Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.

Published byAugustine Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University."— Presentation transcript:

1 IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University

2 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 2 Problem 4.4 Textbook, p. 166 F Professor Pedro (Brazil) buys books at rein.com (Germany), a company owned by rivers.com (USA). F Prof Pedro’s order triggered an automatic computer-generated order addressed to East Publishing Co., an American firm. F Prof Pedro personal information of his purchase sent to rivers.com for marketing purposes.

3 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 3 Class Discussion F What are the legal issues, which are raised by these activities? F Are there any special issues, which are due to the fact that these activities are done with the aid and/or by computers? F What are the important distinctions, which should be made for the analysis of this problem?

4 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 4 E-Comm - Critical Issues F Identification of trading partners and authentication F Applicable rules u Choice of Laws & Jurisdiction u Contracts and Consumer Protection u Privacy protection

5 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 5 E-Commerce - Phases Phase 2:Tele-Shopping Phase 1:EDI Phase 3: Electronic Commerce

6 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 6 Electronic Commerce Contract formation acceptance offer Full electronic commerce -’soft goods’ Payment performance order eCatalogue Delivery of goods Digi-cash payment Tele-Shopping Digital contract

7 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 7 E-Comm - Closed Systems F trading partners are identified and known F a pre-defined contract set up the trade rules F typical systems –EDI - Electronic Data Interchange –SWIFT - International Fund Transfer

8 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 8 E-Comm - Open Systems open market trading for all F Global market F Virtual trading partners F Micro-Commerce

9 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 9 E-Commerce Systems

10 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 10 Law Reforms Principles - 1 F Neutrality Principle Laws should work with whatever technology, science and commercial practices might develop.

11 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 11 Law Reforms Principles - 2 F Non-discriminatory principle Records, legal acts or authentication may not be denied legal effect, validity or enforceability solely on the ground that they are electronic.

12 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 12 International Initiatives E-Commerce Model Law, 1996 E-Commerce Committee July 97 - White House paper UCITA - UETA, 1999 Digital Signature Act, 2000 Jul 95 - Information Society 1999 - Digital Signature Directive UNCITRAL

13 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 13 E-Commerce Legislation F UNICITRAL Model Law on Electronic Commerce 1996 F UETA 1999 –Uniform Electronic Transaction Act F Digital Signature Legislation –Third Millennium Electronic Commerce Act 1999 F UCITA 1999 –Uniform Computer Information Transaction Act –UCC Article 2B on licensing

14 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 14 Critical Legal Terms F Re-definition of critical terms –writing –document –signature –bill –notice etc.

15 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 15 Digital Signature - 1 F identify the messenger –unique to a person –under one’s control F authenticate the message

16 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 16 eSig - Attribution F " Attribution procedure" means a procedure to verify that an electronic authentication, display, message, record, or performance is that of a particular person or to detect changes or errors in information. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment. F Sec. 102, Uniform Computer Information Transactions Act 1999

17 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 17 Digital Signature - 2 F achievable by employing public-key encryption –e.g. RSA algorithm –needs a trusted-third-party (TTP) or a certification authority to be effective F Alternative - Bio-metric identity –e.g. Iris check or finger-print etc.

18 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 18 Simple Encryption plain-text encrypt cypher-text decrypt plain-text secret key

19 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 19 Public-Key Encryption RSA Algorithm

20 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 20 The Need for Certification Authorities F The effectiveness of certification authorities are based on trust F Digital certificates are used to authenticate a person or organization with a public key –The role of the certification authority is to provide this link between a unique private/public key pair and the actual identity of a group or individual –The certification authority actually provides certificates which are computer-based records that identify a subscriber and contain the subscriber's public key

21 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 21 Electronic Signature Certification Electronic Signature Certification F ”Certificate" –means an electronic attestation which links signature-verification data to a person and confirms the identity of that person F “Certification-service-provider” –means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures; F European Directive on a Community framework for electronic signatures ( 1999/93/EC, 13 December 1999)

22 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 22 Digital Certificate Process F A private/public key pair is generated on a trustworthy system. F The public key along with personal identification information, such as passport, birth certificate or drivers license, are taken to the CA. F The CA verifies the person's identity. F The CA creates a digital certificate consisting of the person's public key. F This information is then digitally signed by the CA using the CA's own private key. This allows anyone with the CA's public key to be able to decrypt the digital certificate and identify the sender.

23 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 23 Authentication Procedure Provider Customer Key Key TTPCertificationAuthority

24 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 24 Authentication Procedure ProviderCustomer TTPCertificationAuthority Message + Key Key OK Message + Key Key OK

25 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 25 Certification Authority Policies F A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. F Certificate policies allow infrastructures, Certification Authorities, and their subscribers to inter-operate at the appropriate trust levels.

26 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 26 TTP - Regulatory Modes F Private-sector- based supervision systems F Governmental supervision –CA Rules prescribed in legislation F US: eSig Act –Does not regulate CA –Self regulated industry u e.g. Verisign F EU: DigSig Directive –Option between governmental or self regulated supervision F State DigSig Laws –e.g. Utah, California

27 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 27 Digital Signature State Legislation F Utah –Most of Utah's bill deals with the regulation of certification authorities. –Utah's Digital Signature Act specifies the required use of public/private cryptography as a way of safely transferring information. –Only lawyers and banks will be allowed to function as certification authorities. F California –California Digital Signature Regulations –“Certification Authority" means a person or entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate. –The Regulations define the requirements for CA

28 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 28 EU - CA Regulations F Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. F Set-up the rules and requirements for the operation of CA –Annex II of the Directive –Article 8 - Data protection u Member States shall ensure that certification-service- providers and national bodies responsible for accreditation or supervision comply with the requirements laid down in Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data

29 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 29 EU - Requirements for CA - 1 F ensure the operation of a prompt and secure directory and a secure and immediate revocation service F ensure that the date and time when a certificate is issued or revoked can be determined precisely F verify, by appropriate means in accordance with national law, the identity person to which a qualified certificate is issued

30 © 2001 Victor H. Bouganim, WCL, American University IBT - Intro - 30 EU - Requirements for CA - 2 F employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided F use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them F take measures against forgery of certificates, and guarantee confidentiality

Download ppt "IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Electronic commerce EDI (8 decade) – base of EC. 1994 – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.

Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CHAPTER Current Future Contract Law for E-Commerce Current Future Contract Law for E-Commerce 9.

CHAPTER Current Future Contract Law for E-Commerce Current Future Contract Law for E-Commerce 9.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptographic Technologies

Cryptographic Technologies
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.

In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Similar presentations

Ads by Google