Talk about an awkward situation—you and a customer collaborate online, sharing a view of a contract and trying to agree on the payment schedule.
As you scrutinize the terms, you realize something has changed. Some of the content in the file you sent is not the same as the file the customer claims they received. What happened?
For all the files you exchange with customers and partners, you want to be able to prove that uploaded and downloaded files are identical. Gaining this capability is critical should a dispute arise over who changed the content of a file. Whether the disagreement might result in decreased trust or a legal matter, you need to make sure your customers and partners never doubt your integrity.
Proving File Validity
The answer to this challenge comes from non-repudiation. According to Webopedia, non-repudiation ensures a transferred digital message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation can be obtained in three ways:
- Digital signatures functioning as a unique identifier for an individual, much like a written signature
- Digital receipts created by the message transfer agent confirming messages were sent and received
- Date and time stamps proving when a document was composed and existed at a point-in-time
When non-repudiation is applied to files transferred electronically between two parties, the sender cannot deny sending the message, and the recipient cannot deny receiving the message, thus proving the validity of the transfer to both parties. Non-repudiation can also be used in legal proceedings to prove where a file originated and that the data within the file has not been tampered with.
In essence, who sent a message, where it was sent from, who received it, where they received it, and the integrity of the file can always be guaranteed. And should a dispute arise over the validity of content within a transferred file, non-repudiation provides valuable forensic capabilities to verify what happened.
Going back to the contract dispute discussed above, perhaps someone did make a change inadvertently, maybe even someone within your company. Or perhaps it turns out to be a misunderstanding. Either way, the issue gets cleared up, and the trust between you and your customer remains intact.
Secure and Compliant Transfers Require End-to-End Non-Repudiation
In addition to end-to-end non-repudiation playing an essential role in implementing a secure file transfer process between your company and your customers and partner, it’s also required by all the major regulations that protect sensitive information. These include HIPAA, GDPR, SOX, and FISMA.
Correctly implementing non-repudiation can be achieved by implementing a Managed File Transfer (MFT) solution running on a secure server that performs these functions:
- Authenticates each user who uploads or downloads a file
- Checks the integrity of each file when uploaded and downloaded
- Compares server-generated and client-generated integrity check results
- Associates and logs the authentication and check results
The leading MFT solutions leverage the cryptographically-valid Secure Hash Algorithm (SHA) or the Message Digest (MD) algorithm to check file integrity. SHA takes inputs and produces a hash value that’s typically 40 digits long. It is the stronger method of the two algorithms and is approved under the U.S. Federal Information Processing Standard (FIPS) 140-2.
The Answer the Non-Repudiation Challenge
To solve the non-repudiation challenge, many businesses have turned to MOVEit® Managed File Transfer software. The solution features FIPS 140-2 validated cryptographic modules that include the SHA and MD algorithms for file integrity checking.
Thousands of organizations across the globe have deployed MOVEit for visibility over the file transfer activities of their end-users. With MOVEit, your IT team can assure the reliability of core business processes that depend on the secure and compliant transfer of sensitive data among internal users as well as with customers, partners, and vendors.
You can deploy the solution on-premises or in the cloud, with both environments offering certified compliance with PCI, HIPAA, GDPR, and other regulations pertaining to protecting personal data. You can also consolidate all file transfer activities into one system. This lets you manage non-repudiation controls and closely monitor access, encryption, and workout tracking to ensure compliance with SLAs, internal governance, and regulations.
In addition to defending your business, if a file-handling dispute should occur, the non-repudiation capabilities of MOVEit are a great way to show your customers and your partners just how serious you are about protecting the integrity of documents. And that helps establish a level of trust that fosters long-term relationships!
To see for yourself, start a free trial of MOVEit today.