IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CHAPTER Current Future Contract Law for E-Commerce Current Future Contract Law for E-Commerce 9.
Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptographic Technologies
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Workshop Ankara, –  Introduction  Legal background in Slovenia  Usage areas  Accreditations and supervision  REM service.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
National Smartcard Project Work Package 8 – Security Issues Report.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Copyright ©1997 NetDox, Inc. All Rights Reserved. CONFIDENTIAL 1 DATE HERE Julie Grace - NetDox, Inc. Emerging Internet Commerce.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Legislation, Regulation, Guidelines
Selected problems of the e-signature law and of its implementation Doc. RNDr. Daniel Olejár, CSc. Department of computer science Comenius University, Bratislava.
E-Signatures The Community framework on e-signatures (Directive 1999/93/EC) Dr Ioannis Iglezakis Visiting Lecturer University of Thessaloniki, Greece.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
11 – E-Commerce 1. What is Electronic Commerce? 2. What is a contract? 3. Elements of an enforceable contract 4. Standard terms of a contract 5. Form and.
Secure Electronic Transaction (SET)
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography, Authentication and Digital Signatures
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Encryption / Security Victor Norman IS333 / CS332 Spring 2014.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
DIGITAL SIGNATURE.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
IBT - E-Commerce Contracts Issues Victor H. Bouganim WCL, American University.
LECTURE – V e-COMMERCE İstanbul Commerce University Vocational School.
Electronic Signatures CTO Workshop January 6, 2005 System Computing Services.
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
TAG Presentation 18th May 2004 Paul Butler
Electronic Transactions & Authentication
TAG Presentation 18th May 2004 Paul Butler
Digital Signatures and Forms
Legislation, Regulation, Guidelines
Presentation transcript:

IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 2 Problem 4.4 Textbook, p. 166 F Professor Pedro (Brazil) buys books at rein.com (Germany), a company owned by rivers.com (USA). F Prof Pedro’s order triggered an automatic computer-generated order addressed to East Publishing Co., an American firm. F Prof Pedro personal information of his purchase sent to rivers.com for marketing purposes.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 3 Class Discussion F What are the legal issues, which are raised by these activities? F Are there any special issues, which are due to the fact that these activities are done with the aid and/or by computers? F What are the important distinctions, which should be made for the analysis of this problem?

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 4 E-Comm - Critical Issues F Identification of trading partners and authentication F Applicable rules u Choice of Laws & Jurisdiction u Contracts and Consumer Protection u Privacy protection

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 5 E-Commerce - Phases Phase 2:Tele-Shopping Phase 1:EDI Phase 3: Electronic Commerce

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 6 Electronic Commerce Contract formation acceptance offer Full electronic commerce -’soft goods’ Payment performance order eCatalogue Delivery of goods Digi-cash payment Tele-Shopping Digital contract

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 7 E-Comm - Closed Systems F trading partners are identified and known F a pre-defined contract set up the trade rules F typical systems –EDI - Electronic Data Interchange –SWIFT - International Fund Transfer

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 8 E-Comm - Open Systems open market trading for all F Global market F Virtual trading partners F Micro-Commerce

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 9 E-Commerce Systems

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 10 Law Reforms Principles - 1 F Neutrality Principle Laws should work with whatever technology, science and commercial practices might develop.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 11 Law Reforms Principles - 2 F Non-discriminatory principle Records, legal acts or authentication may not be denied legal effect, validity or enforceability solely on the ground that they are electronic.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 12 International Initiatives E-Commerce Model Law, 1996 E-Commerce Committee July 97 - White House paper UCITA - UETA, 1999 Digital Signature Act, 2000 Jul 95 - Information Society Digital Signature Directive UNCITRAL

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 13 E-Commerce Legislation F UNICITRAL Model Law on Electronic Commerce 1996 F UETA 1999 –Uniform Electronic Transaction Act F Digital Signature Legislation –Third Millennium Electronic Commerce Act 1999 F UCITA 1999 –Uniform Computer Information Transaction Act –UCC Article 2B on licensing

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 14 Critical Legal Terms F Re-definition of critical terms –writing –document –signature –bill –notice etc.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 15 Digital Signature - 1 F identify the messenger –unique to a person –under one’s control F authenticate the message

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 16 eSig - Attribution F " Attribution procedure" means a procedure to verify that an electronic authentication, display, message, record, or performance is that of a particular person or to detect changes or errors in information. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment. F Sec. 102, Uniform Computer Information Transactions Act 1999

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 17 Digital Signature - 2 F achievable by employing public-key encryption –e.g. RSA algorithm –needs a trusted-third-party (TTP) or a certification authority to be effective F Alternative - Bio-metric identity –e.g. Iris check or finger-print etc.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 18 Simple Encryption plain-text encrypt cypher-text decrypt plain-text secret key

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 19 Public-Key Encryption RSA Algorithm

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 20 The Need for Certification Authorities F The effectiveness of certification authorities are based on trust F Digital certificates are used to authenticate a person or organization with a public key –The role of the certification authority is to provide this link between a unique private/public key pair and the actual identity of a group or individual –The certification authority actually provides certificates which are computer-based records that identify a subscriber and contain the subscriber's public key

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 21 Electronic Signature Certification Electronic Signature Certification F ”Certificate" –means an electronic attestation which links signature-verification data to a person and confirms the identity of that person F “Certification-service-provider” –means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures; F European Directive on a Community framework for electronic signatures ( 1999/93/EC, 13 December 1999)

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 22 Digital Certificate Process F A private/public key pair is generated on a trustworthy system. F The public key along with personal identification information, such as passport, birth certificate or drivers license, are taken to the CA. F The CA verifies the person's identity. F The CA creates a digital certificate consisting of the person's public key. F This information is then digitally signed by the CA using the CA's own private key. This allows anyone with the CA's public key to be able to decrypt the digital certificate and identify the sender.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 23 Authentication Procedure Provider Customer Key Key TTPCertificationAuthority

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 24 Authentication Procedure ProviderCustomer TTPCertificationAuthority Message + Key Key OK Message + Key Key OK

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 25 Certification Authority Policies F A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. F Certificate policies allow infrastructures, Certification Authorities, and their subscribers to inter-operate at the appropriate trust levels.

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 26 TTP - Regulatory Modes F Private-sector- based supervision systems F Governmental supervision –CA Rules prescribed in legislation F US: eSig Act –Does not regulate CA –Self regulated industry u e.g. Verisign F EU: DigSig Directive –Option between governmental or self regulated supervision F State DigSig Laws –e.g. Utah, California

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 27 Digital Signature State Legislation F Utah –Most of Utah's bill deals with the regulation of certification authorities. –Utah's Digital Signature Act specifies the required use of public/private cryptography as a way of safely transferring information. –Only lawyers and banks will be allowed to function as certification authorities. F California –California Digital Signature Regulations –“Certification Authority" means a person or entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate. –The Regulations define the requirements for CA

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 28 EU - CA Regulations F Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. F Set-up the rules and requirements for the operation of CA –Annex II of the Directive –Article 8 - Data protection u Member States shall ensure that certification-service- providers and national bodies responsible for accreditation or supervision comply with the requirements laid down in Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 29 EU - Requirements for CA - 1 F ensure the operation of a prompt and secure directory and a secure and immediate revocation service F ensure that the date and time when a certificate is issued or revoked can be determined precisely F verify, by appropriate means in accordance with national law, the identity person to which a qualified certificate is issued

© 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 30 EU - Requirements for CA - 2 F employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided F use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them F take measures against forgery of certificates, and guarantee confidentiality

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.