|
A device that uniquely identifies the
sender of an electronic message or document, based on public key
cryptography, The purpose of a digital signature is to guarantee that
senders of such messages really are who they claim to be, an increasingly
important concern for businesses considering e-commerce strategies.
Without such signatures it is hard to be sure that an e-mail is not
forget or that a web-based vendor of goods and services is trustworthy.
Digital
signatures are issued by certificate authorities such as veriSign, an
American company specialising in authenticating the digital identity of
people and organisations. Typically, a signature will contain the user's
name, a serial number, expiry dates and a copy of the certificate holder's
public key. It also contains the signature of the issuing authority to
verify that the certificate itself is real. Unfortunately, this system is
not yet bullet-proof. In early 2001, VeriSing was tricked into issuing two
certificates to someone falsely claiming to be a Microsoft employee, thus
potentially allowing them to issue malicious software or build fake websites
that appeared to have Microsoft's official seal of approval. |
