1 / 32

The Authenticity Behind AIC’s Digital Signature

The Authenticity Behind AIC’s Digital Signature. Overview. The possibilities of new technologies The security challenges of new technology Overview of Federal, Provincial « e legislation » What’s a digital signature based on PKI technology

phoebe-sykes
Download Presentation

The Authenticity Behind AIC’s Digital Signature

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Authenticity Behind AIC’s Digital Signature

  2. Overview The possibilities of new technologies The security challenges of new technology Overview of Federal, Provincial « e legislation » What’s a digital signature based on PKI technology The challenge : linking digital signatures and professional title

  3. The possibilities of “e” data exchange and transactions Faster Reliable Available Portable Easy Completes the cycle of computerisation

  4. The security challenges Authentication Authorization Non-repudiation Data integrity Privacy

  5. Federal law (PIPEDA) Electronic signatures are accepted A secure electronic signatures should have the following qualities : The electronic signature is unique to the person The use of the electronic signature is under the sole control of the person The technology or process can be used to identify the person The link between the electronic signature and the document protects the document’s integrity

  6. Provincial legislation overview “Electronic” signatures are accepted It’s all a question of proof i.e. : Can the identity of the signatory be confirmed ? Is the signatory authorized to sign and seal ? Can the link between the digital document and the signatory be proven? Can the data integrity be guaranteed?

  7. Not all electronic signatures are equal! • An electronic signature is NOT a digital signature. • A digital signatue is one form of electronic signature. • Both are not equal…

  8. What about a scanned signature? • It’s a form of electronic signature • It does not provide data integrity • Anyonethat has yourscanned signature can use it

  9. What about password protection with a scanned signature? • It’s a form of electronic signature • It doesprovidesweak data integrity • For example, if youpasswrodprotect a pdf file, have youeverdone a search on Google with « pdf and crack »? • Still, anyonethat has the image of your signature canalsopasswordprotect a document withyour signature…

  10. The technological solution Asymmetric key cryptography managed by a trusted certificate authority

  11. Digital signatures explained • Digital signatures uses asymetric key cryptography. • It provides a garantee to a recipient that the signed data (electronic document) came from the person who signed it. • It provides a garantee to a recipient that the signed data was not altered since it was signed.

  12. Digital signatures explained • Aymetric key works in key pair. One key is a signing key (private key), one is a public key (verification key)

  13. How it works • The sender starts the process by talking a mathematical summary (called a hash) of the data with (task performed by your digital signature software signature software) • This hash is a uniquely identifying fingerprint of the data (even a single bit of data changes, affects the hash)

  14. How it works • Next the sender encrypts the hash code with their private signing key (task perfomed by the encryption software) • The sender can then archive and send the data which is now linked with the encrypted hash code

  15. How it works • The hash code is considered a signature because only the signer, using their private key, could have generated the code. • The next steps explains how a digital signature can be verified

  16. How it works • Upon receipt of the data (electronic document) the recipient can verify that the hash code was encrypted by the sender by decrypting the hash using the sender’s verification public

  17. How it works • The recipient, having possession of what presumably is the original data, uses the data to generate a new hash code

  18. How it works • The new hash code and the decrypted hash code are compared. If both are the same, they have forcibly been generated by the same integral source of data.

  19. The certificates • How to be sure of the link between the public key and its owner? • By associating the public key and its owner with a certificate!

  20. The Certificate Authority • How to be sure that the information contained in the certificate is valid? • By having the information in all certificates guaranteed by a certificate authority.

  21. The partnership between the AIC and Notarius: • Confirms the identity of a digital signature service subscriber • Confirms and maintain the professional title designation with the digital signature

  22. The partnership between AIC and Notarius provides • Identity verification (in person or via documented verification) • CONFIDENCE and TRUST are the basis and the purpose of the system: to protect the public and the Appraiser • The confirmation of the link between the identity of the beholder of the private key and his professional status (detaining the appropriate permit to practice) can only be made by the AIC

  23. Features • Identity (guards against identity theft) • Authorization (Appraiser’s professional title) • Integrity (fraud prevention) • Non-repudiation • Confidentiality (protection against data mining)

  24. Benefits • Time Saving: • Click/Sign (no more handwritten signatures) • Click/Send • Money Saving: • No printing (paper, toner, binding, handling, courier, paper archives) • Fully compliant electronic archives • Protects sensible information • Increases corporate security

  25. Cost Digital Signature Regular rates Between May 1st and 31st 2009

  26. What’s included • A complete architecture: • Secure and available infrastructure • All the necessary resources for the management, maintenance and upgrade of the infrastructure • The digital signature toolkit: • Your digital certificate (electronic ID) • The cryptographic application (Entrust Enteligence) • PDF995 • ConsignO • All upgrades and updates • End user phone support (Monday – Friday 8:30 to 17:00 EST.)

  27. Notarius offers • Tried and proven CA • Operational since 1998 • Trusted CA for Notaries, Appraisers, Technicians, land surveyors, Engineers, Architects etc. • Trusted CA • Financial institution • Governmental recognition • Dedicated to professionals • A non profit organization (not profit driven) • Notarius is accredited ISO 9001-2000 • Notarius’s PKI is accredited ISO 27001

  28. How to subscribe • Fill in a subscription form • Have your subscription form witnessed (signed) by another member in good standing of AIC • Transmit the subscription form and photocopy of two pieces of Valid ID’s to AIC • Your activation codes will be delivered in a sealed envelope via Express Post

  29. Easy to use There’s nothing like a live demo For online demos : http://www.notarius.com/en/online_demos.html

  30. Recap • Legal requirements • Professional requirements • The technological answer: digital signatures • The AIC’s mission (protection of the public) • The need to incorporate the professional status into digital signatures • Allowing members to move from a paper environment to a “compliant” electronic environment efficiently • Integration with everyday use

  31. Thank you for your timePlease come visit us at our booth for more information and to take advantage of our May promotion

  32. Questions? infoicp@notarius.com Toll free 1-800-567-6703or 1-888-588-0011 ext.1211 Charles.tremblay@notarius.com

More Related