Digital Signatures and Certificates

By Tidd, Ronald R.; Heesacker, Gary | The CPA Journal, May 2008 | Go to article overview

Digital Signatures and Certificates


Tidd, Ronald R., Heesacker, Gary, The CPA Journal


Ensuring Authentication and Non-repudiation

The AICPA's 2007 Top Technology Initiatives named "identity and access management" and "securing and controlling information distribution" as the second and seventh most influential technologies, respectively. These technologies depend, in part, on policies, procedures, and practices that verify (authenticate) an individual's identity prior to granting access to digital resources, such as a computer network and the files it contains. Login names, passwords, and personal identification numbers (PIN) are familiar and acceptable methods for implementing authentication policies.

The combination of a digital signature and certificate, however, provides a more-secure authentication mechanism. When used to convey digital documents, the combination ensures that the document's content has not been altered, restricts document access to authorized individuals, and records who sent and received the document and when they did so. The latter feature improves on the common practices of either using PDF files or password-protecting Microsoft Office documents, which provide no assurances as to time or user identity. Used together, these features prevent the parties from repudiating their participation in a digital communication. Digital certificates, therefore, can play an important role in electronic contracts, maintaining adequate internal controls, and performing audits.

Legal Status

Digital signatures would not be implemented if their legal status was in doubt In the United States, the Electronic Signatures in Global and National Commerce Act (Public Law 106-229, 2000, www.ntia .doc.gov/ntiahome/frnotices/2002/esign /report2003/electronicsignaturesact.pdf) established the legal foundations for using digital signatures at the federal level. It provides, in part, that digital signatures have the same legal status as handwritten signatures in interstate and international commerce. At the state level, the National Conference on Commissioners on Uniform State Laws (NCCUSL) approved the Uniform Electronic Transactions Act in 1999 (www.ncsl.org /programs/lis/CIP/ueta.htm) and recommended it be enacted by all states. It also established a legal foundation for the use of digital documents and signatures. As of the end of the 2005 legislative season, only Georgia, Illinois, New York, and Washington had not enacted the act, but each of these states had other enabling legislation in effect.

Implementation Foundations

The mechanisms for implementing digital signatures have evolved to exploit the power of the new technologies known as "Web 2.0." The foundations for implementing this technology, however, have not changed significantly since explained by Fritz Grupe, Stephen G. Kerr, William Kuechler, and Nilesh Patel, in June 2003 ("Understanding Digital Signatures," The CPA Journal).

The process for implementing a digital signature requires two main components. The first is the public key infrastructure (PKI), which uses cryptography and generates two mathematically related digital keys. One is a private key, available only to the signer of an electronic document The other is a public key, available to anyone who needs to access a document signed by that signer's private key. The recipient who uses the public key to unlock the document knows that the message came from the person controlling the private key, and the underlying processes verify that the message content was not altered by anyone after it was sent.

The second component is a certificate authority (CA), a trusted, independent third party that issues the private and public key pair and a digital certificate on behalf of a message sender. Effectively, that certificate is attached to every message processed with the private key. Through this process the CA

* facilitates the distribution of the public keys to message recipients;

* assures the private key owner's identity (depending on the level of service subscribed to by the key owner); and

* verifies the private key's validity and revokes a private key's credentials when notified that the key's security has been compromised. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Digital Signatures and Certificates
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.