Department of Transportation Guidelines for Electronic Signatures
U. S. DEPARTMENT OF TRANSPORTATION (DOT)
The Department of Transportation was established by an act of Congress
on October 15, 1966, the Department’s first official day of operation
was April 1, 1967. The mission of the Department is to:
Serve the United States by ensuring a fast, safe, efficient,
accessible and convenient transportation system that meets our vital
national interests and enhances the quality of life of the American
people, today and into the future.
FEDERAL RAILROAD ADMINISTRATION (FRA)
The Federal Railroad Administration (FRA) promotes safe and
environmentally sound rail transportation. With the responsibility of
ensuring railroad safety throughout the nation, the FRA employs safety
inspectors to monitor railroad compliance with federally mandated
safety standards including track maintenance, inspection standards and
operating practices. The FRA conducts research and development tests to
evaluate projects in support of its safety mission and to enhance the
railroad system as a national transportation resource. Public education
campaigns on highway-rail grade crossing safety and the danger of
trespassing on rail property are also administered by FRA.
49 CFR : Transportation
PART 213—TRACK SAFETY STANDARDS Subpart F—Inspection§ 213.241 Inspection records.
Link to an amendment published at 70 FR 66298, Nov. 2, 2005.
(e) For purposes of compliance with the requirements of this
section, an owner of track may maintain and transfer records through
electronic transmission, storage, and retrieval provided that—(1) The electronic system be designed so that the integrity
of each record is maintained through appropriate levels of security
such as recognition of an electronic signature, or other means,
which uniquely identify the initiating person as the author of that
record. No two persons shall have the same electronic identity;Using secure usernames and passwords that are unique to each user is critical.
(2) The electronic storage of each record shall be
initiated by the person making the inspection within 24 hours following
the completion of that inspection;Storing all files for a minimum of amount of time is important for
all federal ESIGN regulations. Users will then have enough time to
downloaded file to their computer, saved to a portable medium (CD, DVD
or others) or even printed to paper.Allowing any file type to be electronically signed increases the
availablity of the electronic record as described in Section 8 and
gives each business the ability to select the best electronic format
for their clients.(3) The electronic system shall ensure that each record cannot be modified in any way, or replaced, once the record is transmitted and stored;
File Integrity Hashes that can be used by all parties to
the electronic record to verify that no changes or errors have occurred
helps users to comply with (3).
U. S. FEDERAL AVIATION ADMINISTRATION (FAA)
The FAA is responsible for the safety of civil aviation. The Federal
Aviation Act of 1958 created the agency under the name Federal Aviation
Agency. The FAA adopted the present name in 1967 when we became a part
of the Department of Transportation. Their major roles include:
- Regulating civil aviation to promote safety
- Encouraging and developing civil aeronautics, including new aviation technology
- Developing and operating a system of air traffic control and navigation for both civil and military aircraft
- Researching and developing the National Airspace System and civil aeronautics
- Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation
- Regulating U.S. commercial space transportation
Acceptance and Use of Electronic Signatures, Electronic Recordkeeping Systems, and Electronic Manuals (online here)
e. Electronic Signature. The online equivalent of a handwritten
signature. It is an electronic sound, symbol, or process attached to or
logically associated with a contract or other record and executed or
adopted by an individual. It electronically identifies and
authenticates an individual entering, verifying, or auditing
computer-based records. An electronic signature combines cryptographic
functions of digital signatures with the image of an individual’s
handwritten signature or some other visible mark considered acceptable
in a traditional signing process. It authenticates data with a hash
algorithm and provides permanent, secure user-authentication.5. What is an acceptable electronic signature?
a. General. Before recent changes to permit the use of
electronic signatures, handwritten signatures were used on any required
record, record entry, or document. The electronic signature’s purpose
is identical to that of a handwritten signature or any other form of
signature currently accepted by the FAA. The handwritten signature is
universally accepted because it has certain qualities and attributes
(e.g., subparagraph c(4)(d) below concerning employee termination) that
should be preserved in any electronic signature. Therefore, an
electronic signature should possess those qualities and attributes that
guarantee a handwritten signature’s authenticity.b. Forms of Electronic Signatures.
- A digital signature
- A digitized image of a paper signature
- A typed notation
- An electronic code
- Any other unique form of individual identification that can be
used as a means of authenticating a record, record entry, or document(1) An electronic signature may be in the following forms.
(4) Signature Security. The security of an individual’s
handwritten signature is maintained by ensuring that it is difficult
for another individual to duplicate or alter it. An electronic signature should maintain an equivalent level of security.
An electronic system that produces signatures should restrict other
individuals from affixing another individual’s signature to a record,
record entry, or document. Such a system enhances safety by preventing
an unauthorized individual from certifying required documents, such as
an airworthiness release.Using File Integrity Hashes, that can be used
by all parties to the electronic record, helps to verify that no changes or errors
have occurred.(5) Non-repudiation. An electronic signature should
prevent a signatory from denying that he or she affixed a signature to
a specific record, record entry, or document.These are definitions of authentication and identification in
direct connection to repudiation of the signatory. These two concepts
go hand in hand. The stronger your authentication methods are, the less
risk you have regarding non-repudiation. It is best to authenticate
the user yourself. After all it is your client or business partner you
are signing the file with and you know if Steve is Steve, or if he is
really someone else.As was stated in (4), misrepresentation is not exclusive to the
electronic world, as a person could walk into your office and sign a
document, claiming to be someone they are not. This requires businesses
to establish authentication based on things they know. A business is
really seeking a way to make the signature capturing process an
extension of their current business process.By issuing the appropriate licenses directly to your client, as
opposed to using third party vendor verification, the user can help to
strengthen the case against repudiation. One assumes you know your
client or business partner and therefore your authentication of their
identity through a recognized email address, phone number and IP address is inherently more compelling than a third party vendor verification that you have never seen. Use secure usernames, passwords and email based ID to controll access to the files and signature to only authorized users.