6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00
6/1/20152 Content Introduction Digital Signature and information security Public key cryptography Digital Signature components & processes Public key infrastructure(PKI) & its Flow
6/1/20153 Introduction Paperless office Cultural tradition Tangible paper Handwritten signature Sealed envelopes etc. Lack of legal admit Lack of infrastructure to support it Technology
6/1/20154 The Internet and electronic commerce Internet Lack of sufficient information security Lack of framework to enable electronic commerce Public key cryptography technology Legal recognition of digital signatures The elimination of paper becomes true
6/1/20155 Fundamental requirement Sender authenticity Message integrity Non-repudiation Signature formalities
6/1/20156 Satisfying the requirements in electronic commerce The purpose is to Protect the message Not the medium No way to make a secure environment The availability and affordability of the public network Secure the message Base on public key cryptography Utah Digital Signature Act is the first one
6/1/20157 Digital Signatures & information security A digital signature is not a digitized image of a handwritten signature like the UPS signature Signature is digitized Image is transferred to electronic document Once captured, can be easily copy and paste A digital signature is An actual transformation of an electronic message using public key cryptography Tied to the signed document and signer, not reproducible Legal admitted Contract can be done over internet
6/1/20158 The basic principles All data entered into a computer is read as a binary number. For example: “Jack and Jill went up the hill The computer read it as:” ” etc Perform mathematical functions on the number Messages be transformed to alternate representations unique to the original one
6/1/20159 Public key cryptography Employs an algorithm using two different but mathematically related “keys” One (primary key) for creating a digital signature or transforming data into a seemingly unintelligible form Another key (public key) for verifying a digital signature or returning the message to its original form
6/1/ Public key cryptography Also termed as asymmetric key cryptography Involves an asymmetric key pair Public key: freely disseminated; no need of confidential Private key: must keep secret Characteristics of the key pairs Mathematical related, but impossible to calculated each other Each key perform the inverse function of the other, one key does only that the other can undo
6/1/ Digital Signature components Digital signatures are based on asymmetric, public key cryptography The digital signing and verification processes involve a hash algorithm and a signature algorithm(extremely complex math equation)
6/1/ Digital Signature components 100 Original Message *2 Hash Algorithm = 200 MessageDigest(fingerprint) *2 Signature Algorithm = 400 Digital Signature (*2 is primary key) a digital signature has nothing to do with the signer’s name or handwritten signature An actual transformation of the message itself, and that is “secret” only known by the signer Tied to both the signer and the message being signed.
6/1/ Creating a digital signature Message Hash Function Message Digest Signature Function Digital Signature Message Signature Private Key
6/1/ Verifying a digital signature Message Hash Function Message Digest Signature Function Message Digest If the message digest are identical, the signature will verify, If they are different in any way, the signature will not verify. Signer’s Public Key
6/1/ Public key infrastructure Using digital signature software Generate a key pair Release his public key to the on-line world Use any identity he choose Certification authority (CA) A trusted third party Guarantee individuals’ identities, Guarantee their relationship to their public keys (Bind their identities to the key pairs)
6/1/ Public key infrastructure Digital certificates contains: Name of the subscriber The subscriber’s public key The digital signature of the issuing CA The issuing CA’s public key Other pertinent information about the subscriber Subscriber’s organization (e.g. his authority to conduct certain transactions.etc) These certificates are stored in a on-line, publicly accessible repository
6/1/ PKI Process Flow Certification Authority Repository SubscriberRelying Party
6/1/ PKI Process Flow Step1. Subscriber applies to Certification Authority for Digital Certificate Step2. CA verifies identity of subscriber and issues Digital Certificate Step3. CA publishes Certificate to Repository Step4. Subscriber digitally signs electronic message with Private key to ensure Sender Authenticity, Message Integrity and Non-repudiation and sends to Relying Party Step5. Relying Party receives message, verifies Digital Signature with Subscriber’s Public Key, and goes to Repository to check status and validity of Subscriber’s Certificate Step6. Repository returns results of status check on Subscriber’ Certificate to Relying Party
6/1/ Digital signature applications Any processes that requires strong authentication of both sender and contents of the message, and non-repudiation. Such applications as Purchase order systems Automated forms processing contracts Remote financial transactions or inquires
6/1/ Covers Digital Signature What it is Basic principle Its components Create and verifying it Its application Public key cryptography Definition Character of key pairs Public key infrastructure PKI PKI Process Flow