Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA

Digital Signature - a data string which associates a message with some originating entity Digital Signature Generation Algorithm – a method for producing a digital signature Digital Signature Scheme - consists of a signature generation algorithm and an associated verification algorithm

Report Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate. Digital Signature Private key

Digital signature is a data items that vouches the origin and integrity of message.  The originator of a message uses a signing key (Private Key) to sign the message and send the message and its digital signature to a recipient  The recipient uses a verification key (Public Key) to verify the origin of the message and that it has not been tampered with while in transit

Balance between capturing the entire content of the transaction vs. ease of data integration Data that is Machine readable but which separates user entry content from context: database, comma delimited, spreadsheet, etc Data that records content and context but which are not easily integrated into databases: word, pdf, image, html, etc

PKI is a combination of software, encryption technologies and facilities that can facilitate trusted electronic transactions. PKI Components  Key Pairs  Certificate Authority  Public Key Cryptography

Public Key Cryptography Complimentary Algorithms are used to encrypt and decrypt documents Encryption key Decryption key Unreadable Format

Public key encryption : a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key—presumably, this will be the owner of that key and the person associated with the public key used. This is used for confidential. Public key decryption: Public key decryption means conversion of the data from coded language means machine readable data to user readable data is called the public key decryption key.

Key-only : Adversary knows only the public key Message attacks Known-message attack : Adversary has signatures for a set of messages which are known to the adversary but not chosen by him Chosen-message attack : Adversary obtains valid signatures from a chosen list of his choice (non adaptive) Adaptive chosen-message attack : Adversary can use the signer as an oracle.

Authentication and Verification  Any changes made to the report will invalidate the signature  Provides evidence of report integrity  Provides proof of report originator’s identity - Authentication

Authentication and Verification The individual’s public key, published by the CA decrypts and verifies the digital signature. Digitally Signed Private Key Decryption Algorithm

Putting the private key on smart cards Using smart card readers with a separate keyboard

A more secure alternative is to store the private key on a smart card. Many smart cards are designed to be tamper-resistant A user must activate his smart card by entering a personal identification number or PIN code (thus providing two-factor authentication). It can be arranged that the private key never leaves the smart card, although this is not always implemented. If the smart card is stolen, the thief will still need the PIN code to generate a digital signature.

Entering a PIN code to activate the smart card commonly requires a numeric keypad. Some card readers have their own numeric keypad. This is safer than using a card reader integrated into a PC, and then entering the PIN using that computer's keyboard.

digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.

Universities including Penn State, University of Chicago, and Stanford are publishing electronic student transcripts with digital signatures. Some industries have established common interoperabiltity standards for the use of digital signatures between members of the industry and with regulators. These include the Automotive Network Exchange for the automobile industry and the SAFE- BioPharma Association for the healthcare industry.Automotive Network ExchangeSAFE- BioPharma Association

Imposter prevention : By using digital signatures you are eliminating the possibility of committing fraud by an imposter signing the document. Since the digital signature cannot be altered, this makes forging the signature Impossible. Message integrity: By having a digital signature you are in fact proving the document to be valid. You are assuring the recipient that the document is free from forgery or falseinformation.

Using a digital signature satisfies some type of legal requirement for the document in question. A digital signature takes care of any formal legal aspect of executing the document.

The disadvantages of using digital signatures involve the primary avenue for any business: money. This is because the business may have to spend more money than usual to work with digital signatures including buying certificates from certification authorities and getting the verification software