What Is Digital Signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender, and that the message was not altered in integrity.
It’s the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions or digital messages.
History Of Digital Signature
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures(although only as a proof-of-concept – “plain” RSA signatures are not secure). The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures, Merkle signatures (also known as “Merkle trees” or simply “Hash trees”),and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the GMR signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack, which is the currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but rather on a family of function with a much weaker required property of one-way permutation was presented by Moni Naor and Moti Yung.
Source: History Of Digital Signature
Digital Signature Algorithm
There are three algorithms of digital signature-
- A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
- A signing algorithm that, given a message and a private key, produces a signature.
- A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message’s claim to authenticity.
Uses Of Digital Signature
Industries use digital signature technology to streamline processes and improve document integrity.
Digital signatures are used by governments worldwide for a variety of reasons, including processing tax returns, verifying business-to-government (B2G) transactions, ratifying laws and managing contracts. Most government entities must adhere to strict laws, regulations and standards when using digital signatures.
Digital signatures are used in the healthcare industry to improve the efficiency of treatment and administrative processes, to strengthen data security, for e-prescribing and hospital admissions. The use of digital signatures in healthcare must comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Manufacturing companies use digital signatures to speed up processes, including product design, quality assurance (QA), manufacturing enhancements, marketing and sales.
4. Financial services
The U.S. financial sector uses digital signatures for contracts, paperless banking, loan processing, insurance documentation, mortgages and more.
Cryptocurrencies. Digital signatures are also used in bitcoin and other cryptocurrencies to authenticate the blockchain.
Importance Of Digital Signature
Agreements and transactions that were once signed on paper and delivered physically are now being replaced with fully digital documents and workflows as more businesses are conducted online.
In addition to protecting sensitive online data, digital signatures do not impede the effectiveness of online document workflows; in fact, when compared to paper processes, they often help improve document management. When digital signatures are in place, signing a document becomes simple and can be done on any computer or mobile device. And, since the digital signature is embedded in the file, it can be used anywhere it is transmitted and on any device.
Types Of Digital Signature
There are three types of digital signature-
1. Simple electronic signature
In simple electronic signature, you receive an email with an attachment. They have pre populated the document with a name where it needs to be signed. You select a generated signature image and click a button to confirm you are happy before returning it.
The document is now electronically signed by that person, regardless of who completed the process.
2. Advanced electronic signatures
This type of signature requires a key or certificate associated with it that needs to be linked by an electronic identifier (identity) of the signatory. This could easily be illustrated by having an application on your mobile phone that a signatory needs to use in order to validate that their signature on an electronic document was actually done by themselves.
3. Qualified electronic signatures
This is an electronic version of having your signature witnessed ‘as done on pen-and-paper’. It’s the same as an advanced e-signature with the added security of electronic validation of the signature by a third party Trust Service Provider (TSP).
Is Digital Signature Legal Or Not ?
Digital signature is legal or not is depends on the situation and countries. In many countries, including the United States, digital signatures are considered legally binding in the same way as traditional handwritten document signatures. Electronic signatures, which demonstrate an individual’s intent to agree to something, aren’t new. Their acceptance and use in many countries around the world have been widespread for years. Hundreds of millions of users worldwide are comfortable signing documents electronically.
Type of Digital Signature Certificates
There are three types of digital signature certificates-
Sign DSC can only be used for signing documents. The most popular usage of is signing the PDF file for Tax Returns, MCA and other websites. Signing via DSC gives the assurance of not only the integrity of the signer but also the data. It is proof of untampered and unaltered data.
Encrypt DSC can only be used to encrypt a document, it is popularly used in the tender portal, to help companies encrypt the documents and upload. You could also use the certificate to encrypt and send classified information. Encrypt DSC is fit for e-commerce documents, legal documentation and sharing documents that are highly confidential and contains information that needs to be protected. We are selling Encrypt certificate as a standalone product as well.
3. Sign & Encrypt
Our Sign & Encrypt DSC can be used for both signing and encrypting. It is convenient for users who need to authenticate and maintain the confidentiality of the information shared. Its usage includes filing government form and application.
Validity of the Certificate
You could buy certificates with a validity up to three years. (The validity is controlled by law, and you cannot buy certificates more than three years and less than One year validity).
Which Section Is Applicable In False Digital Signature
Section 73 is applicable in false digital signature according to the section 73-
(1) No person shall publish an Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that
(a) the Certifying Authority listed in the certificate has not issued it; or
(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
The suspect of section 73 shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.