Digital Signatures and Public Key Infrastructure (PKI) Technology - PowerPoint PPT Presentation

Jimmy
digital signatures and public key infrastructure pki technology l.
Skip this Video
Loading SlideShow in 5 Seconds..
Digital Signatures and Public Key Infrastructure (PKI) Technology PowerPoint Presentation
Download Presentation
Digital Signatures and Public Key Infrastructure (PKI) Technology

play fullscreen
1 / 36
Download Presentation
Digital Signatures and Public Key Infrastructure (PKI) Technology
600 Views
Download Presentation

Digital Signatures and Public Key Infrastructure (PKI) Technology

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Digital Signaturesand Public Key Infrastructure (PKI) Technology April 11, 2002

  2. Agenda • Digital Signature Types • PKI and Levels of Security • How PKI Works • Notarization • Electronic Documents and PKI • Demonstration of e-Recording

  3. Digital Signature Types

  4. Digital or Electronic Signatures Per US law “any signature in electronic form attached or logically associated to a record by a person with the intent to sign a record” Intent to be the equivalent of a handwritten “wet” signature Can use any number of authentication methods, separately or in combination

  5. Signature Definitions • Digital Signatures • Includes simple passwords or digitized images of handwritten signatures • Do not rely on cryptography • Not computer-readable characters • Electronic Signatures • Most full-featured and secure signature type • Electronically signed documents that rely upon public key cryptography (PKC) to authenticate identity • Can be encrypted for additional confidentiality

  6. Matching Technology to the Need • Integrity – the assurance that the message is whole, complete, and not changed in transmission • Nonrepudiation – neither party to the transaction can later claim that the transaction did not take place, or that the signature is not valid • Confidentiality – access to the content of the document is limited to authorized persons, thus eliminating the possibility for disclosure or theft of information or signatures • Authentication – provides the assurance that the person affixing a signature to an electronic document is, indeed, who he or she claims to be

  7. PKI and Levels of Security

  8. Paper vs. Electronic Delivery • Written signature • Document sealed in envelope • Check the seal to verify document has not been altered Electronic World: e.g. Email Delivery Channel Paper World: e.g. courier, snail mail Paper World Electronic World • Electronic Signature • Encrypt document • Perform a message digest/hashing algorithm to verify document has not been altered

  9. Public Key Cryptography (PKC) • PKI is based upon PKC, an internationally accepted method for securing electronic communications • PKC involves a pair of mathematically related keys • Very large prime numbers of 1024 characters in length • Public key • Distributed freely to anyone whom the public key owner wishes to communicate securely • Private Key • Known only by the signer • Used to sign a message that only the public key can verify

  10. Certification Authorities CERTIFICATE AUTHORITY Certificate authorities are central to authentication under PKI. They: • Issue private keys (digital certificates) • Maintain records of certificates issued • Identify and authenticate certificate holders • Maintain the directory of publicly available keys • Audit themselves and customers Can be either enterprise operated or by a trusted third party Vendors include VeriSign, GTE CyberTrust, others

  11. Private Keys or Digital Certificates • Contain • User id’s • Private key • Who certificate belongs to • When certificate expires • Storage • In a browser • On a piece of hardware such as a smart card or a plug-in USB device • Fees • Users pay an annual fee based on their level of security, liability limits also vary by level of security

  12. Examples of Levels of Security • High Level • Applicants must appear before a notary with 2 photo id’s • Notary submits info to certification authority • Authority reviews and assigns a digital identification in either a smart card or “key fob” that plugs into the USB port of the users PC • In addition, provided a pass phrase or an identification number • Initiating a transaction requires the smart card/key fob and the pass phrase/ identification number • Example: lawyers and healthcare professionals seeking confidential client records

  13. Examples of Levels of Security • Intermediate Level • Require storage of the certificate on a smart card or key fob • Do not require a notarized application • Example: accessing internal company network via laptop over the Internet • Standard Level • Apply for digital signatures online • Minimal verification • Loaded directly into the users browser • Really no security other than a person asking for it • Expected to replace state-issued passwords for electronic filing of tax applications and other common transactions

  14. Public Sector Developments • Washington and Illinois among the states first to rollout statewide implementations of PKI technology that allow citizens, businesses, and others to securely deal with government agencies over the web • Serving as their own Certification Authorities • Unlike departmental solutions, these systems are meant to give citizens on digital signature to use in online dealings with any state or local government department

  15. Concerns and Risks • Adopting business processes to accommodate new kind of signature • No case law: long-term legal enforceability of electronic contracts and agreements • Standard archiving needed • Electronic document or record must be accessible to inspection for generations as any paper legal document • Archiving used by governments must be available whatever software or hardware updates occur • Loss or theft of private keys

  16. How PKI Works

  17. Hashing or Message Digest • A message digest is produced by performing a hashing algorithm which is a calculation that reduces a document to a unique number • If the document changes in the slightest bit, so does the digest MESSAGE Hashing Algorithm MESSAGE DIGEST

  18. Signing and Encrypting a Message

  19. Secure Transmission • Public Key Cryptography is the internationally accepted method for securing electronic communications + = + = PRIVATE KEY ENCRYPTED MESSAGE PUBLIC KEY MESSAGE MESSAGE ENCRYPTED MESSAGE ASYMMETRIC KEYS Secure Transmission Electronic Signature

  20. Electronic Signature = + = DIGITAL FINGERPRINT SENDER’S PRIVATE KEY MESSAGE DIGEST Digital Signature • A electronic signature (i.e., digital fingerprint) is created by encrypting the message digest with the sender’s Private Key • An electronic signature confirms that: • Message came from the sender • Message was unaltered in transit Secure Transmission Electronic Signature

  21. Benefits of Electronic Signatures • Anyone who knows the public key can verify the correctness of the signature • Reduced possibility of fraud, forgery, or impersonation • Verification of document integrity • Encrypted message summary (hash) must match message content, otherwise digital signature is void • Digital signatures cannot be copied from one document to another as any changes to the message would void the signature

  22. e-Signatures – Risk Management

  23. Notarization

  24. Notarization • An important part of many signed docs is notarized acknowledgement to help protect the parties to a contract • Five components to a notarized acknowledgment • Personal appearance – allows notary to interact and observe the signer • Identification – notary relies on several means to make sure the person signing the document is who they say they are • Acknowledged by signer – before the notary, asserting they are authorized to sign and are not doing so under duress • Lack of duress – presence of third party helps prevent signatures under coercion or physical threat • Awareness – interacting with notary helps detect whether drugs, mental impairment, or other infirmity may have influenced decision to sign

  25. Digital Acknowledgements • For all practical purposes, identical to a digital signature • Can be created only by a notary with special credentials to do so • Instead of an embossed stamp, notary uses a special digital certificate • Many states still require the notary be physically present to fulfill the “personal appearance” requirement • This may change as digital documents become more commonplace, e.g, replaced by a video presence • A document that has been both signed and notarized will actually contain 2 digital signatures

  26. Electronic Documents and PKI

  27. The Future of Documents • Now transitioning to… • The Future

  28. Elements of a Document Kevin Paul Smith 3157 Willow Ln, Orangevale, CA (206) 555-1534 (206) 555-1234 December 11, 2001 x Denise Jones Kevin Paul Smith 6541 Miller Pl, Folsom, CA $236,000 $212,400 Home Town Bank North half of Lot 36, as shown on the official “Map of Folsom,” May, 1934 Kevin Paul Smith 12\11\01 Grant Deed Name _______________________________________ Address ____________________________________ Telephone _______________ Fax _____________ Closing Date ______________________________ Type of Transaction: q Sale q Refinance q Home Equity Seller __________________________________ Buyer/Borrower __________________________ Property Address ________________________ Sale Price _______________________________ Loan Amount _____________________________ Lender __________________________________ Legal Description __________________________ __________________________________________ Signature ______________________ Date _________ Form with Standard Text Data Elements Signature

  29. Levels of Electronic Documents • Documents can be broadly categorized into four conceptual “levels.” We believe that a viable document strategy must accommodate all four levels.

  30. Electronic Document – Level Three • Level Three • An electronic document is created by combining a form (created using HTML) with information (embedded XML data tags), and is encrypted and signed with a digital signature (using PKI technology) • A truly electronic “intelligent” enforceable document, not an image of a paper document

  31. Elements of an Intelligent Document Kevin Paul Smith 3157 Willow Ln, Orangevale, CA (206) 555-1534 (206) 555-1234 December 11, 2001 x Denise Jones Kevin Paul Smith 6541 Miller Pl, Folsom, CA $236,000 $212,400 Home Town Bank North half of Lot 36, as shown on the official “Map of Folsom,” May, 1934 Kevin Paul Smith 12\11\01 Grant Deed Name _______________________________________ Address ____________________________________ Telephone _______________ Fax _____________ Closing Date ______________________________ Type of Transaction: q Sale q Refinance q Home Equity Seller __________________________________ Buyer/Borrower __________________________ Property Address ________________________ Sale Price _______________________________ Loan Amount _____________________________ Lender __________________________________ Legal Description __________________________ __________________________________________ Signature ______________________ Date _________ HTML XML PKI

  32. Level Three Recorder Title and Escrow Services Document Repository Data On-line Signing Room Database Intelligent Document Microfiche, if desired

  33. The Benefits of Level Three • Electronic paper documents can travel faster between links in the value chain • Information is embedded in and electronically retrievable from enforceable documents • Enforceable document paradigm and data paradigm are combined • Information from enforceable documents does not need to be reconciled • Documents are signed and encrypted using digital signatures • The Document can be electronically parsed or manipulated • Privacy and security are greatly enhanced • Discretion as to what pieces of information an individual can access • All, some, or nothing

  34. Virtual Travel to Documents XHTML Document On-line Signing Room

  35. Demonstration of e-Recording

  36. e-Recording Demonstration • Prepare a reconveyance • Sign it • Notarize • Recording at the county • Return recorded document and receipt Richard Banksrs-banks@attbi.com(303) 618-8874