A digital signature is a set of data associated with a message that ensures the identity of the signer and the integrity of the message. The digital signature does not imply that the message is encrypted, meaning that this cannot be read by others.
Security issues without digital signature
Theory rather than the absence of digital signature mechanisms has caused and continue to cause serious economic harm to organizations. Some examples:
Banks must repay money stolen from online customers. Loss of users would amount to $600 million. About 700 complaints have been made by subtraction of resources through electronic banking.
How digital signatures solve these problems?
The digital signature replaces the use of username and password that is traditionally used in Web systems. The private key is very different from a username beginning because the user must remember or worse targeting the key somewhere private as this is a hundred-digit number that is stored in a device safe (token or smart card).
These devices are "tamper-proof" which means that the certificate and private key cannot be copied or exported, besides the device is password-protected so that only can be used by the user.
The use of digital signatures for online transactions ensuring the integrity, non-repudiation and authenticity of transactions as described below:
Transaction Integrity: The digital signature can determine at any time that the transaction data have not been modified. Although SSL helps ensure data integrity during transmission, the digital signature can also ensure the integrity of the data once they are stored on the server, ie the digital signature is persistent.
Authenticity: The digital signature guarantees the identity of the issuer of the transaction because the digital signature is generated by a unique private key that only the user possesses and that is stored on the device password protected. This ensured that no one else can generate transactions impersonating the user and that another person would require the device and the legitimate user's password.
Non-repudiation of user: The user cannot deny that a transaction digitally signed and that only has the device with the private key that generated the digital signature and it is password protected.
Non-repudiation of the system: It is possible that the system generates a digitally signed receipt of the transaction receipt. This receipt serves the client to prove that he made the transaction.
1 Response to What Is Digital Signature?
The concept of digital signature is very interesting and is used internationally by many business organization. After reading the complete information that you have posted in this article I find this post very useful. Thank you so much for sharing the security issues that may arise without this scheme.
what is a digital signature
Post a Comment