June 21, 2011
All too often I read articles that use the terms digital signatures or electronic signatures as if they were the same thing — which they are not. It will be useful to briefly point out and clarify the significant differences between the two terms for ease of future discussions.
The term electronic signatures relates to any type of electronic data.The US Code defines the electronic signature as any electronic process, sound, or even symbol that is added to a document and relates to a person. Although they are easy to implement (something as simple as a typed name can serve as one), electronic signatures are vulnerable to forgery and tampering as there is nothing to prevent one individual from typing another individual’s name. Unless the electronic signatures incorporate additional measures of security, they are considered an insecure way to sign documents.
The digital signature belongs to a sub-group within the electronic signatures category; it applies cryptographic operations and uses scientifically founded technology for the highest level of security.The idea of digital signatures originated from Whitfield Diffie and Martin E. Hellman’s seminal paper New Directions in Cryptography (1976). In this paper, they discussed theories of communication and computation in relation to cryptographic issues, suggested ways to minimise the need for a secure key distribution channel, and implemented the equivalent to a written signature.
Years later, the new class of encryption algorithms evolved into digital signature user-based PKI technology that provides each user with an exclusive signing key (digital ID) which is unique to both the document and the signatory, and accessible only to that user. The signed document is sealed, and any changes made to the document after it is signed invalidate the signature. This secure implementation, therefore, certifies the signatory’s authenticity, accountability, data integrity, and establishes a basis for non-repudiation of documents and transactions.
Till next time,