Business Services Industry
Put Your John Hancock Here - electronic signatures
HR Magazine, Sept, 2000 by Bill Roberts
When you hear the term "digital signature," you may think of a digitized rendering of an actual pen-on-paper signature. But the kind of digital signature now gaining business acceptance for electronic transactions means something different. A digital signature is a unique piece of data embedded in a digital certificate, which allows a computer to verify that the person authorizing a transaction is who he says he is.
Digital certificates are based on standards issued by the International Telephone and Telegraph Consultative Committee, an international standards-setting body in Geneva. Digital certificates have been used for many years in various security settings, especially in government and the military. The explosion of electronic commerce over the Internet has given digital certificates a potentially broad commercial market.
Digital certificates carry two randomly generated, unique mathematical algorithms; one is called a public key and the other a private key. The certificate usually resides on the recipient's web browser, and the private key never leaves. A copy of the public key stays on the server that issued the certificate. The server could be part of a corporate network or could belong to a third-party issuer, often a firm specializing in digital certificate technology.
When the user needs to be authenticated for any reason-access to a network, verification of an e-mail or proof of identity on an electronically "signed" document-the browser notifies the server that holds the digital certificate. The server then sends the public key to the user's private key. If the two keys match, the server accepts the user as authentic. The server rejects a user without a private key or with a private key that doesn't match.
The private key also is used to encrypt message or documents, which can be decrypted by the public key on the other end after the recipient of the encrypted document uses his digital certificate to authenticate his identity. All these processes are transparent to users.
There are many variations of digital certificate technology. For example, instead of residing on the user's browser, the digital certificate and private key might reside on a crdit-card-size smart card that the user must insert into a reader to gain access to a network or to sign documents. The digital certificate also might be used in conjunction with an electronic rendering of the user's handwritten signature. In that case, the rendered signature is really just window dressing because the actual authentication would come from the digital certificate.
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- LIFO vs. FIFO: a return to the basics
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
- Design a commission plan that drives sales - Sales Commissions
Most Popular Business Publications
Content provided in partnership with
