DIGITAL SIGNATURE.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Isiah Collins. mathematical scheme for demonstrating the authenticity of a digital message or document. (Wiki) A way to protect important documents sent.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Trusted Electronic Transactions.  Why conduct transactions electronically?  Three Characteristics that ensure trust in electronic transactions  How.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Cryptographic Technologies

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Cyber Law & Islamic Ethics

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Digital Signatures. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies are as good as original.

Chapter 10: Authentication Guide to Computer Network Security.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

John A. Coates, P.E., Administrator Wastewater Compliance Evaluation Section, Office of Wastewater Management Florida Department of Environmental Protection.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Welcome to the Introduction of Digital Signature Submitted By: Ankit Saxena.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

DIGITAL SIGNATURE(DS) IN VIDEO. Contents  What is Digital Signature(DS)?  General Signature Vs. Digital Signatures  How DS is Different from Encryption?

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

TAG Presentation 18th May 2004 Paul Butler

Key management issues in PGP

Public Key Infrastructure (PKI)

Unit 3 Section 6.4: Internet Security

TAG Presentation 18th May 2004 Paul Butler

e-Health Platform End 2 End encryption

S/MIME T ANANDHAN.

Digital Signature.

Digital Signatures and Forms

Best Digital Signature Service in Noida. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies.

Electronic Payment Security Technologies

Presentation transcript:

DIGITAL SIGNATURE

CAN ELECTRONIC DATA BE TRUSTED? Accuracy and Authenticity Decisions regarding Environmental Health and Impact Security Protection from unauthorized access Tamper-resistant Accidental – human errors Intentional - Fraud Credibility in Judicial Proceedings Effective Enforcement Plaintiff/Defendant Subpoena

TRUST IN PAPER-BASED REPORTS

ELECTRONIC REPORTING

WHAT IS DIGITAL SIGN A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering

Why to use digital signature AUTHENTICATION: the ability to prove the sender’s identity 2. REPORT INTEGRITY: the ability to prove that there has been no change during transmission, storage, or retrieval 3. NON-REPUDIATION: the ability to prove that the originator of a report intended to be bound by the information contained in the report

Where to use digital signature On a agreement with authenticity On a formal email On a article

HOW TO USE DIGITAL SIGNATURE Digital Signatures Public Key Infrastructure

Public Key Infrastructure (PKI) PKI is a combination of software, encryption technologies and facilities that can facilitate trusted electronic transactions. PKI Components Key Pairs Certificate Authority Public Key Cryptography

Key Pairs A “key” is a unique digital identifier Keys are produced using a random number generator A “key pair” consists of two mathematically related keys The private key is secret and under the sole control of the individual The public key is open and published

Certificate Authority A trusted authority Responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary The “Passport Office” of the Digital World

Digital Signatures Private key Report Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate.

Authentication and Verification The individual’s public key, published by the CA decrypts and verifies the digital signature. Public Key Decryption Algorithm Digitally Signed

Authentication and Verification Any changes made to the report will invalidate the signature Provides evidence of report integrity Provides proof of report originator’s identity - Authentication

Security in Transmission Secure Socket Layer (SSL) https Submission is encrypted by the sender with recipient’s public key After receipt, submission is decrypted with recipient’s private key

ACHIEVING TRUST IN ELECTRONIC REPORTS

What Should Be Signed ? Balance between capturing the entire content of the transaction vs. ease of data integration Data that is Machine readable but which separates user entry content from context: database, comma delimited, spreadsheet, etc Data that records content and context but which are not easily integrated into databases: word, pdf, image, html, etc

Granting Public Access to paper reports Public comes into agency office Public provides driver’s license or other identification Agency can monitor who is accessing data

Providing Trusted Electronic Access to Data Identity of user is unknown Access cannot be monitored Relying on the Certificate Authority

Applying PKI to Public Access Digital Certificate Public In order to obtain access to Community Right to Know Data, individuals first obtain digital Certificates.

Digital Certificates Public Agency After contributing a certificate to gain access, The individual’s certificate can be cross-referenced with other security databases to monitor suspect individuals.

Summary: Electronic Report Transactions are subject to fraud and easily repudiated: Unsigned Web forms can be sent by anyone. They can be tampered in transmission and the sender can’t be legally verified Unsigned Data in a database can be altered and does not provide adequate evidence in a court of law Data on Diskette can be altered without visible evidence

Conclusion, cont. 2. PKI supports trusted access to Public Data: Agencies require individuals to contribute digital certificates in order to gain access. Agencies can track who gains access at what time The names of individuals who seek access can be cross-referenced with additional security databases to protect public safety

Conclusion, cont. 3. Complete Archiving ensures that a legal record of a transaction can be trusted : Non-repudiation- Storing a copy of the entire data (including questions on the form) with the digital signature.