nonrepudiation

To repudiate means to deny. For many years, authorities have sought to make repudiation impossible in some situations. You might send registered mail, for example, so the recipient cannot deny that a letter was delivered. Similarly, a legal document typically requires witnesses to signing so that the person who signs cannot deny having done so.

On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.

Since no security technology is absolutely fool-proof, some experts warn that a digital signature alone may not always guarantee nonrepudiation. It is suggested that multiple approaches be used, such as capturing unique biometric information and other data about the sender or signer that collectively would be difficult to repudiate.

Email nonrepudiation involves methods such as email tracking that are designed to ensure that the sender cannot deny having sent a message and/or that the recipient cannot deny having received it.

Read more about nonrepudiation: - Wikipedia has an entry about nonrepudiation. - Cryptographic expert Bruce Schneier explains why "Digital Signatures Are Not Signatures." - First Monday explores 'Nonrepudiation in the Digital Age.'

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG PKI and Digital Certificates,   Enterprise Identity and Access Management,   User Authentication Services,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Portable security storage device could replace OTP devices A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around... What is most misunderstood about EV SSL certificates? Are there any calculators to help estimate log generation based on number of devices and best practices? VeriSign addresses MD5 flaw VeriSign is moving completely to the new SHA-1 hash function to avoid a vulnerability affecting SSL certificates. Microsoft and Mozilla also weighed...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary authentication server  (SearchSecurity.com) An authentication server is an application that facilitates authentication of an entity that attempts to access a network...(Continued) Certificate Revocation List  (SearchSecurity.com)