140:, useful when the communicating parties have arranged to use a shared secret that they both possess, does not give non-repudiation. A misconception is that encrypting, per se, provides authentication "If the message decrypts properly then it is authentic", which is not the case. MAC can be subject to several types of attacks, like: message reordering, block substitution, block repetition, .... Thus just providing message integrity and authentication, but not non-repudiation. To achieve non-repudiation one must trust a service (a certificate generated by a trusted third party (TTP) called certificate authority (CA)) which prevents an entity from denying previous commitments or actions (e.g. sending message A to B). The difference between MAC and
176:. A forensic analyst specializing in handwriting can compare some signature to a known valid signature and assess its legitimacy. A notary is a witness who verifies an individual's identity by checking other credentials and affixing their certification that the person signing is who they claim to be. A notary provides the extra benefit of maintaining independent logs of their transactions, complete with the types of credentials checked, and another signature that can be verified by the forensic analyst. This double security makes notaries the preferred form of verification.
152:
could be used. Verifying the digital origin means that the certified/signed data likely came from someone who possesses the private key corresponding to the signing certificate. If the key used to digitally sign a message is not properly safeguarded by the original owner, digital forgery can occur.
191:
without a shared secret between the signer and the verifier. The role of the certificate authority is to authoritatively state to whom the certificate belongs, meaning that this person or entity possesses the corresponding private key. However, a digital signature is forensically identical in both
66:
system where non-repudiation would be violated if key cards were shared or if lost and stolen cards were not immediately reported. Similarly, the owner of a computer account must not allow others to use it, such as by giving away their password, and a policy should be implemented to enforce this.
144:, one uses symmetric keys and the other asymmetric keys (provided by the CA). Note that the goal is not to achieve confidentiality: in both cases (MAC or digital signature), one simply appends a tag to the otherwise plaintext, visible message. If confidentiality is also required, then an
609:'Non-repudiation' in the legal context in Stephen Mason, Electronic Signatures in Law (4th edn, Institute of Advanced Legal Studies for the SAS Humanities Digital Library, School of Advanced Study, University of London, 2016) now open source
42:. The signature guarantees that only Mallory could have signed the cheque, and so Mallory's bank must pay the cheque. This is non-repudiation; Mallory cannot repudiate the cheque. In practice, pen-and-paper signatures aren't hard to
514:
395:
Chen, Chin-Ling; Chiang, Mao-Lun; Hsieh, Hui-Ching; Liu, Ching-Cheng; Deng, Yong-Yuan (July 2020). "A Lightweight Mutual
Authentication with Wearable Device in Location-Based Mobile Edge Computing".
27:. The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".
192:
legitimate and forged uses. Someone who possesses the private key can create a valid digital signature. Protecting the private key is the idea behind some
608:
121:. Because of this, data integrity is best asserted when the recipient already possesses the necessary verification information, such as after being
256:
Li, Zhaozheng; Lei, Weimin; Hu, Hanyun; Zhang, Wei (2019). "A Blockchain-based
Communication Non-repudiation System for Conversational Service".
204:(CAC), which never lets the key leave the card. That means that to use the card for encryption and digital signatures, a person needs the
580:
323:
273:
197:
109:
usually ensures that the data will not be changed undetectably. Even with this safeguard, it is possible to tamper with
598:
97:
An authentication that the data is available under specific circumstances, or for a period of time: data availability.
23:
is a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated
371:
604:'Non-repudiation' taken from Stephen Mason, Electronic Signatures in Law (3rd edn, Cambridge University Press, 2012)
623:
603:
205:
227:
137:
161:
To mitigate the risk of people repudiating their own signatures, the standard approach is to involve a
62:
involves associating actions or changes with a unique individual. For example, a secure area may use a
567:. Lecture Notes in Computer Science. Vol. 1163. Berlin, Heidelberg: Springer. pp. 133–144.
128:
The common method to provide non-repudiation in the context of digital communications or storage is
298:
258:
2019 IEEE 13th
International Conference on Anti-counterfeiting, Security, and Identification (ASID)
149:
114:
338:
184:
88:
313:
628:
541:
217:
180:
122:
101:
Proof of data integrity is typically the easiest of these requirements to accomplish. A data
237:
232:
76:
8:
162:
529:
560:
458:
431:
412:
377:
279:
201:
47:
576:
483:"How to achieve non-repudiation of origin with privacy protection in cloud computing"
463:
416:
381:
367:
351:
319:
283:
269:
188:
141:
129:
43:
568:
494:
453:
448:
443:
404:
359:
261:
169:
38:
the cheque with a pen. Later, she finds that she can't afford it, and claims that
633:
545:
110:
265:
499:
482:
408:
222:
84:
617:
102:
599:"Non-repudiation in Electronic Commerce" (Jianying Zhou), Artech House, 2001
363:
467:
356:
Proceedings of the 1st ACM Conference on
Advances in Financial Technologies
63:
39:
515:"What are the differences between a digital signature, a MAC and a hash?"
572:
193:
145:
94:
An authentication that can be said to be genuine with high confidence.
350:
Yu, Mingchao; Sahraei, Saeid; Nixon, Mark; Han, Song (18 July 2020).
35:
148:
scheme can be combined with the digital signature, or some form of
118:
24:
530:"How to increase the information assurance in the information age"
432:"Digital signature schemes with strong existential unforgeability"
30:
For example, Mallory buys a cell phone for $ 100, writes a paper
173:
31:
481:
Wu, Wei; Zhou, Jianying; Xiang, Yang; Xu, Li (December 2013).
339:
Non-Repudiation in the
Digital Environment (Adrian McCullagh)
179:
For digital information, the most commonly employed TTP is a
187:. A public key certificate can be used by anyone to verify
106:
132:, a more powerful tool that provides non-repudiation in a
430:
Chia, Jason; Chin, Ji-Jian; Yip, Sook-Chin (2021-09-16).
299:"What is Repudiation of a Contract? - Rosendorff Lawyers"
394:
349:
311:
615:
156:
563:. In Kim, Kwangjo; Matsumoto, Tsutomu (eds.).
480:
558:
255:
429:
343:
296:
559:Zhou, Jianying; Gollmann, Dieter (1996).
498:
457:
447:
534:Journal of Defense Resources Management
487:Journal of Computer and System Sciences
616:
565:Advances in Cryptology — ASIACRYPT '96
70:
527:
83:A service that provides proof of the
208:(PIN) code necessary to unlock it.
198:United States Department of Defense
13:
138:Message Authentication Codes (MAC)
14:
645:
592:
561:"Observations on non-repudiation"
397:Wireless Personal Communications
552:
521:
507:
474:
449:10.12688/f1000research.72910.1
423:
388:
332:
305:
297:Rosendorff (25 January 2023).
290:
249:
206:personal identification number
53:
1:
352:"SoK: Sharding on Blockchain"
243:
228:Designated verifier signature
168:The two most common TTPs are
157:Trusted third parties (TTPs)
7:
266:10.1109/ICASID.2019.8924991
211:
50:can be very hard to break.
10:
650:
500:10.1016/j.jcss.2013.03.001
409:10.1007/s11277-020-07240-2
312:Christopher Negus (2012).
79:, non-repudiation means:
150:authenticated encryption
115:man-in-the-middle attack
624:Public-key cryptography
364:10.1145/3318041.3355457
185:public key certificates
40:the cheque is a forgery
318:. Wiley. p. 580.
123:mutually authenticated
528:Sosin, Artur (2018).
218:Plausible deniability
181:certificate authority
358:. pp. 114–134.
238:Undeniable signature
233:Information security
163:trusted third party
134:publicly verifiable
113:, either through a
71:In digital security
573:10.1007/BFb0034842
202:Common Access Card
189:digital signatures
142:Digital Signatures
130:Digital Signatures
48:digital signatures
582:978-3-540-70707-3
325:978-1-118-28690-6
275:978-1-7281-2458-2
260:. pp. 6–10.
170:forensic analysts
641:
587:
586:
556:
550:
549:
525:
519:
518:
511:
505:
504:
502:
493:(8): 1200–1213.
478:
472:
471:
461:
451:
427:
421:
420:
392:
386:
385:
347:
341:
336:
330:
329:
309:
303:
302:
294:
288:
287:
253:
77:digital security
34:as payment, and
649:
648:
644:
643:
642:
640:
639:
638:
614:
613:
595:
590:
583:
557:
553:
526:
522:
513:
512:
508:
479:
475:
428:
424:
393:
389:
374:
348:
344:
337:
333:
326:
310:
306:
295:
291:
276:
254:
250:
246:
214:
183:, which issues
159:
111:data in transit
73:
64:key card access
60:non-repudiation
56:
21:non-repudiation
17:
12:
11:
5:
647:
637:
636:
631:
626:
612:
611:
606:
601:
594:
593:External links
591:
589:
588:
581:
551:
520:
506:
473:
422:
403:(1): 575–598.
387:
372:
342:
331:
324:
304:
289:
274:
247:
245:
242:
241:
240:
235:
230:
225:
223:Shaggy defense
220:
213:
210:
158:
155:
99:
98:
95:
92:
89:origin of data
72:
69:
55:
52:
15:
9:
6:
4:
3:
2:
646:
635:
632:
630:
627:
625:
622:
621:
619:
610:
607:
605:
602:
600:
597:
596:
584:
578:
574:
570:
566:
562:
555:
547:
543:
539:
535:
531:
524:
516:
510:
501:
496:
492:
488:
484:
477:
469:
465:
460:
455:
450:
445:
441:
437:
436:F1000Research
433:
426:
418:
414:
410:
406:
402:
398:
391:
383:
379:
375:
373:9781450367325
369:
365:
361:
357:
353:
346:
340:
335:
327:
321:
317:
316:
308:
300:
293:
285:
281:
277:
271:
267:
263:
259:
252:
248:
239:
236:
234:
231:
229:
226:
224:
221:
219:
216:
215:
209:
207:
203:
199:
195:
190:
186:
182:
177:
175:
171:
166:
164:
154:
151:
147:
143:
139:
135:
131:
126:
124:
120:
116:
112:
108:
104:
96:
93:
90:
86:
82:
81:
80:
78:
68:
65:
61:
51:
49:
45:
41:
37:
33:
28:
26:
22:
629:Contract law
564:
554:
540:(1): 45–57.
537:
533:
523:
509:
490:
486:
476:
439:
435:
425:
400:
396:
390:
355:
345:
334:
314:
307:
292:
257:
251:
196:such as the
178:
167:
160:
133:
127:
100:
74:
59:
58:In general,
57:
29:
20:
18:
315:Linux Bible
194:smart cards
54:In security
618:Categories
546:2178518357
244:References
146:encryption
16:Legal term
417:218934756
382:204749727
284:209320279
85:integrity
542:ProQuest
468:36798451
212:See also
174:notaries
136:manner.
119:phishing
105:such as
25:contract
19:In law,
459:9925878
442:: 931.
634:Notary
579:
544:
466:
456:
415:
380:
370:
322:
282:
272:
46:, but
32:cheque
413:S2CID
378:S2CID
280:S2CID
44:forge
36:signs
577:ISBN
464:PMID
368:ISBN
320:ISBN
270:ISBN
172:and
107:SHA2
103:hash
87:and
569:doi
495:doi
454:PMC
444:doi
405:doi
401:113
360:doi
262:doi
200:'s
117:or
75:In
620::
575:.
536:.
532:.
491:79
489:.
485:.
462:.
452:.
440:10
438:.
434:.
411:.
399:.
376:.
366:.
354:.
278:.
268:.
165:.
125:.
585:.
571::
548:.
538:9
517:.
503:.
497::
470:.
446::
419:.
407::
384:.
362::
328:.
301:.
286:.
264::
91:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.