Digital signature and Certificate

 

Digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications.

Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions or digital messages. Signers can also use them to acknowledge informed consent.

In many countries, including the United States, digital signatures are considered legally binding in the same way as traditional handwritten document signatures.

​

How do digital signatures work?

​

Digital signatures, like handwritten signatures, are unique to each signer. Digital signature solution providers, such as DocuSign, follow a specific protocol, called PKI. PKI requires the provider to use a mathematical algorithm to generate two long numbers, called keys. One key is public, and one key is private.

When a signer electronically signs a document, the signature is created using the signer’s private key, which is always securely kept by the signer. The mathematical algorithm acts like a cipher, creating data matching the signed document, called a hash, and encrypting that data. The resulting encrypted data is the digital signature. The signature is also marked with the time that the document was signed. If the document changes after signing, the digital signature is invalidated.

As an example, Jane signs an agreement to sell a timeshare using her private key. The buyer receives the document. The buyer who receives the document also receives a copy of Jane’s public key. If the public key can’t decrypt the signature (via the cipher from which the keys were created), it means the signature isn’t Jane’s, or has been changed since it was signed. The signature is then considered invalid.

To protect the integrity of the signature, PKI requires that the keys be created, conducted, and saved in a secure manner, and often requires the services of a reliable Certificate authority . Digital signature providers, like DocuSign, meet PKI requirements for safe digital signing.

​

Types of Digital signature

 

3 types of digital signature are being used mentioned

Class 1:

It provides the assurance that information provided in the document or digital data or message provided by the owner should not conflict with the information in the well-recognized database. It can be issued for both individual and professional use. It is used to provide a basic level of assurance that is relevant to environments where there are risks and data compromise sequences. Still, they are not considered to be of major significance.

Class 2:

It is being issued for both personal and private individuals. It can include the transactions having a substantial value of risk or fraud. It can also include access to private information, and access to malicious is substantial. It is also used to confirm that the owner’s information should not conflict with other well-informed or recognized databases.

Class 3:

It is also being used or issued to organizations and individuals as well. This provides high-level security for the data. The threats to data are at high risk, or the failure of security services is also high, and its results are significant. It also includes high-level transactions, or the level of fraud risk is high.

 

Uses for digital signatures

 

Industries use digital signature technology to streamline processes and improve document integrity. Industries that use digital signatures include the following:

• Government. The U.S. Government Publishing Office (GPO) publishes electronic versions of budgets, public and private laws, and congressional bills with digital signatures. Digital signatures are used by governments worldwide for a variety of reasons, including processing tax returns, verifying business-to-government (B2G) transactions, ratifying laws and managing contracts. Most government entities must adhere to strict laws, regulations and standards when using digital signatures. Many governments and corporations also use smart cards to ID their citizens and employees. These are physical cards endowed with a digital signature that can be used to give the cardholder access to an institution's systems or physical buildings.

• Healthcare. Digital signatures are used in the healthcare industry to improve the efficiency of treatment and administrative processes, to strengthen data security, for e-prescribing and hospital admissions. The use of digital signatures in healthcare must comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

• Manufacturing. Manufacturing companies use digital signatures to speed up processes, including product design, quality assurance (QA), manufacturing enhancements, marketing and sales. The use of digital signatures in manufacturing is governed by the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) Digital Manufacturing Certificate (DMC).

• Financial services. The U.S. financial sector uses digital signatures for contracts, paperless banking, loan processing, insurance documentation, mortgages and more. This heavily regulated sector uses digital signatures with careful attention to the regulations and guidance put forth by the Electronic Signatures in Global and National Commerce Act (E-Sign Act), state Uniform Electronic Transactions Act (UETA) regulations, the Consumer Financial Protection Bureau (CFPB) and the Federal Financial Institutions Examination Council (FFIEC).

• Cryptocurrencies. Digital signatures are also used in bitcoin and other cryptocurrencies to authenticate the blockchain. They are also used to manage transaction data associated with cryptocurrency and as a way for users to show ownership of currency or their participation in a transaction.

 

What is a Digital Certificate and How it Works

​

Digital certificate are essentially digital identification cards. They are issued by specific government bodies or certificate authorities after carefully verifying the individual’s identity and making sure that they meet all requirements for the certificate. Digital Certificates are essentially used to verify the owner’s identity when it is presented to others.

When a document is signed with a digital certificate, the relying party can be guaranteed of their authenticity because the certificate authority has done its job in verifying the individual’s identity.

 

Reasons to use a Digital Certificate

 

• It holds personal information by which the owner’s identity can be verified.

• The issuing authority can also be contacted.

• Digital certificates are difficult to tamper with or duplicate.

• If the identification is misused, the issuing authority can revoke it.

• Revocation can be easily checked by contacting the issuing authority.

​