What is Digital Signature


A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. As the digital equivalent of a handwritten signature or stamped seal, a digital signature offers far more inherent security, and it is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence of origin, identity and status of an electronic document, transaction or message and can acknowledge informed consent by the signer.


In many countries, including the United States, digital signatures are considered legally binding in the same way as traditional document signatures.

How digital signatures work

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm, such as RSA, one can generate two keys that are mathematically linked: one private and one public. (for more on Digital signatures work because public key cryptography depends on two mutually authenticating cryptographic keys. The individual who is creating the digital signature uses their own private key to encrypt signature-related data; the only way to decrypt that data is with the signer's public key. This is how digital signatures are authenticated.

Digital signature technology requires all the parties to trust that the individual creating the signature has been able to keep their own private key secret. If someone else has access to the signer's private key, that party could create fraudulent digital signatures in the name of the private key holder.

How to create a digital signature

To create a digital signature, signing software -- such as an email program -- creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature.
The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time as hashing is much faster than signing. The value of a hash is unique to the hashed data. Any change in the data, even a change in a single character, will result in a different value. This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash.

If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. If the two hashes don't match, the data has either been tampered with in some way -- integrity -- or the signature was created with a private key that doesn't correspond to the public key presented by the signer -- authentication.

A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply so the receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something -- assuming their private key has not been compromised -- as the digital signature is unique to both the document and the signer and it binds them together. This property is called nonrepudiation.

Digital signatures are not to be confused with digital certificates. A digital certificate, an electronic document that contains the digital signature of the issuing certificate authority, binds together a public key with an identity and can be used to verify that a public key belongs to a particular person or entity.

Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and nonrepudiation of communications and transactions conducted over the internet.

Classes of digital signatures
There are three different classes of Digital Signature Certificates:
·     Class 1: Cannot be used for legal business documents as they are validated based only on an email ID and username. Class 1 signatures provide a basic level of security and are used in environments with a low risk of data compromise.
·     Class 2: Often used for e-filing of tax documents, including income tax returns and Goods and Services Tax (GST) returns. Class 2 digital signatures authenticate a signee’s identity against a pre-verified database. Class 2 digital signatures are used in environments where the risks and consequences of data compromise are moderate.
·      Class 3: The highest level of digital signatures. Class 3 signatures require a person or organization to present in front of a certifying authority to prove their identity before signing. Class 3 digital signatures are used for e-auctions, e-tendering, e-ticketing, court filings and in other environments where threats to data or the consequences of a security failure are high.
Uses of digital signatures
Industries use digital signature technology to streamline processes and improve document integrity. Industries that use digital signatures include:
Government - The U.S. Government Publishing Office publishes electronic versions of budgets, public and private laws and congressional bills with digital signatures. Digital signatures are used by governments worldwide for a variety of uses, including processing tax returns, verifying business-to-government (B2G) transactions, ratifying laws and managing contracts. Most government entities must adhere to strict laws, regulations and standards when using digital signatures.
Healthcare - Digital signatures are used in the healthcare industry to improve the efficiency of treatment and administrative processes, to strengthen data security, for e-prescribing and hospital admissions. The use of digital signatures in healthcare must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Manufacturing - Manufacturing companies use digital signatures to speed up processes, including product design, quality assurance (QA), manufacturing enhancements, marketing and sales. The use of digital signatures in manufacturing is governed by the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) Digital Manufacturing Certificate (DMC).
Financial services - The U.S. financial sector uses digital signatures for contracts, paperless banking, loan processing, insurance documentation, mortgages, and more. This heavily regulated sector uses digital signatures with careful attention to the regulations and guidance put forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act), state UETA regulations, the Consumer Financial Protection Bureau (CFPB) and the Federal Financial Institutions Examination Council (FFIEC).


Comments

Post a Comment

Popular posts from this blog

What is Mimblewimble?

Image
Tested for decades, Mimblewimble uses elliptic-curve cryptography that requires smaller keys than other cryptography types. In a network that is using the Mimblewimble protocol, there are no addresses on the blockchain, and the network’s data storage is highly efficient. Mimblewimble needs about 10% of the data storage requirements of the Bitcoin network. This makes Mimblewimble highly scalable for storing the blockchain , significantly faster, and less centralized. Furthermore, the nature of the protocol allows for private transactions that are highly anonymous (more about this later). The birth of Mimblewimble Rejoice, Harry Potter fans! Another reference is coming from the movie fan world. The Mimblewimble Whitepaper   was first published on July 2016 in the Bitcoin research channel under the anonymous author name of Tom Elvis Judisor – the French name for Voldemort. Soon after the whitepaper was published – at the end of 2016 -, another anonymous user wit...
Read more

Use XcelToken Plus and visit great Nordic Fintech conference in Copenhagen!

Image
XcelToken Plus is adopted into usage on XcelTrip - an online travel booking platform where you can check-in at over 800,000 hotels and book tickets with over 400 airlines. But also XcelTrip has special offer for Blockchain & Crypto Influencers around the world. Book COPENHAGEN FINTECH WEEK 2019 Event via XcelTrip, just select the Departure airport Kastrup or Roskilde and Date of travel using XcelToken Plus. This year, Copenhagen FinTech Week welcomes more than 1000 attendees from all continents. Great opportunity to take part in sharing insights with the 60+ international Blockchain speakers gathered from over 15 different countries, to join keynotes and panels tackling hot Tech topics. Immerse yourself in the networking sessions and workshops which crafted for you, meet fantastic fintech startups showcasing and pitching on stage. The Copenhagen FinTech Week 2019 will be home to the brightest fintech minds from all over the world. Get the chance to network, exchang...
Read more

5 Things You Must Know About Croatian Culture

Image
Culture is everything in the Balkans. Croatian culture gets drummed into young people from an early age, an obvious hangover of centuries of occupation and having to fight for national existence. There is plenty to love in the culture, however, especially if you’re into red-and-white checkerboards. What makes the Croats stand out from the pack? In a part of the world where languages intertwine, and much of history is shared, it is culture that separates the Croats from their Slavic brethren. Here are the 5 things you must know about Croatian Culture before vacationing there: Red-and-white checkered everything If there is one thing that is synonymous with Croatia, it is the distinct red-and-white checkerboard design that is ubiquitous here. Whether it is adorning the jerseys of national sports teams, the faces of supporters or practically every flag in the country, there is nothing more Croatian than what the local people call the šahovnica (chessboard). The šahovnica has been ...
Read more