Digital Signatures and Certificates: Ensuring Authentication and Non-repudiation
Department or Administrative Unit
The AiCPA's 2007 Top Technology Initiatives named "identity and access management" and "securing and controlling information distribution" as the second and seventh most influential technologies, respectively. These technologies depend, in part, on policies, procedures, and practices that verify (authenticate) an individual's identity prior to granting access to digital resources, such as a computer network and the files it contains. Login names, passwords, and personal identification numbers (PIN) arc familiar and acceptable methods for implementing authentication policies.
The combination of a digital signature and certificate, however, provides a more secure authentication mechanism. When used to convey digital documents, the combination ensures that the document's content has not been altered, restricts document access to authorized individuals, and records who sent and received the document and when they did so. The latter feature improves on the common practices of either using PDF files or password-protecting Microsoft Office documents, which provide no assurances as to time or user identity. Used together, these features prevent the parties from repudiating their participation in a digital communication. Digital certificates, therefore, can play an important role in electronic contracts, maintaining adequate internal controls, and performing audits.
Tidd, R.R. & Heesacker, G. (2008). Digital signatures and certificates. The CPA Journal 78(5).
The CPA Journal
Copyright © 2008 The New York State Society of CPAs