Digital Signatures and Certificates: Ensuring Authentication and Non-repudiation

Document Type


Department or Administrative Unit


Publication Date



The AiCPA's 2007 Top Technology Initiatives named "identity and access management" and "securing and controlling information distribution" as the second and seventh most influential technologies, respectively. These technologies depend, in part, on policies, procedures, and practices that verify (authenticate) an individual's identity prior to granting access to digital resources, such as a computer network and the files it contains. Login names, passwords, and personal identification numbers (PIN) arc familiar and acceptable methods for implementing authentication policies.

The combination of a digital signature and certificate, however, provides a more secure authentication mechanism. When used to convey digital documents, the combination ensures that the document's content has not been altered, restricts document access to authorized individuals, and records who sent and received the document and when they did so. The latter feature improves on the common practices of either using PDF files or password-protecting Microsoft Office documents, which provide no assurances as to time or user identity. Used together, these features prevent the parties from repudiating their participation in a digital communication. Digital certificates, therefore, can play an important role in electronic contracts, maintaining adequate internal controls, and performing audits.


This article was originally published in The CPA Journal. The full-text article from the publisher can be found here.

Due to copyright restrictions, this article is not available for free download through ScholarWorks @ CWU.


The CPA Journal


Copyright © 2008 The New York State Society of CPAs