Digital Signatures, Message Digests, Digital Certificates and their applications in Accountancy

Cryptography before the mid-1970’s used just one secret, known by both the enciphering and deciphering parties (Gladman et al). In the past, it was mostly used by diplomats, spies and the military but times have changed and it has become an indispensible part of electronic commerce and security. Some of the modern business applications of cryptography include secure messaging, e-commerce, online banking, secure storage, authentication, Digital Rights Management and Watermarking. Crucial to modern cryptography is the use of digital signatures, message digests and digital certificates.

Digital Signatures
Digital Signatures are a technology that gives 2 parties the ability to validate the authenticity of information that is transmitted electronically and also important documents. The Electronic Communications Act 2000 states that a digital signature is as legally binding as a hand written contract. Therefore, when a digital signature is added to a document, it provides assurance that the document’s sender is the person they claim to be. This eliminates the fear that sensitive data is disclosed to people for whom it is not intended (Grupe et al, 2003). The concept of how digital signatures work can be illustrated by the use of an example:

Alan is given 2 keys: a public key and a private key. The keys are used to encrypt information and only a person with the appropriate key can read that information. Either of the 2 keys can encrypt the data and the other can decrypt the data. Anyone can obtain Alan’s public key but the private key is kept by him.

Rishi, can encrypt a message using Alan’s public key. Alan then uses his private key to decrypt the message. This means that anybody could access Rishi’s message but they cannot decrypt it without Alan’s private key.

With the private key, Alan can place digital signatures on documents and other data. This places a ‘stamp’ (which is unique to Alan) on the document which is difficult to forge.


Message Digests
Following on from the idea of digital signatures, the signature can also be used to assure that any changes made to the data can be easily detected. This is by the use of a “Message Digest”. For example, Alan prepares a plaintext document which is a contract.

The plaintext document can be crunched down into just a few lines of code by a process called “hashing”. These lines are called the Message Digest (MD) and the same document will always produce the same MD. This means that if the document has been tampered with, a different MD will be produced, providing clear evidence that changes have been made. It should also be noted that it is not possible to convert a message digest back into the original plaintext document. Alan can then encrypt the message digest with his private key to create a digital signature.

This digital signature is appended to the document and this can then be sent to Rishi with the original plaintext document.

If Rishi can decrypt the signature file with Alan’s public key then this will prove that the document was signed by Alan as only he has the private key. Furthermore, if the hash algorithm produces the same message digest, then this proves that the signed data has not been changed. As a result of this, Alan cannot deny the document was sent by him. Following from this, Rishi can then create another Message Digest from the plaintext contract and if this is the same Message Digest that was just decrypted from Alan’s public key, then Rishi has bound his digital signature to the contract and now has a legally enforceable digitally signed contract. Rishi would also gain nothing by altering the contract as doing so would produce a different Message Digest to the contract Alan signed. Consequently, Alan would not be legally bound by it. The whole process is summarised in the diagram below.


Digital Certificates
Digital Certificates are used to instil extra confidence into being certain that a public key actually belongs to a particular person. They consist of 4 components: a public key, information on the key’s owner, a signature from a certification authority and information about the certificate including the period of validity and the serial number. It is method of authentication by vouching and merely binds the key to the information that is on the certificate; this can provide varying levels of assurance. Referring back to the previous example, the scenario can be expanded further to incorporate the use of digital certificates.

Supposing a digital certificate is created for Alan by a Certification Authority (CA), this means that Alan’s public key will be signed as well as some personal information about Alan. Now Rishi can check to make sure that his public key truly belongs to Alan. Firstly to verify the signature on the Alan’s certificate, the CA’s public key is used. After the certificate is decrypted, it is possible to check that Alan is trusted by the CA and that all of the certificate information relating to Alan’s identity is correct. Afterwards, Alan’s public key is taken from the certificate and is used to check Alan’s signature. If Alan’s public key successfully decrypts the signature then Rishi can be sure the signature was created using Alan’s private key, as the CA has certified the matching public key (www.youdzone.com).


Applications for Accountants
Digital signatures can improve internal controls and authenticity of data. All electronic and legally binding documents and records of transaction must be subject to a trustworthy process of authentication. As digital signatures are far more difficult to forge than handwritten signatures, this should mean that less extensive audit testing will be required. There are also a number of cost savings through using digital signatures. These come from reduced paper and communications costs, reduced transaction and administrative costs and elimination of process steps.

Accountants can use digital signatures to create paperless contracts and for financial reports. They can potentially be used for other human resources functions such as approval of holidays, payroll and supply chain transactions. As all documents are encrypted, then security is improved as even if vital documents containing sensitive information such as takeover plans are stolen, then this data cannot be read by people it is not intended for as they will not be able to decrypt it. It is clear to see that there are huge benefits of using digital signatures. The big 4 accounting firms have already started issuing digital signatures in partnership with private vendors such as Verisign (Grupe et al, 2003). I believe that eventually, every accounting department will follow suit and adopt the use of digital signatures.

References:

Gladman et al, 1999, Digital Signatures, Certificates and Electronic Commerce

Grupe et al, 2003, Understanding Digital Signatures, The CPA Journal

What is a digital Signature?, available at: http://www.youdzone.com/signature.html [accessed 31 December 2008]

How might the Internet affect the Pricing Policies and Profitability of Companies?

For a business, one of the most important decisions is pricing. This is something that has important consequences for the ‘bottom line’ and should be given just as much attention as all the other key decisions they must make. As soon as a customer learns the price of a product, they instantly get a first impression which may be vital to their eventual decision to buy or not. The innovation that is the internet has had major effects on the pricing policies and the profitability of companies.

The first question to ask is whether or not the internet has had the effect of increasing or decreasing prices. Building an internet store has a low entry cost as it is relatively cheap to set up a website. Operational costs are also reduced as there is no need to rent physical space. Consequently, a large number of internet stores have been set up and this has increased the overall market competition. Having the internet makes it easy for sellers to compare prices and as everybody will want to set the best price and this should have the effect of driving prices down. However it also makes it easy for sellers to collude on prices to keep them as high as possible. The net effect is that prices are reduced in some areas but are higher in others. Although internet stores may offer lower prices than conventional outlets for certain products, this does not necessarily mean that they should decrease their prices.

There are a number of services which conventional stores can offer which internet stores cannot. Some products are better evaluated through a physical presence such as food and clothes and we can also never underestimate the value of convenience. I believe that the ability to collect an item immediately is definitely worth something. Another service which the internet cannot really offer is retail assistance which is becoming more critical in ensuring that customers leave a store full satisfied (Lal, 1999). Reputation is significant and generally, known and trusted stores can command higher prices so therefore the pricing policies of high streets stores may not be affected a great deal by the internet.

Setting the right (optimal) price is extremely difficult to do and often takes considerable market knowledge, particularly with new products and also testing of different pricing options (www.knowthis.com). With the internet, price changes are easy to make and this means that the optimum price could change at any time. An example here is with airline ticket prices, which change dynamically in order to attempt to set the best price to beat the competition.

One method of letting the customers decide the optimal price is to hold auctions. The internet has made it much easier to sell through auctions. ‘Virtual Marketplaces’ such as Ebay (the clear market leader in online auctions) holds timed, public sales driven by bids, with items sold to the highest bidder. People can set up their own companies on Ebay and hope to make larger profits using the auction system as people may fall to the ‘winner’s curse’ – that is people become over-excited in the heat of the moment and overbid to win. Websites such as Ebay have had major adverse effects on the antiques industry. In one US antiques store, business had declined by about 35% since the end of 2004 and shop traffic dropped 15-18% during that time (www.thebizpress.com). Besides the antiques industry, the internet has been the worst enemy for a number of other businesses.

It can destroy entire market sectors (www.wikinvest.com) and a number of existing businesses which once thrived have been seriously damaged by the internet. For example, in the travel industry, the internet has devastated the profitability of travel agents as there is now very little that they can offer. Airlines and hotels can do business directly with customers as people can now check for best airline prices and book their own flights and hotel rooms without the need for a travel agent, which should save money for the customer.

Another industry which has been rocked by the internet is the music and video store industry. Buying music cds from internet stores is often cheaper than buying from conventional outlets which gave the industry their first blow. However as the market for digital music has grown and usage of digital music players has gained widespread adoption; the industry has taken a further hit as customers have turned to downloading their music online from places such as the iTunes store. This has a particular advantage for the customer as instead of buying an album, they can now save money by only choosing to buy only the songs they desire. As a result of this, music store stalwarts such as Tower Records have gone out of business but now exist as an online music store. Virgin Megastores has also had to embrace the new technology and have now incorporated digital music as part of their online business.

Piracy is a further issue which has increased exponentially since the internet’s mainstream arrival and perhaps no industry has been hit harder than the music industry. As a result of this, some rather bizarre pricing policies have been made by companies. For example, Radiohead adopted a policy of letting the customer pay what they wanted for an album, and a website called Amie Street have adopted a demand based pricing approach. The price of a music track starts at zero and increases as the demand for it increases (www.wikipedia.com).

Similarly, video rental stores have also faced changes due to the internet. Companies such as Blockbuster Video have struggled for some time as the internet has allowed for a home delivery video rental service but they have now added this kind of service to their business. However the future is still uncertain for this industry as video-on-demand is becoming more widely available (www.wikinvest.com).

In conclusion, the internet has been a major advance in commerce but in some industries, it has caused severe disruption. This has been particularly apparent in the music and video stores industry as well as the antiques and travel market sectors. On the whole, customers are probably benefitting from the internet as pricing information for products is easier to find and compare. Everyday, an increasing number of people are buying products from the internet, but conventional outlets should not be overly worried as they can still offer services which online stores cannot, and for some people, this may always be worth paying a small premium for.

References

Pricing Decisions, available at: http://www.knowthis.com/tutorials/principles-of-marketing/pricing-decisions/3.htm [accessed 29 December 2008]

The Internet Impact, available at: http://www.wikinvest.com/concept/The_Internet_Impact [accessed 29 December 2008]

Lal, R, 1999, When and How is the Internet Likely to Decrease Price Competition, Marketing Science, Vol 18, No. 4, pp485-503

Antiques Shops Struggle in the Web Era, available at: http://www.thebizpress.com/news/stories/BP_News_Local_D_bp0108_focus-antiques.e12ad2.html [accessed 30 December 2008]

Wikipedia - Amie Street, available at: http://en.wikipedia.org/wiki/Amie_Street [accessed 30 December 2008]