Non-repudiation

Non-repudiation

Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance the authenticity is being "repudiated".

Contents

Non-repudiation in digital security

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1]

  • A service that provides proof of the integrity and origin of data.
  • An authentication that with high assurance can be asserted to be genuine.

Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.

The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. They can also be used for encryption. The digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.

Trusted third parties (TTPs)

The ways in which a party may attempt to repudiate a signature present a challenge to the trustworthiness of the signatures themselves. The standard approach to mitigating these risks is to involve a trusted third party.

The two most common TTPs are forensic analysts and notaries. A forensic analyst specializing in handwriting can look at a signature, compare it to a known valid signature, and make a reasonable assessment of the legitimacy of the first signature. A notary provides a witness whose job is to verify the identity of an individual by checking other credentials and affixing their certification that the party signing is who they claim to be. Further, a notary provides the extra benefit of maintaining independent logs of their transactions, complete with the type of credential checked and another signature that can independently be verified by the preceding forensic analyst. For this double security, notaries are the preferred form of verification.

On the digital side, the only TTP is the repository for public key certificates. This provides the recipient with the ability to verify the origin of an item even if no direct exchange of the public information has ever been made. The digital signature, however, is forensically identical in both legitimate and forged uses - if someone possesses the private key they can create a "real" signature. The protection of the private key is the idea behind the United States Department of Defense's Common Access Card (CAC), which never allows the key to leave the card and therefore necessitates the possession of the card in addition to the personal identification number (PIN) code necessary to unlock the card for permission to use it for encryption and digital signatures. No practical solution yet exists to the digital equivalent of the problem that notaries address with physical signatures.

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Non-repudiation — Non répudiation La non répudiation est le fait de s assurer qu un contrat, notamment un contrat signé via internet, ne peut être remis en cause par l une des parties. Dans l économie globale actuelle, où les parties ne peuvent souvent pas être… …   Wikipédia en Français

  • Non-répudiation — La non répudiation est le fait de s assurer qu un contrat, notamment un contrat signé via internet, ne peut être remis en cause par l une des parties. Dans l économie globale actuelle, où les parties ne peuvent souvent pas être face à face pour… …   Wikipédia en Français

  • non-répudiation — ● n. f. ►NET Assurance qu un message est bien parti d un émetteur spécifié pour arriver à un récepteur lui aussi spécifié. En fait, c est surtout l émetteur qui est visé, il ne peut pas répudier son message, i.e. dire qu il ne l a pas envoyé …   Dictionnaire d'informatique francophone

  • Répudiation — La répudiation est l acte par lequel l un des époux d un couple, décide unilatéralement de rompre le mariage qui les lie. Elle est autorisée dans l Islam. Informatique La non répudiation : Assurance qu un message est bien parti d un émetteur …   Wikipédia en Français

  • non — ● préposition ►LOGIQUE ● 1. Le non logique: si c est vrai alors c est faux et si c est faux c est l inverse, donc c est vrai car c est pas faux. Logique. ● 2. Non peuplé: Voir peuplé. Non entrelacé: Voir entrelacé. Voir aussi: non ASCII, non… …   Dictionnaire d'informatique francophone

  • Répudiation (islam) — Répudiation dans l islam Les règles pour le talâq (طلاق, traduit en français par « répudiation » [1]) comprend toutes les formes de rupture volontaire du mariage [1]. Ces règles varient parmi les différentes madhhab (écoles juridiques) …   Wikipédia en Français

  • Répudiation dans l'islam — Les règles pour le talâq (arabe : طلاق, traduit en français par « répudiation » [1]) comprend toutes les formes de rupture volontaire du mariage [1]. Ces règles varient parmi les différentes madhhab (écoles juridiques). Les chiites …   Wikipédia en Français

  • répudiation — (ré pu di a sion ; en vers, de six syllabes) s. f. 1°   Action de répudier. Répudiation de succession. 2°   Action de renvoyer légalement une épouse. •   Selon le témoignage de ce grave auteur [Castelnau], la répudiation [de Catherine d Aragon… …   Dictionnaire de la Langue Française d'Émile Littré

  • repudiation —    The act by one party to a contract of informing the other party that the first party does not intend to honor the contract. Repudiation may also involve the denial of the existence of a contract; it is an anticipatory breach. In more general… …   Business law dictionary

  • Non-compete clause — Contract law Part …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”