PKI General Information
- Work well in conjunction with other security features such as sign on and password.
- Allow for encryption when embedded in an e-mail browser & the user invokes encryption.
- Provide secure access to a URL or Web site if the Web server is configured correctly.
- Provide digital signatures.
- Allow for non-repudiation.
- Allow for identity management.
PKI DOES NOT
- Act as a sole security feature on an application or Web site.
- Automatically encrypt all transactions from a device with a digital certificate installed.
A digital signature is not a digital picture of your signature. A digital signature is a method of linking your exclusive identity to an electronic document or transaction to accomplish what your written signature accomplishes on a paper document. According to the American Bar Association, a signature accomplishes several functions including but not limited to evidence, ceremony and approval of a writing.
A digital signature can be used to provide both signer and document authentication. Signer authentication is the ability to identify the person who digitally signed the document. Signer authentication protects against non-repudiation, meaning a signer cannot deny they signed a document or transaction. Document authentication ensures the information was not altered after it was digitally signed.
The need for digital signatures
When electronic documents are used to support a business or legal transaction, these documents may require a signature as an endorsement or authentication to be considered ?official? or ?authorized.?
Until now, when a signature was desired or required, electronic documents had to be converted to paper. Paper documents create a variety of problems that affect both the flexibility and speed of transactions. It also creates retention issues because the conversion to paper requires management of paper documents for their official life. With proper planning, the retention of electronic documents may occur automatically with the transaction. The nature of the transaction these documents support has not changed, but the environment in which the transaction is made is changing.
How digital signatures work
When a certificate holder applies a digital signature to information, the holder?s private key is used to create a hash value (character string) exclusive to the combination of their signature and the specific information. The certificate holder?s public key is available to the intended receiver (who also has a digital certificate) so the receiver can verify the information.
If the information was altered in any way, this hash value would not match and the information would be invalid and (in effect) lose the signature. Because it is impossible to derive one key (public or private) from having the other, a digital signature has great integrity. Consequently, it is more acceptable than other types of electronic signatures.