Non-repudiation

Non- repudiation

One of the greatest advantages of using digital certificates is non-repudiation. Non-repudiation is like receiving a sales receipt when placing an order. Non-repudiation guarantees that when a message is sent to a third-party application, a receipt is returned saying that the message was received.

When working with Business-to-Business (B2B), sometimes it is necessary to get a receipt to ensure that the message was delivered. An example is placing an order through xyzFlowers.com . The company xyzFlowers.com could be a company that doesn't actually deliver flowers, but just handles the ordering process. The company could have a contract with a small flower shop in ABC City, Colorado, a couple of miles from the customer who actually placed an order on the Internet for a flower bouquet to be sent to his wife. xyzFlowers is acting on behalf of the customer by ordering the flowers for the customer without the customer's knowing about the local flower shop. If the customer doesn't receive the flowers in a timely manner, the xyzFlowers organization needs to ensure, without just taking the word of the local flower shop, that the local flower shop truly received the order..

There is no proof that the local flower shop is at fault because there is no proof that it received the order. Non-repudiation is when the client, xyzFlowers , sends a request to the service, the local flower shop, and there is a response and timestamp immediately returned from the service saying that it received the order. The non-repudiation protocol is necessary to find out which organization is currently responsible for the task.

Non-repudiation services provide an evidence generator that will generate tokens or digital signatures to signify the type of service, the message, and the time that the message provided evidence. The type of service will describe the information that is needed to give evidence of a transaction.

There are four types of non-repudiation services:

• Non-Repudiation of Origin: This service covers the case where the sender acknowledges that he created and sent the message.

• Non-Repudiation of Delivery: This service covers the case where the recipient acknowledges that she has received the message.

• Non-Repudiation of Submission: This service incorporates a delivery service that acts as a third party that will receive the message from the sender, acknowledge to the sender that it received the message, and forward it to one or more recipients of the message. It will acknowledge that the message was sent from the sender. It does not guarantee that the recipient received the message, but will make a best effort to forward the message. The sender trusts the delivery service.

• Non-Repudiation of Transport: This service incorporates a delivery service that acts as a third party that will receive the message from the sender, acknowledge to the sender that the message was received, and place the message in the data store of the recipient. The delivery service acknowledges that the message was placed in the recipient's data store but cannot guarantee that the recipient received the message because it cannot guarantee that the recipient checks the data store.