To understand the role of Legal Entity Identifiers in Digital Certificates, it is imperative to understand the purpose of Digital Certificates.
Digital Certificate is an electronic password that allows an entity to exchange data over the internet securely using Public Key Infrastructure (PKI). Digital Certificates are used for encrypting data exchanged between organisations, people, or even devices. Therefore the digital Certificate can be used for:
- Exclusively signing a PDF, Word or Excel
- Encrypting the data like SSL/TLS certificates (authenticates websites) which also includes signing
It has been serving its purpose significantly up till now. However, encryption is never enough. Encrypting data serves its purpose only if the data is being sent to the right receiver, with all the cyber crimes and frauds on the rise, sometimes it is possible that the encrypted data may be sent directly to a cyber-criminal. All the efforts of encryption become pointless in such cases.
Hence in today’s times, only protecting data shared over the internet does not suffice. What is paramount is knowing who is receiving the data that has been shared. All efforts to secure data are being negated by cybercriminals. So how can this system be made more robust?
Maybe Legal Entity Identifiers is the answer.
1. LEIs in Digital Certificates
Legal Entity Identifiers (LEI) are used in the financial industry to identify the organisations that are a party to the financial transactions. The LEI is an open database that is accessible to the public and is obtained from independent local operating units managed by the Global Legal Entity Identifier Foundation (GLEIF).
The uses of LEI are not restricted to only trade reporting; it is also being dubbed as a new tool for the implementation of the Know Your Customer Norms. Hence the addition of LEI in Digital Certificates will take the effectiveness of this system up a notch.
2. LEIs in SSL
SSL Certificates are digital certificates that provide authentication for a website and enable the encrypted connection. However, in today’s world of online transactions and major online traffic, it is easier for cybercriminals to create fake websites using domains that look like existing domains and mislead people to submit all personal information.
So how will LEI make a difference? For B2B (Business to Business) transactions requiring sharing of sensitive information, organisations can request that the same be shared over an HTTPS encrypted connection tied to an LEI. While the name of the company can be verified by the information provided in the SSL certificates, fake names can be used for securing information. When LEI is attached, not only the name but also a unique number assigned globally can be validated and hence ensures additional security.
However, the application of the same by individual organisations is not feasible due to the volume of transactions and interaction with multiple websites. Hence LEI may have to be adopted globally by browsers to ensure effectiveness.
3. LEIs in Digital Signatures
Digital Signatures provide comfort to the receiver that the information is authorised by the sender only. However, picture this, you receive a Loan application form from your bank, you provide all the relevant information, encrypt it and send it only to realise that it was sent by a fraudster imposing as your banker.
Now with LEI coming into the picture in the same scenario, you can verify the LEI of the bank sending the application and only then share your information.
4. LEIs in Email Security
Digital Certificates in signing email is not widely used as it is not supported by vendors; however, it can be adopted by organisations for increased security. Digital certificates, along with LEI, will make the exchange of data over emails more secure and can be adopted by organisations individually.
5. LEIs in Code Signing
Another platform where there is an exchange of data and upload of personal information is Mobile Apps. Currently, app stores do not require a lot of information about the owners of the apps to allow the uploading of apps. In the future, the issue of Code Signing Certificates only to organisations having an LEI can bring about assigning of responsibility to app owners. Also, continuous uploading of malicious apps by a certain LEI can trigger a red flag and block the organisation from uploading apps. Hence organisations with a particular LEI will not be able to upload apps.
While the problem itself will not be solved, but a better reporting mechanism will send out a warning for organisations to be more cautious.
All the above measures require willingness and adaptability by various vendors and also organisations. But with digitalisation looking like the only possible future of today’s world, stringent measures will ensure that transactions take place smoothly and all risks associated with the same are mitigated.
Disclaimer: The materials provided herein are solely for information purposes. No attorney-client relationship is created when you access or use the site or the materials. The information presented on this site does not constitute legal or professional advice and should not be relied upon for such purposes or used as a substitute for legal advice from an attorney licensed in your state.