Grady Paul Gaston – The Pioneer of Digital Signatures

New Clients

Grady Paul Gaston, III and his team were in the midst of deploying the US Army Corps of Engineers (USACE) financial management system (CEFMS) in the mid-1990s when opportunity knocked. As it turns out, the Electronic Signature (ESIG) was being hailed as the first and only legally binding digital signature solution sanctioned by the Governmental Accountability Office (GAO). In other words, ESIG became the go-to solution. When other government agencies would ask for guidance, GAO would point to ESIG. Grady Gaston was first approached by the US State Department to put the ESIG technology in the financial system for all the American Embassies, then by the US Census Bureau.

Grady Gaston could already see the growing potential for this technology. However, there were few problems to overcome. First, it took too long to make the technology portable. It took six months to port the ESIG technology to the State Dept and three months to port it to the US Census Bureau. He needed a drop-in product. Secondly, the cost was prohibitive for most agencies.  With the cryptographic boards, keyboard intercepts, and Key Translation Centers, the cost was around $500 per workstation in 1990s dollars. In addition, there was no solution for laptops without purchasing a Signettm device that Gaston’s company developed.  The device was an encased cryptographic module that connected to the laptop’s port. It had its own keyboard just to enter the PIN for the smartcard.

The Drop-In Solution

An algorithm invented back in the 1970s by MIT professors turned out to be the answer. When professors, Rivest, Shamir and Alderman (RSA) invented their algorithm, they called it, “a solution in search of a problem.” It works by encrypting data with one key and decrypting it with another. This made it possible to freely give out your decrypting key, but only you could use your encrypting key. This is called the public key /private key pair and is generated by special computers called Certificate Authorities (CAs).  This eliminated the need for cryptographic hardware modules, keyboard intercepts, and Key Translation Centers, thus bringing the cost per workstation down from hundreds of dollars to just pennies.

By combining the ESIG signing solution with the RSA algorithm Gaston’s team developed a drop-in product called “DBsign”, short for Database Signing. Gaston’s solution signs the data as it resides in the database. The philosophy behind DBsign(R) is to ensure the integrity of the data and the software systems that rely on it, and to hold responsible the users who sign the data.  The signature will either verify or fail based on the data in the database, not offline, stored documents. However, DBsign® has a solution for PDF documents also. 

The next big milestone was the deployment of the Common Access Card (CAC) throughout the entire Department of Defense. This meant that every military, civilian, and contractor had a smartcard with the public key/private key pair. With DBsign out of the gate first, defense agencies were automatically choosing DBsign to CAC-enable their applications.

When Northrop Grumman chose DBsign to be the signature methodology for the Defense Travel System in 2003, it became the de facto standard for the Department of Defense, and the rest is history.

Today, trillions of dollars of financial transactions have been signed by DBsign® as well as other data such as medical records, access control, personnel records, etc. There are four million active users of DBsign® at any given time.