Ask a group of people to name their most serious reservation about working electronically, and it's a good bet most of them will say "security." With online information increasingly becoming the new currency of the construction business, keeping careful tabs on who has access to what data is more important than ever. Equally critical is knowing that the data is genuine and legally binding, especially when it's a proposal to bid or a contract to perform work.

"That's what so fun about this electronic marketplace," says Rodney Moss, an attorney in the construction and procurement law group at Bradley Arant Rose & White LLP, Birmingham, Ala. "This is a whole new ball of wax, when paper never exists and information gets exchanged in a number of ways," he says.

FACE IT Biometric system cross-references face, lip movement and voice characteristics. (Photos courtesy of BIO-ID)

For decades, the motion picture industry has used ultra-high-security access systems as the gist of spy movies. Now, technology that can keep prying eyes away from proprietary project or financial data is reality. And unlike James Bond gadgets, these devices can be plugged into or loaded onto a garden variety desktop computer. Devices offer top-secret security for bargain basement prices, sometimes less than $100.

Working securely today means different things to different users. For some, security is established by embedding a code in a document, such as a digital signature. "It speeds up the whole process for everything that has to be approved and signed off on by the client," says Phillip Leshinsky, director of toll service planning and technology at Parson Brinckerhoff in New York City.

While use of electronic signature technology has been evolving in private industry for years (ENR 12/16/96 p. 34), last June's signing of the Electronic Signatures in Global & National Commerce Act by former President Bill Clinton provided a quantum leap forward. For the first time, electronic contracts and other digital documents can now have the same legal status as hardcopy contracts, if properly e-signed. The law, which took effect last Oct. 1, supplanted more than 40 different state laws.

THUMBS DOWN Sensor allows one-touch log-in to desktop computer system. (Photo courtesy of Ethentica)

For an electronic signature to be valid, the new law requires it to be authentic and be accompanied by a valid reason for use. Vendors are now offering software that complies with those rules. The Cyber-Sign program from San Diego-based Cyber-Sign Inc., combines individual desktop software that plugs into the Adobe Systems' Acrobat document creation software. It costs $99 with server-based software priced at more than $1,700.

As a user writes his or her name, the server-based software analyzes the shape of a signature and the dynamics of how it is created, such as speed, pressure and timing. The server software also records hand movements through wind changes directly above the tablet when the stylus is not touching it.

UBIQUITOUS Universal USB plug or PC card fits most systems. (Photo courtesy of Kingston Technologies)

Once a signature is on file, a user simply draws a box in the area where the signature is to be placed, pulls down a menu and identifies the reason for the signature, such as "approved" or "not approved." The system also will work on Microsoft Office documents created on standalone PCs, but the computer needs to be connected to the server when inserting the signature.

To reduce huge paper costs in facility design and construction, the Atlantic Division of the Naval Facilities Engineering Command has adopted Adobe Acrobat Portable Document Format as the common file format for its documents. Any additions to specifications must be digitally signed before they can be released for bid. While results have yet to be officially quantified, NAVFAC expects to reduce by half the time spent for document authorization and request for proposal preparation.

PROTECTING A NAME

While electronic signatures may greatly improve productivity, more widespread use faces barriers. "The big problem is how to protect your signature," says Leshinsky. As e-signature technology evolves, new methods are emerging to address that concern. In addition to filling out a form or signing a graphics tablet, a digital signature can also be a thumbprint. Some software can even enable laptop users with a track pad to sign a signature on the pad.

A prospective electronic signature user can register with a third-party security firm such as VeriSign, Entrust Technologies or Check Point Software that issues digital certificates. That certificate can then be used to "sign" documents. Each time a document is sent, the receiver can check with the security firm to verify the sender's identity. To prevent tampering and alteration, the certificate is encrypted.

POINTED Insulating layer of patented print-recognition system improve accuracy.

"Smart card" technology is another option. It usually consists of a credit card fitted with a computer that stores private information about a user. According to a report issued Feb. 7 by Schlumberger Test & Transactions Inc., the Austin, Texas-based subsidiary of Houston global technology firm Schlumberger Ltd., worldwide shipments of smart cards in 2000 grew 27% over 1999 to 1.79 billion units. The firm says wireless applications will continue driving technology growth.

Using smart cards and passwords as a means of identifying both the sender and receiver, the U.S. Postal Service began Jan. 21 to offer an electronic version of certified mail called NetPost Certified. It allows the secure transmission of sensitive documents such as medical records and birth certificates.

A new USPS authority issues a digital certificate that is stored on a NetPost Certified smartcard. The card enables users to send electronic files securely and privately to government computers. The NetPost Certified service generates an electronic return receipt by USPS, verifying delivery of each transaction.

BIOMETRICS

Advances in both software and digital photography have given security-minded computer users and managers a host of options. No longer the stuff of science fiction, a desktop computer can now be used to identify people by their face, voice and other body parts.

For example, in a pilot project by the Tampa, Fla., police department and the Federal Bureau of Investigation last month during the Super Bowl, face-identification software was used to pick out faces of 19 petty criminals in the huge crowd of fans. The criminals were not arrested, however, because it was an experiment.

CARDED Scanned finger-print can become digital signature on documents. (Photo courtesy of Ethentica)

New software takes the practice to a new level by adding in other feature-checking options. Software called Bioid that is sold by Berlin, Germany-based D.C.S. AG combines face recognition with voice recognition and lip movement.

"With biometrics, there's no way that somebody else could get someone else's name and password," says Michael Ruhle, senior vice president. Originally developed to be a client-server technology to work with Novell networks, the system now also runs on a PC fitted with an inexpensive computer camera and microphone and costs under $100.

To create a profile, a user initiates the "record" mode, faces the camera, then repeats a word or phrase five times. It replaces the Windows Log-on screen when a PC is started up. Ruhle says the Web version of the system is being tested on four day-care-center monitoring systems. If successful, there are plans to use it later this year to verify surveyors who are studying on-line for a certification renewal test.

Inexpensive technology is also becoming more available from several firms to allow a user to simply press a fingertip on a small credit-card sized module to gain access to a PC. A user selects a finger to be used for identification, then presses the sensor three times to record information and four times to verify it. A highlighted task bar icon reminds users which finger is used to sign in. Data created from the fingertip is stored on the card.