Non-repudiation

The goal of information security, non-repudiation, is to ensure that a person or organisation involved in a transaction, communication or data exchange cannot deny having been involved in the action or having carried it out. It serves as proof of the origin, delivery and integrity of data and ensures that neither the sender nor the recipient can credibly deny their involvement. Important key aspects of non-repudiation are:

Ensures that the sender of a message or the initiator of a transaction cannot deny having sent the message or initiated the transaction. This is usually achieved by using digital signatures that link the identity of the sender to the message.

Ensures that the recipient of a message or transaction cannot deny receipt. This is important for both communication partners to ensure accountability and trust.

Non-repudiation involves keeping detailed logs or audit trails that record the steps in a transaction or communication process. These records can be used as evidence in disputes to demonstrate the actions taken by each party.

A common technique for ensuring non-repudiation. A digital signature is created using the sender's private key and can be verified by anyone using the sender's public key. This proves that the sender was indeed the originator of the message or document.

In addition to digital signatures, various cryptographic methods such as hash functions and encryption are used to ensure the integrity and origin of data and to further support non-repudiation.

In many cases, non-repudiation also has legal implications. In e-commerce, for example, a digital contract signed with a digital signature is often legally binding, and non-repudiation ensures that the signatory cannot deny his or her involvement.