Electronic and Digital Signatures

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
ESIGN 101 Ken Moyle Margo Tank David Whitaker Chief Legal Officer
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.
Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 31 Network Security
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Legislation, Regulation, Guidelines
E-commerce Law Electronic signatures and security.
COPYRIGHT GRANTS AND THE E-SIGN ACT Jeanne M. Hamburg Norris, McLaughlin & Marcus, P.A. 875 Third Avenue New York, New York (212)
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure Electronic Transaction (SET)
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography, Authentication and Digital Signatures
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Evolving Issues in Electronic Data Collection Workshop Interoperability Russ Savage Electronic Transactions Liaison Arizona Secretary of State Office.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DIGITAL SIGNATURE.
Implementing Electronic Signature Solutions 11/10/2015.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Public Key Encryption, Secure WWW Transactions & Digital Signatures.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Electronic Signatures CTO Workshop January 6, 2005 System Computing Services.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
1  Only 370 million of world’s 6 billion population know English as native language  70% content on web is in English but more than 50% of current internet.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
7 FAQ’s About Signing Documents Online
How the ESign Act Makes Esignatures Work
Unit 3 Section 6.4: Internet Security
Digital Signature.
Digital Signatures and Forms
Pooja programmer,cse department
Instructor Materials Chapter 5: Ensuring Integrity
Presentation transcript:

Electronic and Digital Signatures Richard Warner

What Is An Electronic Signature? An“electronic signature” consists of some string of symbols or characters manifested by electronic means, executed by a party with an intent to authenticate a writing. Examples: the sender’s name typed at the end of an e-mail message, a digital image of a handwritten signature attached to an electronic document, a PIN number, and so on. The expression ‘digital signature’ is usually used to refer to a special kind of electronic signature.

The Need to Sign Electronically There is good reasons to have electronic documents signed in a way that allows them to serve the purposes of written documents. Cost: it is a lot cheaper to use electronic documents. Checking example: It costs about $1.10 to process a paper check. It costs about $.10 to process an electronic transfer. There are billions to be saved.

The Need for Legal Clarification There is legal uncertainty about the status of electronic signatures Illinois, for example, has 3000 statutory sections requiring a signed writing. Does an electronic record with an electronic signature satisfy these requirements?

What Is A Digital Signature? A digital signature is an electronic signature that uses a special kind of encryption program. Here is a sample program. The message: “The British are coming!” The encryption instructions: replace every letter with the letter that follows it in the alphabet. This yields: “Uif Csjujti bsf dpnjoh!”

Asymmetric Encryption Digital signatures use a special kind of encryption called asymmetric encryption (or public key encryption). A “key” is just a sequence of numbers. You add it to the message you want to encrypt; then you then apply the encryption program to the message plus the key.

Example Example = Message Message + + Key Key Encrypted result Same message + Different key Different encrypted result Application of the encryption program =

Private and Public Keys Asymmetric encryption uses two keys. The sender uses one to encrypt; the recipient uses one to decrypt. The keys are referred to as the private and public keys. Private key is private in the sense that the key owner makes sure the public does not have access to it. The public key is public in the sense the owner makes it freely available to the public. An example is helpful.

How Does A Digital Signature Work? Suppose Alice wants to digitally sign an e-mail. She runs a “hash function” on the message. This turns the message into a sequence of letters and numbers, called the message digest. Each message is associated with a unique message digest. Asymmetric encryption is slow. It is not ideal for encrypting a whole message. So what you encrypt is the much shorter message digest. The point is not secrecy, but signature.

Signing the Message Alice runs the encryption program on the combination of the private key and the message digest. She attaches the result to the e-mail, and sends it to Bob. She may also attach the public key. This is the signature. To see why it works like a signature, consider what Bob does.

Bob’s Response Bob runs the encryption program on the combination of the public key and the message digest. Doing so can only decrypt something encrypted with the private key, so, if decryption is successful, the recipient knows the message came from Alice—or, more exactly, someone in possession of Alice’s private key. We are assuming that Bob knows that the public key is Alice’s. This is the sense in which the message is signed. Like a handwritten signature, the digital signature indicates the message is from the “undersigned.”

More Than A Signature Bob then runs the hash function on the message itself. If the result matches the unencrypted message digest, Bob knows that the message was not altered in transmission. This is better than a signature, which does not do anything to indicate that the message was not altered in transmission.

Public Keys and Identity We assumed that Bob knows that the public key he uses is Alice’s. How does he know this? A certification authority verifies that the public key is Alice’s Alice has previously registered with the certification authority, at which time she provided proof of her identity.

Cost of Certification Authorities Certification authorities add cost and complexity When is the cost and complexity justified? When the benefits exceed the costs When is that?

Role of Handwritten Signatures Why do we use handwritten signatures? To avoid fraud; to show that the signer at least saw the document; to secure a signature with recognized legal consequences. Written documents ensure integrity (note: not a function of the signature). Digital signatures make sense where they are needed To ensure legal validity; To ensure message integrity.

Fraud Where is there sufficiently likelihood of fraud? Typically not in: an established relationship; or, in the consumer use of the credit card system in online contracting. Digital signatures have not proven popular in consumer online contracting. You do see a significant use of digital signatures in in large value financial transactions, and in electronic payments systems. But used to establish identity, not to contract.

Digital Signature Risks Inadequate revocation lists In theory, CA’s keep lists of revoked certificates; in practice they do not. In addition, technology is inadequate to allow real time access to these lists Adequately protected private keys Private keys are often stored on hard drives

Statutory Treatment There are three types of statute First: Any electronic symbol will do. Rhode Island: “Electronic signature" means an electronic identifier, created by a computer, and intended by the party using it to have the same force and effect as the use of a manual signature.” Similar approaches in: Colorado, Florida, Illinois, Indiana, Mississippi, New Hampshire, North Carolina, Texas, Virginia.

Statutory Treatment Second: the California model of five requirements. A signature must be: (1) unique to the person using it; (2) capable of verification; (3) under the sole control of the person using it; (4) linked to the data in such a way that changes in the data invalidate the signature; (5) in conformity with any other regulations adopted by the Secretary of State.

Statutory Treatment Third: The Utah model. This approach refers explicitly to asymmetric encryption, sets up rules for certification authorities, and assigns risk in a variety of eventualities.

The E-Sign Statute The Federal E-Sign statute governs some aspects of electronic signatures An “electronic sound, symbol, or process attached to or logically associated with a contract or other record, and executed or adopted by a person with the intent to sign the record.” 15 USC Section 7006(5)

Illinois Commerce Security Act 15 USC section 7002(a)(2)(A)(ii) preempts state laws that that are not technology neutral Illinois’s Act favors public key encryption in sections 175/15 – 101 and 105 and is thus preempted Preexisting state legislation is clearly preempted under 15 USC 7002(a)(2)(B)

What Illinois May Still Do It may still require public key encryption for state procurement, 15 USC 7002(b) It may impose stricter state filing requirements than the Federal requirement; this may include requiring public key encryption, 15 USC 7004(a)

Effect of E-Sign The effect may be a slower, more decentralized development of electronic signature infrastructure and business practices No Federal mandate for a particular technology, preemption of state mandates Business considerations may of course lead to a rapid development of a particular technology, but it looks like the opposite is happening