Mar 28 2013

Data Must Be Tamper-Proof for the Paperless Future to Work

The combination of PKI and KSI allows businesses to ensure data authentication.

The benefits of a move to digital documents from physical paper include reduced costs, improved efficiency and instant access to documents. But the path to paper’s dematerialization is not without its twists and turns.

If we are to achieve a paperless future, then we need secure and scalable methods of data authentication.

The paperless office may still be in the future for some organizations, but the financial services and insurance industries have embraced the idea.

The Depository Trust & Clearing Corporation (DTCC) is attempting the “full dematerialization of U.S. financial markets” by 2015, according to a recent DTCC press release. Stocks and mutual funds have made the transition to dematerialized form, and insurance policies will follow under the supervision of the Insurance Regulatory and Development Authority (IRDA).

The old system was simply becoming unworkable logistically. A paperwork crisis was creating catastrophic inefficiencies and negatively impacting the bottom line. Digitization enables compliance and reduces cost and increases convenience on all sides. Reducing paperwork speeds up the average transaction and makes the process more accessible.

By cutting paper out of our lives, the risk of loss, theft, damage and forgery of physical documents is eliminated in one fell swoop.

What Is Preventing Dematerialization?

With so many clear benefits to the process, why aren’t we seeing greater adoption? What are the barriers to the paperless future that so many think is inevitable? When we look beyond general institutional resistance to change, security and data authenticity top the list of concerns. While physical files can be locked in an office or even a vault, the digital world is an entirely different animal.

How do organizations securely store documents, and how is the authenticity of the data guaranteed?

Digital copies are cheap and easy to make, but they are also easy to manipulate. A tamper-proof method of digitally signing documents is required. It should be possible to verify the signature, establish when the document was signed and verify that the data is exactly the same as it was when the document was originally created. Cryptographic algorithms can establish a high level of security, but they are expensive and difficult to scale.

The Limits of PKI

Public key infrastructure (PKI) relies on a mixed bag of public and private keys to authenticate users and encrypt data. Digital certificates identify organizations, directories must be kept concise and up to date, certificate and registration authorities are required and the whole system must be managed. It is expensive and scaling up can be complex.

On a large scale, PKI can lead to major bumps in network traffic, and encrypted data can wreak havoc on existing security software and systems. PKI requires centralized directories with unique and accurate records for every entry. There are also issues with how effectively and quickly revocation is dealt with when problems arise.

Going Keyless

Keyless signature infrastructure (KSI) can solve many of the problems with PKI, and it can also integrate with PKI to provide the best of both worlds. With KSI, cryptographic keys aren’t required to verify signatures. It uses hash function based on cryptography, and the tools required are published publicly. Therefore, anyone can verify signatures to establish the date, time and signing entity and prove that the data is intact.

Data can be authenticated without using a third party, making the process highly scalable. Large volumes of data can be processed more effectively when organizations are freed from the complexities of PKI and key management.

A Paperless Future Is Achievable

The paperless office will save resources, money and time. Beyond that, it allows businesses to more smoothly and accessibly exchange information. By tapping into the combination of PKI and KSI, businesses can deliver truly secure data authentication while effectively bypassing the main obstacles to dematerialization.