Uses of Digital Signatures

Digital Signatures are an answer to security and confidentiality issues in electronic communication. They come in handy in several ways…

 With the advent of electronic filing of income tax returns, digital signatures are becoming objects of curiosity. For Corporates, e-filing is mandatory and the quickest way to sign the return would be using a digital signature. In fact, even individuals have begun signing their tax returns digitally. Certain service providers are authorised by the government to use bulk digital signatures. In such cases, Corporates may have a tie-up with the service provider for hundreds of their employees. Authorised e-return intermediaries apply a single digital signature to hundreds of returns and file the returns electronically. This saves money both for the Corporate and its employees. It also saves precious processing time for the service provider by eliminating the need to verify physical or separate digital signatures for every individual employee.

 

Another use of digital signatures is to authenticate email communication. Reports, documents, employees’ Form 16 and other such official documentation may need to be signed for these to be used for business purposes or to be enforceable at law. They can then be emailed to the intended recipients. For instance, if your employer gave you a salary slip via MS Outlook but did not physically stamp and sign it, you may not be able to submit it to your next employer as part of your joining formalities. But if the salary slip was signed digitally, you would not need a physical stamp and signature of the authorised signatory. The digital signature would prove that the salary slip has been sent from the sender’s email address and its contents were not changed since the time it was created. If you forwarded the same to your new company, they would know that the document is authentic.

 As technology evolves and the way people do business gets more sophisticated, digital signatures are likely to be used in more creative ways, thereby maintaining integrity of electronic communication.

How do Digital Signatures work?

Being a technological concept, digital signatures are best explained (and understood) using examples.

Let’s say Bill needs to mail across a confidential report to Steve. To ensure that data security is not compromised with, Bill compresses the lengthy report into just a few lines using special software and then encrypts it using his private key. As the name suggests, it’s private—known only to Bill. Applying his private key to the encrypted document is what digital signature really is. He then sends it across to Steve, along with the public key.

Steve, in order to read the document’s contents, must first open the document in its compressed form. He uses the public key to do this and if he succeeds, it means that Bill had signed it, that the document contents have not been changed since the time of digitally signing it and that now Bill cannot claim that the document did not originate from him. Using special software, Steve decrypts the document contents in readable form, completing the process.

Digital Signature vs Digital Certificate

A Digital Signature is a signature that authenticates documents in electronic form the same way as a physical signature or thumb impression authenticates documents in hard copy (e.g. paper). The authentication is two-fold:

• Who the sender of the message or the signer of the document is, and
• That the message or document content has not been tampered with and that it has reached the intended recipient in the same form that it was sent.

A Digital Certificate, on the other hand, is like an electronic prepaid voucher. It contains the certificate holder’s name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures) and the Certifying Authority (CA)’s digital signature, to help the recipient verify that the certificate is genuine.

So while a Digital Signature is what confirms the document’s authenticity, a Digital Certificate contains this digital signature, among other components, and carries the signature’s validity period. To understand the difference better, when you purchase a digital signature from a Certifying Authority, what you get is the digital certificate. And when you want to sign an electronic document, you use the digital signature from this certificate and attach the public key. The recipient then uses this public key to check the veracity of the document.

What are Digital Signatures?

Digital Signatures are signatures in a cryptographic form which helps the sender and the receiver to be assured of a tamper proof document exchange. There are two components to it namely a"Private Key" and a "Public Key". The sender signs the document using his private key ensuring the safety of the document as the text are in an encrypted form. The receiver on the other hand uses the public key sent by the sender along with the document to decrypt it into a readable text format. This ensures the authenticity of the origination of the signature and the signor and assures that the document has not been tampered en-route.

Digital signature addresses the P.A.I.N areas i.e

P - Privacy

A - Authenticity

I - Integrity

N - Non Repudiation

In India, the Indian IT Act 2000 authorises the Controller of Certifying Authority(CCA) to license & regulate the working of the Certifying Authority (CA) who in turn issues the Digital Signature Certificate(DSC) for electronic authentication of users.