A young material scientist, Shaikh entered the software arena through his work on the Rainbow 100 when he got the idea to put imaging on XWindows, which was the birth of his document management company Image-X. The goal of the company was to convert all paperwork to digital imaging, but eventually corporations began to insist that the future lies in sending electronic documents as well as receiving them. This shift in focus would prove to be pivotal for Shaikh.
“It could be a multi-billion dollar merger that goes through multiple penetrations, multiple layers of approval, and at the end you require signatures of the CEOs, CFOs, and multiple parties,” says Shaikh, now the Co-Founder and President of Esign Inc. Following this train of thought, Shaikh realized that he needed to focus on the three vital areas of security, cloud, and mobility.
With this new vision, Esign Inc. was born.
Identifying an Ongoing Problem
The federal government’s involvement in the security of electronic documents can be traced back to 1994 with Bill Clinton’s signing of the Digital Signature Act. Control over the electronic signature statutes was passed over to the state level, where states began creating their own statutes and mostly stuck to the ESIGN (Electronic Signatures in Global and National Commerce) Act. When this did not go very far, Shaikh realized that he needed to look at security from a different perspective to solve a puzzle that seemed to elude practically everybody over the years.
PKI, Public Key Infrastructure, was a technical architecture created by the NSA that issued everyone two keys—a public key and a private key. Esign Inc. realized that this method of encryption/decryption was a great way of authenticating people, but it hadn’t yet been used in a way that was truly effective. Companies were and still are hosting customer information in their servers and having the info captured by hackers. With projections of e-commerce booming into a multi-billion dollar industry still looming, these security holes proved to be a threat.
Esign Inc. figured that if they encrypted the information individually, then the process of capturing it would become more complicated. Decrypting one file would not be beneficial enough to hack an entire server, and the hackers wouldn’t know which files belong where.
Workflow can be pretty complex in any organization and it keeps changing
With this in mind, Esign Inc. began working toward its original goal—the development of a solution to the security challenges facing the electronic documents space.
Answering the Hard Questions
“As we are noticing, security has become the key element everywhere,” explains Shaikh. “Workflow can be pretty complex in any organization and it keeps changing.” Of the many people that Esign Inc. engaged with, none of them could come to a consensus on how workflow should work. Everyone, from company to company and industry to industry, was managing their workflows differently. So what Esign Inc. developed was a series of solutions that targeted multiple workflows across different industries and enhanced the focus on security, mobility and the cloud.
Esign Inc. was awarded two patents for “storage of confidential information” and “secure authentication of mobile devices” using a digital certificate-based authentication and encryption process. The idea was that encrypting documents using digital certificates based PKI (Public key/private key) based encryption of data and document at an individual data envelope level would offer granular control that made hacking at a mass level difficult. In addition, Esign’s digital signatures come with a number of security advantages. Their use of PKI allows them to offer unique signatures to each user, identify each signer, and establish confidentiality between people who’ve never even met.
The security focus has translated to the cloud as well, where users have a homogenous set of information that can’t be differentiated and everything is separated by easily obtainable login passwords. The solution to this, Shaikh believes, is to keep individual identity separate from corporate identity. To protect everyone’s data, Esign Inc.’s encrypted cloud not only encrypts the information in the cloud, but also issues a key to each person to let them control their own information. Once again, the focus is at a smaller level, encrypting smaller pieces within the cloud rather than all of the cloud to make it more difficult for hackers to access user data.
Breathing Life into Versatile Ideas
Security is an important aspect of Esign Inc.’s solutions, but it isn’t the only thing they’re bringing to the table. “The third element we’re dealing with is mobility. That means accessing the information on a desktop computer, a laptop computer, or a cellphone,” clarifies Shaikh. One example of this is Esign Inc.’s Bring Your Own Device (BYOD), which aims to make the popular trend more secure by associating every phone with a digital certificate.
When looking at this one-of-a-kind mobility, one has to consider the range of industries that this technology can be deployed in. Iterations of Esign Inc.’s software can be applied to the health, law enforcement, and commercial sectors respectively. One example of solutions with mobility is Orange Cards, which store patient data in personal health record repositories behind unique 27 digit pins. Now rather than having to call local doctors to have them fax over patient documents, physicians can view an encrypted versions of the information and offer quick, effective care no matter where their patients are from via a form of identification that is easy to carry no matter where they go.
"Everyone knows data is sacred, and everyone is applying solutions that are ‘customized’"
Taking the Final Step
Esign Inc. has a variety of brilliant, unique solutions under their belt but aren’t quite ready to deploy them yet. “Right now, we’re looking to partner with some of the co-founders so that we can bring people with more specific knowledge of each particular type of workflow. Then we can integrate our backend with some of those workflows and come up with a system,” explains Shaikh. The idea is that if Esign Inc. can find a lot of partners and co-founders, they can apply their ideas of encryption/decryption and secure storage to multiple workflows.
“Everyone knows data is sacred, and everyone is applying solutions that are ‘customized.’ What we have done is created small solutions and implemented them to show they can be used. It is not a figment of imagination,” explains Shaikh. With these solutions, e-commerce entities can grant the same PCI compliant protection they have for themselves to their customer. In the case of ClerkePass, the county clerk can sign legal documents with unique digital signatures. With CourteOrders, judges and sheriffs can sign legal documents with unique digital signatures thus eliminating the need for other parties to show up and have them physically sign on paper.
All in all, Esign Inc. is plodding towards its ultimate goal of an enterprise-wide, PKI-based depository. With several solutions, it is practically inevitable that Esign Inc. will make tremendous changes while incorporating the elements of security, mobility and the cloud. “My advice to every young entrepreneur is to keep your eyes and ears open, look at what is happening, and find the problem and come up with the solution. Small solutions ultimately lead to a better understanding of the system,” concludes Shaikh.