There is a palpable shift from paper-based transactions to paperless transactions as more and more people go the e-way. But the challenge is to carry out these transactions in a secure and authenticated way. Digital signature technology helps overcome this by maintaining security and authenticity of transactions, and at the same time making them simpler and faster.

As we enter the virtual world, having a digital identity digital signature will become necessary to authorise transactions and communications in a faster and easier way.

There is no way through which a sender’s information or identity can be confirmed if an individual chooses the conventional method of sending messages or undertaking transactions. On the other hand, digital signatures can be used to authenticate the source of messages. As the ownership of a digital signature key is attached to a specific user, a valid signature emphasises the real identity of the sender. Most importantly, a digital signature helps in maintaining data integrity.

Considering the pace and criticality of transactions and the increasing incidences of fraud, there is a constant pressure to safeguard businesses against fake activities and misuse. The availability of digital signatures at an affordable price makes it easier for both individuals and organisations to transact online in a secure manner.

What are Digital Signatures?

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived in tact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

The intricacies of digital signatures

Embedding digital identities, particularly digital signatures, with product and service solutions is becoming increasingly important to transaction in banks worldwide. Digital signatures are based on public key infrastructure (PKI) and provide organisations with the ability to digitally sign transaction instructions at the user-level. They are the single most secure form of transacting currently available and cannot be hacked as other forms of security because they require users to be in physical possession of a PKI card as well as a password.

Public key infrastructure is a cryptography based on a concept of key pairs (private and public key). Public and private key pairs are nothing but large prime numbers generated by a mathematical algorithm. The key pairs are used for both signing and encrypting the message. Both use cryptography (technology). Public key of an individual is made known to receivers while the private key is kept confidential. Private key helps prove unequivocally that you are who you claim to be. PKI brings in authentication, confidentiality, integrity and legal non-repudiation in electronic transactions.

Generation of digital

signature

Digital signatures verification: By combining all elements of PKI, digital signatures are legally binding in more than 200 countries globally and can replace hand-written signatures. Furthermore, digital signatures stored on two-factor security devices such as chip and PIN technology enforces non-repudiation.

Certificates and certificate authorities: The effectiveness of digital signatures (and public key systems in general), however, depends on the integrity of the public key and on the fact that some verification has initially been performed to associate the public key to its rightful owner. This can be achieved with the use of digital certificates. A digital certificate is an electronic document that binds an identity to a public key. It contains certain information such as name of the owner, validity period of the certificate, the public key and other relevant information.

This set of information is verified by a certificate authority (CA), which digitally signs the certificate using the CA’s private key to affirm the integrity of the certificate. A person who obtains a public key from a certificate issued by a CA can then rely on the fact that the CA has performed the necessary verification of the identity of the key owner and rely on this knowledge to transact using the keys. The CA thus acts as a “trusted” party and itself must maintain a very high level of security to protect its own private keys and to maintain the list of valid certificates issued. The public CA’s in India are licensed by the Controller of Certifying Authorities and certificates issued by the public CA’s would usually be accepted by any relying party in the Country.

The writer is managing director & CEO, 3i Infotech Consumer Services