1 / 46

Digital Signature & ETA 2063

ICT Conference 2008, Makwanpur. Digital Signature & ETA 2063. Government of Nepal Ministry of Environment, Science & Technology Office of Controller of Certification. Digital Signature. Rajan R. Pant Controller Office of Controller of Certification. Digital vs. Manual.

kiri
Download Presentation

Digital Signature & ETA 2063

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ICT Conference 2008, Makwanpur Digital Signature & ETA 2063 Government of Nepal Ministry of Environment, Science & Technology Office of Controller of Certification

  2. Digital Signature Rajan R. Pant Controller Office of Controller of Certification

  3. Digital vs. Manual

  4. We've been using paper forever. Why shouldn't I just continue with paper?

  5. Paper is familiar, but paper is expensive to buy to store and to dispose, requires lots of filing cabinet space • Paper files are often misplaced • theft, fires and disgruntled or forgetful employees can cause the loss of your valuable paper records

  6. Why not just use faxes? Everybody's got a fax these days.

  7. Recipient’s Fax may have different problems • print a document just to fax it, which wastes paper and your money • can be read or mistakenly picked up by others • send the fax to more than one party, the wasted time and phone charges add up quickly.

  8. Overnight and second day delivery is pretty fast. Why not just use regular mail, courier?

  9. The costs of printing, addressing an envelope, paying postage and then waiting for pickup and delivery are simply much higher than using secure document delivery. • When the post office or courier office has closed for the day, then ?. • Would you rather pay a little to send your documents for signature in just 5 seconds, or pay Rs. 10 to Rs. 3000 roundtrip to do the same thing using a courier in a 172,800 seconds (two days!)?

  10. Email is free. Why would I want to pay to send my business correspondence?

  11. Using email is like sending your documents on a postcard, but worse: lots of people and computers you don't trust can read, copy and archive your email while it moves across the Internet and there's no way for you to detect it. • email was not designed for security, it is clogged with spam, viruses and forged messages, including making it easy for people to impersonate you.

  12. I don't think electronic signatures prove the identity of the signer as well as handwritten signatures.

  13. few people have signature cards on hand to verify a handwritten signature, and fewer still are trained to detect forgeries. • With the advent of high resolution printers, scanners and copiers, it's very easy to make a perfect copy of even the most complex handwritten signature and include it on any document. • electronic signatures cannot be copied and used on other documents. In the end, it is up to your business processes to weigh the risks and rewards on any transaction.

  14. Aren't handwritten signatures more legal than Digital Signatures?

  15. Absolutely not. Various laws have endorsed electronic signatures for years now. • And more countries are adopting it.

  16. Problems with paper-based signatures • Recipient's Presence • Chances of modification • Quality of the pen or the paper can affect how your handwritten signature appears. • Faxes are often hard to read and need to be photocopy to store it. • Detection of fraud signature is problem • Tracking of document • Lost of paper may create the problem

  17. Can't I just use an image of my signature and be done with it?

  18. Absolutely not! Images of handwritten signatures make fraud even easier because it's so easy to copy an image and use it repeatedly on other forged documents. • Digital signatures look nothing like your handwritten signature.

  19. Handwritten Signature

  20. Only electronic originals are legally binding because they can be checked using trusted software to determine if they are authentic or not

  21. What is Digital Signature ? • A digital signature is an electronic signature produced by using the PKI method.

  22. What is a digital signature? • With a digital signature it is possible to verify that the recipient receives the message in its original form and that the signer is who he or she claims to be. • The creator of the digital signature has a private key, which is needed to sign the message. The recipient of the message has signer's public key, which can be used to verify the signature. • Digital signatures are based on the Public Key Infrastructure (PKI) and the use of asymmetric encryption methods and hash functions.

  23. Digital Signatures • Pair of keys for every entity One Publickey – known to everyone One Private key – known only to the possessor

  24. Digital Signatures • To digitally sign an electronic document the signer uses his/her Private key. • To verify a digital signature the verifier uses the signer’s Publickey.

  25. Public Document Document Document PKA Document CONFIRMED Digital Signature Digital Signature Digital Signature • Digital Signature • The message is encrypted with the sender’s private key • Recipient decrypts using the sender’s public key Private SKA

  26. Confidential Encrypted Message ENCRYPT Message + signature withReceiver’s Public Key DECRYPT Message + signature withReceiver’s Private Key Signed Message Hash Signed Messages Message Hash Using Hash function on the message Sent thru’ Internet Message + signature Message + Signature Using Hash Function COMPARE Hash SIGN hash WithSender’s Private key VERIFY Signature WithSender’s Public Key Sender Receiver

  27. What are digital signatures used for? Or its Advantages • Identification & Authentication • Data Integrity • Non-Repudiation

  28. Identification & Authentication • The identity of the signer of a transaction is known and can be proven to third party • The signature is linked to the user.

  29. Data Integrity • The signature is linked to the data being signed such that if the data is changed, the signature is invalidated.

  30. Non-Repudiation • The signer cannot deny having signed the transaction because the signature is linked to the user and the data.

  31. Why Does the Government need Digital Signature? • Authorization • Securing Source Data Entry • Securing data Transfer

  32. What kind of keys are used in creating digital signatures? • The public key encryption is used in creating digital signatures. The public key encryption is based on the use of key pairs (private/public).

  33. Public key Infrastructure • Each party is assigned a pair of keys – private – known only by the owner public - known by everyone • Information encrypted with the private key can only be decrypted by the corresponding public key & vice versa • Fulfils requirements of confidentiality, integrity, authenticity and non-repudiability • No need to communicate private keys

  34. Applications • Electronic mail system. • Identity of the signer and the integrity of the signed information • Electronic funds transfer systems. • It is often necessary to affix a time stamp to a document in order to indicate the date and time at which the document was executed or became effective electronic funds transfer systems

  35. Applications • Electronic Data Interchange (EDI) • Replacement of handwritten signatures, for instance, contracts between the government and its vendors could be negotiated electronically. • The distribution of software • A digital signature could be applied to software after it has been validated and approved for distribution.

  36. Applications • A variety of database applications to provide integrity. • For example, information could be signed when it was entered into the database. To maintain integrity, the system could also require that all updates or modifications to the information be signed.

  37. Use of digital signature ensures: • Verifies for accidental corruption • Verifies for malicious modification • Verifies for data authenticy - data authenticates to originate from source using public key • Ensures confidentiality without a shared secret key.

  38. Security

  39. SCOPE OF AUDIT • Adequacy of security policies and implementation thereof • Existence of adequate physical security • Evaluation of functionalities in technology as it supports CA operations • CA's services administration processes and procedures • Compliance to relevant CPS as approved and provided by the Controller • Adequacy of contracts/agreements for all outsourced CA operations • Adherence to Information Technology Act, 2063 the rules and regulations there under, and guidelines issued by the Controller from time-to-time

  40. Thank you

More Related