Although it's true technology evolves fast, and our practices at work and in life have changed greatly due to the spread of technology, some things are slow to take off – technologies which at first sight seem excellent candidates for swift and widespread adoption. One such is digital signatures.
The standard for digital signatures was first announced by NIST (National Institute of Standards and Technology) in 1991. That's the era of proprietary email, localized EDI, arcane file download protocols, online bulletin boards – and America Online. You could think of it as a chaotic period of evolution prior to the coalescence of a new digital culture centered on the Internet. The point is, the need for digital signatures was already clear at this time, with credible solutions enshrined in standards.
Digital signatures are not in general use today. Why is this? Maybe it's because most people don't regard their data as private, and are not concerned to prove their own identity or the identity of those they communicate with. In other words, we share by default and we take people on trust.
The more our lives are lived online, and the more fully digitalized our businesses become, the more dangerous this attitude becomes. With personal devices and environmentally embedded IoT devices streaming potentially sensitive data around the clock, we need to think about censoring the personal information we give away. And with our social and business relationships migrating online, we need to be certain about the people and organizations we're interacting with.
Digital signing is not difficult to integrate with applications. There's some processing overhead, and an additional layer of management and configuration. What will it take to prompt the wider incorporation of this proven technology? For personal devices, digital signing is likely to be melded with biometric forms of user authentication. Guaranteeing identities in automated business-to-business relationships is another matter. Developers of applications which rely on multi-party collaboration and the use of software agents to perform business processes need to look carefully at authentication strategies. Otherwise, the potential for crime – especially fraud – will be significant. Dictionary