As is known, electronic documents are increasingly becoming part of business practice, thus urging the need of finding a simple and sure certification technique for this kind of documents. Many countries already consider an electronic signature to be legally binding, indeed.
The process of signing an electronic document is, however, totally different from that used for paper-based documents. In particular, an electronic signature has to observe the following rules:                It guarantees that the document content has not been altered after the document has been approved and thus signed (the so-called “evidence of integrity”).        It should provide for the identity verifying of the signer (the so-called “evidence of identity”) as well as the signature validity (the so-called “evidence of the intent to authenticate”).        
A known authentication technique usually indicated as content certification is performed by computers that process the entire content of an electronic document and compute a certification code that uniquely identifies such a document. In this way, if any part of the document has been modified (in particular, if data has been displaced, changed, deleted, inserted), a new certification code will be generated using such techniques. Actually, in order to check that a document has not been changed, a certification code is computed, compared to the original one and appropriately stored. Then the document is authenticated only if the new computed code corresponds to the previous one, thus proving that the document has the original content. By using this technique it will always be possible to check the integrity of a document.
Known certification techniques of this type can be applied to any kind of document (text, images, music, video) of any size. A single certification code can also be computed to include different documents. The use of such a certification code corresponding to a computer-generated number is really efficient, only a small sized data being stored or sent to ensure the document validity, and really secure, since using a well known and used 128 bit-code there is only one chance in thousands of billions that different documents turn out to have the same code.
This is way code-based certification is the basis of digital signature technology and all modern certification and security systems.
It is also known to provide electronic documents with a digital signature certificate, which is a computed “code” based on personal identity certificate (digital ID) and the content of the document. The digital signature is therefore unique both to the individual and to the document, different codes corresponding to different document and person.
In order to sign a document, personal identification is required. A personal identity certificate (digital ID) is usually a data sequence including two parts and is unique to a person. The personal certificate has both a private and a public part. The private part is used to compute a signature and should therefore be kept secret (usually it is stored in a chip card). The public part of the digital ID is used to check and validate the signature and thus made freely available.
Also known are other identification means e.g., PIN, access codes, or on biometric data (fingerprints, retinal scans).
Moreover, to prove that a document has not been altered, it is necessary to keep also its certification code in a form that can bring evidence to bear that the code is the original one. The certification code and the date of first calculation should therefore be authenticated in an appropriate way.
An easier way to “preserve” the code and the corresponding date would consist in printing the code on paper and then having it signed by an auditor or by a company representative.
Newly approved laws in many countries require the evidence of data integrity and a demonstrable specific sequence of data also in accounting applications.
It should be noted that keeping accounting registrations is mandatory for a large number of entities. Since accounting data are also the basis for tax collection, income calculation and determines the binding credit/debit positions of a company or individuals, the accounting as a whole is a legally binding instrument. All countries have legislation that prescribes exactly how accounts should be kept, each specific tax rule influencing how transactions should be calculated and recorded as well.
In particular, the fundamental accounting rules are the following:                accounting data should give correct and true evidence of all transactions and of the financial situation (the so-called “principle of understandability, relevance, reliability, comparability, consistency” as indicated by the International Accounting Standard (IAS) and US Generally Accepted Accounting Principles (GAAP)).        accounting data should be kept in a timely manner.        accounting data should be organized according to the size and needs of the company.        accounting data are legal documents, that should not be modified, but on the contrary preserved over time.        management is directly responsible for the accounting system.        
In order to comply with these rules, every transaction that influences the financial position of a company must be recorded and for every transaction there must be a document that supports the operation (invoice, receipt).
Moreover, transactions must be recorded according to generally accepted accounting standards and fiscal accounting rules and if a transaction is not correct it should be rectified.
Finally, accounting data should be kept on a regular basis and made available in a timely manner according to the applying country law.
In other words, accounting consists of a precise recording of transactions and the quality of the accounting work is checked by controlling that the transactions have been entered and conform to the documents.
In small organizations, few people are responsible for accounting. It is easy to verify that the work has been properly organized and whether all documents have been taken into consideration. It is simple to compare documents with the recorded transactions.
In large organizations with a large number of transactions, it is very hard or not possible to control all the records and all the documents. In large entities there are many individuals who supply information. This work must be properly coordinated, secured and checked.
Small companies will have a simple organization whereas large companies will have a structured and complex organization.
In certain cases, depending on legislation within the country and the legal form of the entity, the accounting also needs to be audited and certified.
Computers have made it much easier to record transactions. However, different problems also arise:                Electronic content is not bound to a support.        Electronic data can be changed.        Electronic data can be copied and replicated, the copies being totally similar to the original.        Data filed on electronic media cannot be directly read by human beings, a technical process being necessary in order to access and view the information.        
Actually used in the accounting field is a passive security of the accounting data (password protection).
However, such a security technique is a defense systems that only allows authorized users to have access to the accounting data, to be enabled to enter data and make changes. Such a security can be bypassed intentionally or unintentionally. An incorrect program could wrongly modify the data. Moreover, the passive security:                requires that data remains in a protected environment.        requires a clear distinction between the users who oversee security and users who use the data;        requires a system to ensure that accounting data are only entered by authorized users.        
In effect, the passive security of the accounting data is an important organization measure that ensures the accounting data quality and security. However, this kind of passive security cannot offer full evidence of the integrity of the information contained in the accounting data.
The change from a paper-based accounting system to a computer-based accounting system requires that the security and legal validity of accounting data should be reconsidered.
The integrity of an electronic document is a fundamental requirement for the validity of a digital signature. If a document is changed the authenticity of the document is lost and the digital signature is no longer valid. A certification technique is the central criteria through which the law considers an electronic document to be valid.
To summarize, electronic documents and passive security cannot offer evidence of integrity on their own. Only by using certification and signature techniques is it possible to give full evidence of the integrity of the data.
However, the traditional certification techniques compute a certification of a file (document or document and a personal identity certificate) as a whole. They are thus not suitable for certifying changing and growing data, as in the case of accounting database. In particular, it should be emphasized that when new transactions are added into a database, the already computed certification code according to the known techniques becomes obsolete.
So, traditional certification techniques could only be used with data sets that are final and that will not change and cannot be used in the accounting field where the data and database are “in progress”. In such a field, the new transactions are being added continuously to an accounting database and certification of the accounting file could not be made until the accounting year is closed and the corresponding accounting data made final.
Moreover, it should be noted that accounting databases do not assure that transactions are kept in a specific order. In particular, a query applied to such a database could return data in different orders. In the specific field of accounting data, however, the order in with transactions occur could be really important.