1 / 20

Digital Signature and Public Key Infrastructure

Digital Signature and Public Key Infrastructure. Course: COSC513-01 Instructor: Professor Anvari Student ID: 106845 Name: Xin Wen Date: 11/25/00. Content. Introduction Digital Signature and information security Public key cryptography Digital Signature components & processes

blaine
Download Presentation

Digital Signature and Public Key Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Signature and Public Key Infrastructure Course: COSC513-01 Instructor: Professor Anvari Student ID: 106845 Name: Xin Wen Date: 11/25/00

  2. Content • Introduction • Digital Signature and information security • Public key cryptography • Digital Signature components & processes • Public key infrastructure(PKI) & its Flow

  3. Introduction • Paperless office • Cultural tradition • Tangible paper • Handwritten signature • Sealed envelopes etc. • Lack of legal admit • Lack of infrastructure to support it • Technology

  4. The Internet and electronic commerce • Internet • Lack of sufficient information security • Lack of framework to enable electronic commerce • Public key cryptography technology • Legal recognition of digital signatures • The elimination of paper becomes true

  5. Fundamental requirement • Sender authenticity • Message integrity • Non-repudiation • Signature formalities

  6. Satisfying the requirements in electronic commerce • The purpose is to • Protect the message • Not the medium • No way to make a secure environment • The availability and affordability of the public network • Secure the message • Base on public key cryptography • Utah Digital Signature Act is the first one

  7. Digital Signatures & information security • A digital signature is not • a digitized image of a handwritten signature • like the UPS signature • Signature is digitized • Image is transferred to electronic document • Once captured, can be easily copy and paste • A digital signature is • An actual transformation of an electronic message using public key cryptography • Tied to the signed document and signer, not reproducible • Legal admitted • Contract can be done over internet

  8. The basic principles • All data entered into a computer is read as a binary number. • For example: “Jack and Jill went up the hill • The computer read it as:”1000111010100111000101” etc • Perform mathematical functions on the number • Messages be transformed to alternate representations unique to the original one

  9. Public key cryptography • Employs an algorithm using two different but mathematically related “keys” • One (primary key) for creating a digital signature or transforming data into a seemingly unintelligible form • Another key (public key) for verifying a digital signature or returning the message to its original form

  10. Public key cryptography • Also termed as asymmetric key cryptography • Involves an asymmetric key pair • Public key: freely disseminated; no need of confidential • Private key: must keep secret • Characteristics of the key pairs • Mathematical related, but impossible to calculated each other • Each key perform the inverse function of the other, one key does only that the other can undo

  11. Digital Signature components • Digital signatures are based on asymmetric, public key cryptography • The digital signing and verification processes involve a hash algorithm and a signature algorithm(extremely complex math equation)

  12. 100 Original Message *2 Hash Algorithm = 200 MessageDigest(fingerprint) *2 Signature Algorithm = 400 Digital Signature (*2 is primary key) a digital signature has nothing to do with the signer’s name or handwritten signature An actual transformation of the message itself , and that is “secret” only known by the signer Tied to both the signer and the message being signed. Digital Signature components

  13. Message Message Hash Function Message Digest Signature Function Digital Signature Signature Private Key Creating a digital signature

  14. Verifying a digital signature If the message digest are identical, the signature will verify, If they are different in any way, the signature will not verify. Message Hash Function Message Digest Digest Signature Signature Function Message Digest Signer’s Public Key

  15. Public key infrastructure • Using digital signature software • Generate a key pair • Release his public key to the on-line world • Use any identity he choose • Certification authority (CA) • A trusted third party • Guarantee individuals’ identities, • Guarantee their relationship to their public keys • (Bind their identities to the key pairs)

  16. Public key infrastructure • Digital certificates contains: • Name of the subscriber • The subscriber’s public key • The digital signature of the issuing CA • The issuing CA’s public key • Other pertinent information about the subscriber • Subscriber’s organization (e.g. his authority to conduct certain transactions.etc) • These certificates are stored in a on-line, publicly accessible repository

  17. PKI Process Flow Certification Authority Repository 3 1 2 6 5 Subscriber 4 Relying Party

  18. PKI Process Flow • Step1. Subscriber applies to Certification Authority for Digital Certificate • Step2. CA verifies identity of subscriber and issues Digital Certificate • Step3. CA publishes Certificate to Repository • Step4. Subscriber digitally signs electronic message with Private key to ensure Sender Authenticity, Message Integrity and Non-repudiation and sends to Relying Party • Step5. Relying Party receives message, verifies Digital Signature with Subscriber’s Public Key, and goes to Repository to check status and validity of Subscriber’s Certificate • Step6. Repository returns results of status check on Subscriber’ Certificate to Relying Party

  19. Digital signature applications • Any processes that requires strong authentication of both sender and contents of the message, and non-repudiation. • Such applications as • Purchase order systems • Automated forms processing contracts • Remote financial transactions or inquires

  20. Covers • Digital Signature • What it is • Basic principle • Its components • Create and verifying it • Its application • Public key cryptography • Definition • Character of key pairs • Public key infrastructure • PKI • PKI Process Flow

More Related