Whether receiving a document from a business partner, or downloading software from the internet, the ability to verify the integrity of a file is crucial. Documents that have been tampered with or created fraudulently pose a serious threat to any business.
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital file. With a valid digital signature, the recipient of a document has reason to believe a known sender created it, and prevents them from denying sending it (authentication and non-repudiation). Like a tamper-proof seal, it also indicates that the document was not altered during delivery (integrity).
By using a digital signature, the sender can additionally restrict who has access to the document. This is because digital signatures utilise public key cryptography. This relies on senders and receivers having two keys that are mathematically associated with each other so they can be used to encrypt messages. Each person has both a public and a private key. The sender encrypts the message with the receiver’s public key. The receiver then uses their private key to decrypt the document.
There are many scenarios where documents need to be shared but the authenticity of the content needs to be proved. Digital signatures are based on digital certificates. Digital certificates are verifiers of identity issued by a trusted third party, which is known as a certification authority (CA). This is similar to the way we use physical standard identification documents, such as driving licences, passports and employee ID cards. In these examples, the trusted third party is a government body or employer who issues identity documents on which others depend upon to verify that a person is who they claim to be.
As an example, if legal documents needed to be sent between organisations and their legal teams during a merger, the CA acts as a trusted third party between the two parties and verifies the signature which is then used to secure the document. The owner of the document controls the privileges afforded to the recipient, such as read only or collaboration. If collaboration is allowed, each party will sign their modifications using their digital signature. This provides strong control of a document’s life cycle. Using the merger example, if the merger fell through, the digital signature could be revoked, effectively destroying the document.
The forthcoming GDPR (General Data Protection Regulations) has put the need to identify, control and destroy sensitive data at the forefront of the minds of many business owners. These new regulations will become a key factor in every company’s data security compliance strategy. Implementing a digital signature strategy will make protecting sensitive data much easier and give data owners a greater sense of protection.
Read our press release for further insight into digital signatures.