7.7 Nonrepudiation

Nonrepudiation refers to the ability to prove at a later time that an infogram came from Ed the envoy. Suppose that we get a message from Ed asking that a savings account be decremented. Gwen's fortress decrements the account. Later, Ed says he never made the request. How can Gwen's fortress prove that Ed asked for the account to be decremented?

The easiest way to do this is with public and private keys. Gwen can insist that the decrement request be encrypted with Ed's private key. Gwen can decrypt this request with Ed's public key. After arranging to have the account decremented, Gwen then permanently logs the encrypted infogram. She might even want to log Ed's public key as well, just in case Ed later decides to change it. Should Ed ever deny sending the infogram, Gwen can retrieve the logged infogram and show that she can decrypt it with Ed's public key. If she can decrypt the infogram with Ed's public key, then it must have been encrypted with Ed's private key. Because only Ed knows Ed's private key, Ed must have sent the infogram. Nice try, Ed!

If Gwen is guarding a presentation or Web service fortress, she probably won't log the encrypted infogram herself because that would involve storing valuable data (the infogram log) on a nonsecure fortress. Instead she will use a trusted service fortress to do the logging for her.