1 / 36

Digital Signatures and Public Key Infrastructure (PKI) Technology

Digital Signatures and Public Key Infrastructure (PKI) Technology April 11, 2002 Agenda Digital Signature Types PKI and Levels of Security How PKI Works Notarization Electronic Documents and PKI Demonstration of e-Recording Digital Signature Types Digital or Electronic Signatures

Jimmy
Download Presentation

Digital Signatures and Public Key Infrastructure (PKI) Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Signaturesand Public Key Infrastructure (PKI) Technology April 11, 2002

  2. Agenda • Digital Signature Types • PKI and Levels of Security • How PKI Works • Notarization • Electronic Documents and PKI • Demonstration of e-Recording

  3. Digital Signature Types

  4. Digital or Electronic Signatures Per US law “any signature in electronic form attached or logically associated to a record by a person with the intent to sign a record” Intent to be the equivalent of a handwritten “wet” signature Can use any number of authentication methods, separately or in combination

  5. Signature Definitions • Digital Signatures • Includes simple passwords or digitized images of handwritten signatures • Do not rely on cryptography • Not computer-readable characters • Electronic Signatures • Most full-featured and secure signature type • Electronically signed documents that rely upon public key cryptography (PKC) to authenticate identity • Can be encrypted for additional confidentiality

  6. Matching Technology to the Need • Integrity – the assurance that the message is whole, complete, and not changed in transmission • Nonrepudiation – neither party to the transaction can later claim that the transaction did not take place, or that the signature is not valid • Confidentiality – access to the content of the document is limited to authorized persons, thus eliminating the possibility for disclosure or theft of information or signatures • Authentication – provides the assurance that the person affixing a signature to an electronic document is, indeed, who he or she claims to be

  7. PKI and Levels of Security

  8. Paper vs. Electronic Delivery • Written signature • Document sealed in envelope • Check the seal to verify document has not been altered Electronic World: e.g. Email Delivery Channel Paper World: e.g. courier, snail mail Paper World Electronic World • Electronic Signature • Encrypt document • Perform a message digest/hashing algorithm to verify document has not been altered

  9. Public Key Cryptography (PKC) • PKI is based upon PKC, an internationally accepted method for securing electronic communications • PKC involves a pair of mathematically related keys • Very large prime numbers of 1024 characters in length • Public key • Distributed freely to anyone whom the public key owner wishes to communicate securely • Private Key • Known only by the signer • Used to sign a message that only the public key can verify

  10. Certification Authorities CERTIFICATE AUTHORITY Certificate authorities are central to authentication under PKI. They: • Issue private keys (digital certificates) • Maintain records of certificates issued • Identify and authenticate certificate holders • Maintain the directory of publicly available keys • Audit themselves and customers Can be either enterprise operated or by a trusted third party Vendors include VeriSign, GTE CyberTrust, others

  11. Private Keys or Digital Certificates • Contain • User id’s • Private key • Who certificate belongs to • When certificate expires • Storage • In a browser • On a piece of hardware such as a smart card or a plug-in USB device • Fees • Users pay an annual fee based on their level of security, liability limits also vary by level of security

  12. Examples of Levels of Security • High Level • Applicants must appear before a notary with 2 photo id’s • Notary submits info to certification authority • Authority reviews and assigns a digital identification in either a smart card or “key fob” that plugs into the USB port of the users PC • In addition, provided a pass phrase or an identification number • Initiating a transaction requires the smart card/key fob and the pass phrase/ identification number • Example: lawyers and healthcare professionals seeking confidential client records

  13. Examples of Levels of Security • Intermediate Level • Require storage of the certificate on a smart card or key fob • Do not require a notarized application • Example: accessing internal company network via laptop over the Internet • Standard Level • Apply for digital signatures online • Minimal verification • Loaded directly into the users browser • Really no security other than a person asking for it • Expected to replace state-issued passwords for electronic filing of tax applications and other common transactions

  14. Public Sector Developments • Washington and Illinois among the states first to rollout statewide implementations of PKI technology that allow citizens, businesses, and others to securely deal with government agencies over the web • Serving as their own Certification Authorities • Unlike departmental solutions, these systems are meant to give citizens on digital signature to use in online dealings with any state or local government department

  15. Concerns and Risks • Adopting business processes to accommodate new kind of signature • No case law: long-term legal enforceability of electronic contracts and agreements • Standard archiving needed • Electronic document or record must be accessible to inspection for generations as any paper legal document • Archiving used by governments must be available whatever software or hardware updates occur • Loss or theft of private keys

  16. How PKI Works

  17. Hashing or Message Digest • A message digest is produced by performing a hashing algorithm which is a calculation that reduces a document to a unique number • If the document changes in the slightest bit, so does the digest MESSAGE Hashing Algorithm MESSAGE DIGEST

  18. Signing and Encrypting a Message

  19. Secure Transmission • Public Key Cryptography is the internationally accepted method for securing electronic communications + = + = PRIVATE KEY ENCRYPTED MESSAGE PUBLIC KEY MESSAGE MESSAGE ENCRYPTED MESSAGE ASYMMETRIC KEYS Secure Transmission Electronic Signature

  20. Electronic Signature = + = DIGITAL FINGERPRINT SENDER’S PRIVATE KEY MESSAGE DIGEST Digital Signature • A electronic signature (i.e., digital fingerprint) is created by encrypting the message digest with the sender’s Private Key • An electronic signature confirms that: • Message came from the sender • Message was unaltered in transit Secure Transmission Electronic Signature

  21. Benefits of Electronic Signatures • Anyone who knows the public key can verify the correctness of the signature • Reduced possibility of fraud, forgery, or impersonation • Verification of document integrity • Encrypted message summary (hash) must match message content, otherwise digital signature is void • Digital signatures cannot be copied from one document to another as any changes to the message would void the signature

  22. e-Signatures – Risk Management

  23. Notarization

  24. Notarization • An important part of many signed docs is notarized acknowledgement to help protect the parties to a contract • Five components to a notarized acknowledgment • Personal appearance – allows notary to interact and observe the signer • Identification – notary relies on several means to make sure the person signing the document is who they say they are • Acknowledged by signer – before the notary, asserting they are authorized to sign and are not doing so under duress • Lack of duress – presence of third party helps prevent signatures under coercion or physical threat • Awareness – interacting with notary helps detect whether drugs, mental impairment, or other infirmity may have influenced decision to sign

  25. Digital Acknowledgements • For all practical purposes, identical to a digital signature • Can be created only by a notary with special credentials to do so • Instead of an embossed stamp, notary uses a special digital certificate • Many states still require the notary be physically present to fulfill the “personal appearance” requirement • This may change as digital documents become more commonplace, e.g, replaced by a video presence • A document that has been both signed and notarized will actually contain 2 digital signatures

  26. Electronic Documents and PKI

  27. The Future of Documents • Now transitioning to… • The Future

  28. Elements of a Document Kevin Paul Smith 3157 Willow Ln, Orangevale, CA (206) 555-1534 (206) 555-1234 December 11, 2001 x Denise Jones Kevin Paul Smith 6541 Miller Pl, Folsom, CA $236,000 $212,400 Home Town Bank North half of Lot 36, as shown on the official “Map of Folsom,” May, 1934 Kevin Paul Smith 12\11\01 Grant Deed Name _______________________________________ Address ____________________________________ Telephone _______________ Fax _____________ Closing Date ______________________________ Type of Transaction: q Sale q Refinance q Home Equity Seller __________________________________ Buyer/Borrower __________________________ Property Address ________________________ Sale Price _______________________________ Loan Amount _____________________________ Lender __________________________________ Legal Description __________________________ __________________________________________ Signature ______________________ Date _________ Form with Standard Text Data Elements Signature

  29. Levels of Electronic Documents • Documents can be broadly categorized into four conceptual “levels.” We believe that a viable document strategy must accommodate all four levels.

  30. Electronic Document – Level Three • Level Three • An electronic document is created by combining a form (created using HTML) with information (embedded XML data tags), and is encrypted and signed with a digital signature (using PKI technology) • A truly electronic “intelligent” enforceable document, not an image of a paper document

  31. Elements of an Intelligent Document Kevin Paul Smith 3157 Willow Ln, Orangevale, CA (206) 555-1534 (206) 555-1234 December 11, 2001 x Denise Jones Kevin Paul Smith 6541 Miller Pl, Folsom, CA $236,000 $212,400 Home Town Bank North half of Lot 36, as shown on the official “Map of Folsom,” May, 1934 Kevin Paul Smith 12\11\01 Grant Deed Name _______________________________________ Address ____________________________________ Telephone _______________ Fax _____________ Closing Date ______________________________ Type of Transaction: q Sale q Refinance q Home Equity Seller __________________________________ Buyer/Borrower __________________________ Property Address ________________________ Sale Price _______________________________ Loan Amount _____________________________ Lender __________________________________ Legal Description __________________________ __________________________________________ Signature ______________________ Date _________ HTML XML PKI

  32. Level Three Recorder Title and Escrow Services Document Repository Data On-line Signing Room Database Intelligent Document Microfiche, if desired

  33. The Benefits of Level Three • Electronic paper documents can travel faster between links in the value chain • Information is embedded in and electronically retrievable from enforceable documents • Enforceable document paradigm and data paradigm are combined • Information from enforceable documents does not need to be reconciled • Documents are signed and encrypted using digital signatures • The Document can be electronically parsed or manipulated • Privacy and security are greatly enhanced • Discretion as to what pieces of information an individual can access • All, some, or nothing

  34. Virtual Travel to Documents XHTML Document On-line Signing Room

  35. Demonstration of e-Recording

  36. e-Recording Demonstration • Prepare a reconveyance • Sign it • Notarize • Recording at the county • Return recorded document and receipt Richard Banksrs-banks@attbi.com(303) 618-8874

More Related