DIGITAL CERTIFICATE
A Digital Certificate is an electronic card, or
the digital equivalent of an identification card, that certifies online
transactions, e-commerce and other authentications on the Internet. A third-party
Certificate Authority (CA) issues a public key on high-volume ecommerce sites,
in emails send by financial services, banks and other online privacy-based
businesses. These certificates are meant to authenticate the legitimacy of the
communications, interactions and possible transactions between the sender and
the receiver on Websites, e-commerce portals, banking sites. These certificates
also authenticate casual surfing of portals, sites and forums.
BENEFITS OF
DIGITAL SIGNATURE
Communication
Security
Billions of emails are being transmitted over the
Web. For important communication between different entities, a Digital
Certificate is used as an attachment to an electronic mail message for security
purposes and to verify the authenticity of the senders.
Online
Banking
Online
banking would not be possible or acceptable by millions of customers without
Digital Certificates provided by specialized third-party companies or reputable
Certificate Authorities (CAs) such as VeriSign, DigiCert, Thawte and GeoTrust.
These certificates ensure the important variables of trust and integrity and
facilitate additional levels of protection for sensitive data exchange,
information access and transactions.
Facilitating
E-commerce
Millions
of Americans are shopping online and need to be sure that Websites, portals and
e-tailers' sites are secure and reliable. A Certificate Authority's secured
seal sign or a Secure Socket Layer (SSL) certificate enables encryption of
sensitive information on e-commerce sites and reassures customers about the
safety and trustworthiness of shopping, divulging credit card information or
doing business online.
Thwart
Online Threats
Regular
log-ins or sign-ins on Websites, portals, social media sites, processing
sensitive information such as licenses, addresses and birth dates are integral
daily online activities of millions of Internet users. To negate the increasing
perils and threats of online fraud and identity theft, the third party
certification authority provided in the form of Digital Certificates can be reassuring
for millions of Internet users and casual surfers.
Other
Advantages
Certificate
Authorities have extended the standard electronic authentication features of
Digital Certificates and leveraged their advantages beyond PCs to include
mobile phones, smart cards and other handheld devices.
DIGITAL SIGNATURE
A digital
signature is a mathematical technique used to validate the authenticity and
integrity of a message, software or digital document. It's the digital
equivalent of a handwritten signature or stamped seal, but it offers far more
inherent security. A digital signature is intended to solve the problem of
tampering and impersonation in digital communications.
Digital
signatures can provide evidence of origin, identity and status of electronic
documents, transactions or digital messages. Signers can also use them to
acknowledge informed consent.
How do digital
signatures work?
Digital signatures are based on public key cryptography, also
known as asymmetric cryptography. Using a
public key algorithm, such as RSA (Rivest-Shamir-Adleman), two keys are
generated, creating a mathematically linked pair of keys, one private and one
public.
Digital signatures work through public key cryptography's two mutually authenticating cryptographic keys. The individual who creates the digital signature uses a private key to encrypt
signature-related data, while the only way to decrypt that data is with the
signer's public key.
If the recipient can't open the document with the signer's public key,
that's a sign there's a problem with the document or the signature. This is how
digital signatures are authenticated.
Digital signature technology requires all parties trust that the
individual creating the signature has kept the private key secret. If someone
else has access to the private signing key, that party could create fraudulent
digital signatures in the name of the private key holder.
What are the
benefits of digital signatures?
Security is the main benefit of digital signatures. Security
capabilities embedded in digital signatures ensure a document is not altered
and signatures are legitimate. Security features and methods used in digital signatures
include the following:
·
Personal identification numbers (PINs), passwords
and codes. Used to authenticate and verify a signer's identity and approve
their signature. Email, username and password are the most common methods used.
·
Asymmetric cryptography. Employs a public
key algorithm that includes
private and public key encryption and authentication.
·
Checksum. A long string of letters and numbers that represents the sum of
the correct digits in a piece of digital data, against which comparisons can be
made to detect errors or changes. A checksum acts as a data fingerprint.
·
Cyclic redundancy check (CRC). An error-detecting code and verification feature used in digital
networks and storage devices to detect changes to raw data.
·
Certificate authority (CA) validation. CAs issue digital signatures and act as trusted third
parties by accepting, authenticating, issuing and maintaining digital certificates. The use of
CAs helps avoid the creation of fake digital certificates.
·
Trust service provider (TSP) validation. A TSP
is a person or legal entity that performs validation of a digital signature on
a company's behalf and offers signature validation reports.
Other benefits to using digital signatures include the following:
·
Timestamping. By providing the data and time
of a digital signature, timestamping is useful when timing is critical, such as
for stock trades, lottery ticket issuance and legal proceedings.
·
Globally accepted and legally compliant. The
public key infrastructure (PKI) standard ensures vendor-generated keys are made
and stored securely. Because of the international standard, a growing number of
countries are accepting digital signatures as legally binding.
·
Time savings. Digital signatures simplify the
time-consuming processes of physical document signing, storage and exchange,
enabling businesses to quickly access and sign documents.
·
Cost savings. Organizations can go paperless
and save money previously spent on the physical resources and on the time, personnel
and office space used to manage and transport them.
·
Positive environmental impact. Reducing paper use also
cuts down on the physical waste generated by paper and the negative
environmental impact of transporting paper documents.
·
Traceability. Digital signatures create an
audit trail that makes internal record-keeping easier for business. With
everything recorded and stored digitally, there are fewer opportunities for a
manual signee or record-keeper to make a mistake or misplace something.
What is an electronic signature?
We all
recognise and know that the classic signature is a handwritten representation
of a person's name and surname or title. Its legal nature is to verify a
person's identity, and it constitutes proof of consent, contractual status, and
endorsement of the information contained in a document.
An electronic signature does
exactly the same. It is an electronic indication of a person's intent
to accept the content of a document or a collection of data linked to
the signature.
Just like its
handwritten counterpart, an electronic signature is a legally recognised means
of stating the signer's intent to adhere to the terms of the document they have
signed.
The nature of
the "mark" or how it was made isn't important. What matters is
proving who made the mark and that the document hasn't been
modified subsequently.
Under the
above-mentioned European Union Regulation 910/2014, which defines and regulates electronic signatures in the European
Union, an electronic signature is the data "in electronic form
which is attached to or logically associated with other data in electronic form
and used by the signatory to sign".
Three types of electronic signature
eIDAS
Regulation defines three types of electronic signature: "simple"
electronic signature, advanced electronic signature and qualified electronic
signature.
The
requirements for each type are based on the requirements for the preceding
type. As such, a qualified electronic signature meets more requirements whilst
a "simple" electronic signature meets less.
Simple electronic signatures
An electronic
signature is defined, as we mention above, as "data in electronic form
which is attached to or logically associated with other data in electronic form
and which is used by the signatory to sign" (eIDAS Article 3).
Therefore,
something as simple as signing a document and sending a scanned
copy using an email account, username and password, or accepting the terms
and conditions of a website can constitute a simple signature.
There is a
logical association between the sending account (the email address) and the
signature. However, it doesn't actually prove who the signer really is.
That's why
this electronic signature, often referred to as 'simple', offers the
lowest level of security.
Advanced electronic signatures
An advanced
electronic signature is an electronic signature which meets the following
requirements:
1. uniquely links to the signer;
2. enables identification of the signer;
3. is created in such a way as to allow the signer to retain control;
4. is linked to the signed data in such a way that any subsequent
change to this data is detectable.
An advanced
electronic signature has a higher level of security than simple signatures.
Qualified electronic signatures
A qualified
electronic signature is an advanced electronic signature which additionally:
·
is created by a qualified
signature creation device;
·
and is based on a qualified
certificate for electronic signatures
The electronic
signature generated using electronic National Identity Documents and
electronic signature certificates stored on encrypted cards are examples of
this type of electronic signature.
Qualified
certificates for electronic signatures are provided by providers (public and
private) which have been granted qualified status by a national competent
authority as stated in the national "trusted lists" of the EU member
state.
Many providers
of qualified certificates will deliver the corresponding private key on a
qualified signature creation device.
Difference
between Electronic Signature and Digital Signature
|
S.No. |
ELECTRONIC SIGNATURE |
DIGITAL
SIGNATURE |
|
01. |
Electronic
Signature is a digital form of a wet link signature which is legally binding
and secure. |
Digital
Signature is a secured signature which works with Electronic signature and
rely on Public key infrastructure. |
|
02. |
It can
be a symbol, image, process attached to the message or document to recognize
the identity and to give consent on it. |
It can
be visualized as an electronic finger print which encrypts and identifies a
person’s identity. |
|
03. |
It is
used for verifying a document. |
It is
used for securing a document. |
|
04. |
The
validation of electronic signature is not performed by any trusted
certificate authorities or trust service providers. |
While
the validation of digital signature is performed by trusted certificate
authorities or trust service providers. |
|
05. |
It is
vulnerable to tampering. |
While
it is highly secure. |
|
06. |
Electronic
signature is not usually authorized. |
Digital
signature is usually authorized. |
|
07. |
Electronic
signature can not be verified. |
Digital
signature can be verified. |
|
08. |
Less
security features are involved in electronic signature. |
While
Digital signature is comprised of more security features. |
|
09. |
Verbal,
electronic ticks or scanned signatures are the common types of e-signature. |
Types
of digital signature include Adobe and Microsoft. |
|
10. |
It does
not incorporate any coding or standards. |
While
digital signature comes with encryption standards. |
What is Transaction security? what is public key infrastructure?
.png)
0 Comments