A signature, in a layman's sense, is a mark made with the intention of authenticating a marked document in order to prevent inconsiderate engagements. The signature may not be a part of the substance during a transaction, but it calls for its authentication process.
In a broader sense, a signature is the indication that a transaction has been completed successfully. It authenticates a writing by identifying the signer who makes the mark, calls for legal significance of the document, and helps prevent fraud and impersonation.
A Digital Signature expresses the willingness of the signer and projects the legal significance of the document. It imposes clarity and finality of the transaction.
Though this is the basic process of any transaction, the techniques have evolved with technology. Computer-based transactions hold the key among the latest innovations, and the Internet is the most preferred media for smooth international transaction these days.
Digital signature technology is a robust computer-based alternative to conventional methods. It surpasses the conventional paper technology and invites the use of the cryptographic techniques.
In a digital set-up, computers read digital information and take programmed actions accordingly. Therefore, signatures may well include diversified markings as digital images of paper symbols and keyed in notations.
Digital signatures are framed and verified using public key cryptography. This involves transforming and receiving messages and the like to unintelligible forms and back. A computer algorithm consisting of different, but mathematically related keys, is relied upon.
The two keys are corresponding to creation and verification of the digital signature. The public key is made available to concerned parties. One cannot access the private key from the knowledge of public key. The computer-based equipment that utilize this principle are collectively called asymmetric crypto system.
To sign a document, the signer first delimits the message. A hash function in the signers software computes a hash result unique to the message that is transformed by the software into a digital signature using his private key. This unique signature is attached to the message and is transmitted.
The digital signature is verified by computing the new hash value from the received message by means of the same hash function. A hash function is essentially an algorithm used to create a digital representation in the form of a hash value of standard length (usually much smaller than the message). Any change in the message produces a different hash value.
From the knowledge of the public key and the hash value, the verifier checks whether the newly computed hash value matches with the original one to confirm the digital signature. The software verifies whether the signers private key has been used to digitally sign the message.
Thus, by computing the hash value from the message at hand, information regarding the correctness of the received message can be obtained. The process of creating and verifying digital signatures provide a high degree of assurance, without adding to resources for processing messages.
The likelihood of a system malfunction is remote compared to paper signatures being forged. In a transaction, each party can communicate his public key of the pair to other concerned parties even at great geographical distances.
Communicating the public key through channels like telephone and the internet may not be secure always, as these can be tampered with. To prevent fraud and ensure integrity of the public key, services of one or more third parties may be called for.
The trusted party, called the certification authority, certifies that the public key is referred to, is of the prospective signer or subscriber identified in the certificate. The certificate reveals a public key to a recipient desiring to rely upon a digital signature can make use of.
It guarantees that the corresponding private key belongs to the subscriber mentioned in the certificate and that the digital signature was created by the same subscriber. To ensure authenticity, the certification authorities digitally sign the certificate.
In case the subscriber loses control of a private key, the certificate becomes unreliable. Under such circumstances, the certification authority invalidates the certificate and issues a notice to the concerned parties regarding this.
Digital signatures, if properly implemented, facilitate secure digital transactions and minimize the risks in dealing with off shore companies. These are an excellent alternative to paper counterparts.