery forensics support the attestation indicating that the signer agreed to the content of the document.
On electronic documents, signers execute the electronic equivalent of the handwritten or "wet-ink" signature. Supported by two U.S. laws--the Electronic Signatures in Global and National Commerce Act (E-SIGN) and the Uniform Electronic Transactions Act (UETA)--any signature in an electronic form is the equivalent of a handwritten, wet-ink signature as long as the signature is attached to the electronic document.
The electronic signature may take many forms, such as entering a personal identification number, clicking an "I agree" button or using a stylus on a signature pad. These electronic signatures support the "signed" part of the requirements. However, what assurance is provided that the electronic document didn't change after a signature was executed?
On paper, it is not impossible, but it is difficult, to alter the interest rate or loan amount on a mortgage document after a signer has applied a signature with an ink pen (but not a pencil). In an electronic world, this is not true. An electronic document created and signed in a word processor may be easily altered after signing, without any evidence of the alteration.
The words "tamper" and "seal" provide clues as to the technology used to ensure the integrity of the documents. According to the American Heritage Dictionary, tamper is defined as "to interfere in a harmful manner" or, more aptly described in terms of the tamper seal, "to alter improperly." The definition of seal as "a small disk or wafer of wax, lead or paper, bearing such an imprint and affixed to a document to prove authenticity or to secure it" describes the intended meaning in tamper seal. "Wait a minute," you might say--"what does wax have to do with electronic signatures and making sure that the electronic document didn't change?"
Since ancient times, an initialed or embossed wax seal has been used to prevent letters or documents from being opened and altered by an unwelcome, prying individual. In fact, the use of a wax seal dates back so many years that it is referenced in the Old Testament, when Jezebel used Ahab's seal to counterfeit important documents. Governments used seals on proclamations as an authoritative stamp of approval.
In the Middle Ages, marriages were prearranged, and in order for words of a secret passion to be sent, a wax seal secured the love letter. In this way, recipients could be assured that their romance remained unknown to others. Prior to the invention of gummed envelopes, almost everyone had a seal, and it was common practice to destroy the seal when the owner died--which is the reason so few original seals are still in existence today. Additionally, the intaglio or the design of the seal conveyed the identity of the applier of the wax--providing proof that the item was actually from the sender and was not a forgery.
Today, if I were to send you a rolled up a piece of paper with a wax seal, you would be able to determine if any unauthorized access had occurred. When the wax seal is intact, you would know that the paper you received was the same one that I had sent to you. If the wax seal is broken, the integrity of the contents can no longer be verified. If you recognized the design of my seal, you would know it had been sent from me.
After a person has signed an electronic document, how is it possible to ensure that the document has not been altered after signing?
The tamper seal functions like a wax seal. If the tamper seal is intact, the contents of the electronic document have not been compromised. If the tamper seal is broken, the contents of the electronic document may have been altered. May have been altered? Yes, wax seals and tamper seals are the same, in that it is not possible to determine what may have been altered, just that the seal is broken and the contents cannot be trusted.
How does a tamper seal know if an electronic document changed? A tamper seal is a special type of electronic signature called a digital signature. The first step in creating a digital signature is to calculate a "fingerprint" of the electronic document using a mathematical algorithm. The fingerprint is unique and entirely based upon the specific content of the electronic document, including any signatures. Any change to the electronic document--even something as small as the insertion of a single character--will create two distinct and unlike digital fingerprints.
When the tamper seal is calculated, the creator of the digital signature specifies what is included in the fingerprint. As part of the calculation, the creator may choose to include only some parts of the electronic document and not others or the creator may choose to include the entire electronic document.
If there are multiple signers, there may be multiple fingerprints created after each signature is executed. Interim fingerprints would have the ability to protect the document and the signatures on the document until everyone has signed. Then, in the end, a final fingerprint is applied that included all signatures. The interim fingerprints could be kept or discarded, depending on the audit requirements of the system. Technically, the fingerprint calculation is known as the document "hash" or the "message digest."
Anyone can create a fingerprint of the document content. In order to prevent someone from changing an interest rate on an eNote and generating a new fingerprint, the hash value must be protected from alteration for the life of the document. In this way, the fingerprint is the equivalent of rolling the document into a scroll for the application of the wax seal.
The next step in creating a digital signature is to encrypt the fingerprint or apply the wax seal. Encryption alters the digital fingerprint into a coded value that is unintelligible to unauthorized parties so that it may not be altered. In order to encrypt the fingerprint or hash, the creator of the tamper seal uses a certificate. The certificate can be thought of as the emblem or intaglio used to create the impression of the wax seal. The certificate, just as the intaglio does, uniquely identifies the signer.
Digital certificates are sometimes referenced as the equivalent of a driver's license or a passport. A passport proves the bearer's name, nationality and date of birth; it contains a photograph and holograph signature for visual comparison. A third party issues a digital certificate, just as the federal government issues passports or a state issues driver's licenses.
The third-party "certificate authority" acts as the gatekeeper, much in the same manner the government does for passports. The certificate authority registers the certificate holder's name and address, allowing others to see if the certificate is valid, revoked or expired. The third-party certificate authority also has the ability to confirm the identity of the certificate holder, just as the U.S. State Department confirms American citizenship.
In order to seal the document electronically, the creator of the tamper seal uses the fingerprint or hash and information that is known only in the creator's passport or certificate. The certificate has two parts: a private key and a public key. The private key functions in the same way the intaglio does for a wax seal. The wax seal is created by dripping wax on the envelope or scroll; in this way, the wax can be thought of as the hash or fingerprint in the electronic world. The tamper-seal creator then creates an impression with the intaglio by using information in the certificate that is private and known only to the certificate holder. Only the person with the intaglio can create the wax seal, and the same is true for certificate holders with the private key.
Just as a person guards the intaglio to prevent forgery or misuse, so does the holder of the digital certificate. Often the intaglio was on a ring--a signet ring, which derives from the Latin signum, meaning "sign." The wearing of signet rings dates to ancient Egypt as a method of applying a seal to a document.
Private keys don't date quite that far back, but they serve the same purpose as signet rings. Private keys contain information about the identity of the signer and allow for the creation of the wax seal. An additional layer of security exists with the certificate authority, who is able to verify the owner and validity of the certificate.
The tamper-seal creator encrypts the hash by using information from the private key found in the certificate. The encrypted result is the tamper seal. The tamper seal contains the encrypted hash--the fingerprint in a disguised form--for the document and information from the certificate. Now that the document has been sealed, the document with the tamper sea! is sent to the recipient.
With the wax seal, the recipient sees the impression from the intaglio in the wax. The impression conveys information about the signer, much in the same way that the public key is included in the tamper seal to provide information about the creator. The impression in the wax may be thought of as the public key from the signer's certificate. Any recipient of a tamper seal is able to inspect the public key in order to determine the identity of the signer and the certificate authority. When the certificate authority is known, the status and the validity of the certificate may be confirmed.
The recipient of a document with a tamper seal must perform a few steps to determine the integrity of the electronic document. That is, was the seal on the document broken or is it still intact?
In order to determine if the wax seal is to be trusted, the recipient must first decode the unintelligible fingerprint of the document. The tamper seal is decrypted--that is, made intelligible to the recipient--by using the public key in the certificate. The recipient may choose to consult the certificate authority--just as immigration officials do on passports--as to the identity of the tamper-seal creator and the validity of the public key. If everything checks out with the certificate authority for the public key, it is used to turn the hash--the document fingerprint--back into something recognizable. Now the tamper seal has the original document fingerprint in a form that is usable.
Once a tamper-seal recipient has a fingerprint in an intelligible form, the next step is to determine if anything in the electronic document has changed. What is the best way to determine this? The tamper-seal recipient recalculates the fingerprint or hash on the document contents. With the fingerprint calculated by the tamper-seal creator, the recipient compares the recalculation with what was attached to the document when the tamper-seal hash was created. If the two calculations or fingerprints match, the electronic document has not changed or has not been tampered with.
If the two calculations do not match, the electronic document has been tampered with. Just as in the case of a wax seal, it is not possible to determine what changed in the electronic document--just that something changed. Something is broken and the contents are not to be trusted.
If a wax seal is broken, the recipient immediately has questions about the integrity of the document. In the electronic world, if the recalculation result of the digital fingerprint differs from the tamper-seal creator's calculation, the electronic document cannot be trusted. For eMortgages, this is the mechanism used to verify that an electronic document has not been altered in any way since the last signer signed.
Therefore, by using a tamper seal, it is possible to "lock down" the contents of an electronic document after a signer has applied his or her signature. The tamper seal secures the document and allows for the detection of alteration or tampering. For eMortgages, this is an essential part of the process. It is necessary to know who signed the document and that the document did not change after the last signer executed his or her signature at closing.
One further safeguard is in place for eMortgages--the MERS[R] eRegistry. As soon as possible after the eNote is "locked down," the industry requires that the tamper seal, the specific fingerprint for an eNote, be encrypted with a private key and the tamper seal be registered with MERS. The eRegistry is only for eMortgages, and is separate from other services offered by MERS for paper loans. All MERS processes track mortgage ownership for mortgages; however, the eRegistry provides a system of record that identifies the owner of an eNote and retains the tamper seal specific to that eNote.
Registration of an eNote means that a copy of the encrypted hash is retained in the MERS eRegistry. This allows the mortgage industry to verify the eNote owner as well as the identity of the tamper-seal creator with the certificate authority. Before purchasing an eNote, an investor has the ability to recalculate the fingerprint, as well as compare the tamper seal with what is on record at MERS. If the recalculation of the tamper seal does not match the fingerprint in the eNote, the integrity cannot be trusted. However, if the recalculation comparison matches, the integrity of the eNote can be further checked with the system of record on the eRegistry. If the tamper seal does not match the eRegistry, the integrity cannot be trusted. The eRegistry offers a two-factor verification mechanism for the eNote tamper seal.
Paper fails in comparison here. There is no "real" wax seal, just an envelope. There is reliance on the fact that, because it is wet ink, no unauthorized alteration has occurred. Moreover, there is no trusted third party to consult in case of suspected alteration.
So, next time the words "tamper seal" pop up, think wax seal--and try to not wax poetic. Remember that a tamper seal is a combination of a fingerprint, a wax seal, a passport and the State Department, but taken to a next, electronic level. Signed, sealed, delivered, the tamper seal is yours, and it has the future security of your eMortgage in its hands--so don't you worry 'bout a thing.
State of the eMortgage Industry
How is the industry innovating the eMortgage process? According to Alpharetta, Georgia-based Xerox Mortgage Services' 2010 Path to Paperless survey:
* 35 percent of survey respondents are planning to implement eSignatures at the closing table in 2011 or later;
* 16 percent are currently evaluating paperless origination and underwriting; and
* 49 percent have already implemented paperless origination and underwriting.
Rachael Sokolowski is senior director of technology strategies and information management services for Treliant Risk Advisors, a financial services firm in Washington, D.C. She can be reached at rsokolowski@treliant.com.
Комментариев нет:
Отправить комментарий