An Auditing Tool: E-signatures

The design of communication and interaction in the network and the computer. Above, e-commerce, buying and selling of goods and services and the transfer of funds, on digital communication. But the inter-and intra-company functions (such as marketing, finance, manufacturing, distribution and trade), trade and use of e-mail, EDI, file transfer, fax, video conferencing, workflow or interaction with a remote computer.

E-signature – the expression

A digital signature is an electronic version (Code) that the signature can be used for the identity of the sender of a message or a signed document, and to ensure that the original content of the message or document which was unchanged. Digital signatures are easily transportable, can not be imitated by someone else, and can be automatically schedule. The capacity that the original message suggested that the sender is not repudiation later.
A digital signature can be with any type of message, if it is encrypted or not, simply, that the recipient can not be sure of the identity of the sender and the message is intact. A digital certificate contains the digital signature of the authority issuing the certificate of the nature that anyone can understand that the certificate is a fact.
A formal definition: “(I) a value computed by an encryption algorithm and an annex with data, so that all recipients, the signature data for the origin and integrity.
(II) data in the Annex or cryptographic transformation of a unit of data to a data recipient to the proof of origin and data integrity and protect against forgery, eg by the recipient. ”
Source: IETF (http://www.ietf.org/rfc/rfc2828.txt).

E-signature – How it works (with PKI)

They believe that the draft treaty to your lawyer in another city. Do you want your lawyer to insurance, but what you have and it really is.

1. You copy the treaty (a bit) in an e-mail seen.

2. Using special software, you receive a message hash (mathematical summary) of the Treaty.

3. Then, using a private key that you already have a public-private key to the Authority chopped.

4. The hash code is your digital signature of the message. (Note that this will be different each time you send a message.)

At the other end, your lawyer, who receives the message.

1. To ensure that you are intact, and you, your lawyer a hash of the message.

2. Your lawyer, then, with your public key to decrypt the message hash or summary.

3. If the hash of the game, the message is valid.

E-signature – The facts we should all know,

For various definitions of the electronic signature and the legislation passed so far, almost everyone has tried to technology independence to the present. But in general, it is also that the use of PKI retrofit should be considered a method of creating an electronic signature (digital signature) in the world.
The use of PKI has several advantages over other methods, which seem to be practical and safe industry and business, such a solution. The simplicity of the distribution of keys, irreversible hash algorithms and the combination of keys, a person who uses digital certificates, part of the trust (certificate authority) are the main contributors to this recipe.
A certification authority (CA) digital certificate information in the certificate, verifies the accuracy of the data channel of the digital certificate of a public key certificate and key to this publication, with its repository.
By written agreements intelligent CA is also responsible for liability on the certification of participants and parties, while the Internet browser’s most popular email clients and providing mechanisms for trust in an explicit or implicit .
In such scenarios, it is very important for everyone to ensure that the licenses that trust and argues that if a CA trust and the issuance of the Authority does not expire and / or withdrawal. Add expressly approved a list of required operating system is no less of hara-kiri.
CA is given its certification (PA) and practice Statement (CPS) and other agreements as the agreement of the participants and confidence in the agreement. Equally important is the fact that all parties must understand and know exactly what benefits and guarantees in individual contracts.
The digital certificate ensures that the key pair of digital signature to the person, the information in the certificate. The certificate in May of integration of a person in a company as trustee. This shows the dependence of trust on the part must be the certificate authority (CA) and their capacity, the verification certificate of the CA. It is an accepted and recommended as best practice, not to trust a certificate, which can not be checked for its validity, which means that the CA should be the validation certificate online in real time . Just CA provides lists CRL is not good enough for serious business.
Trusting CA is always a deliberate decision and must be on a good knowledge of the security of the CA itself, policy and practice on the certificate life cycle management, to recruit persons with access to sensitive information and territories (physical access), segregation of duties of staff, etc, a person in need, a digital signature should not be on all legal and contractual details, however, the person will be easier when there is a certain unity, external audit and accreditation of CA to be certified as trustworthy.

Conclusion

There is no doubt that we have a long way to go in improving these technologies to ensure the comfort and confidence in the parts of doing business by electronic documents and transactions throughout the other in the world, there is more need for governance in a new area for us all. And I am also satisfied with this (site), technologies, opportunities for such research practices, information gathering and business with such a speed, which would not have been possible just a few decades.