1 / 18

Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE-CYCLE SUPPORT

Click to edit Master title style. Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE-CYCLE SUPPORT. www.remtec.fi. XML and Digital Signatures. A Key to Reliable eBusiness Jörgen Westerling Remtec Systems Ltd. CONTENTS. eBusiness scenarios

kaye-lester
Download Presentation

Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE-CYCLE SUPPORT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Click to edit Master title style Multimedia Communication and Information Logistics for AFTER-SALES AND PRODUCT LIFE-CYCLE SUPPORT www.remtec.fi

  2. XML and Digital Signatures A Key to Reliable eBusiness Jörgen Westerling Remtec Systems Ltd.

  3. CONTENTS • eBusiness scenarios • Why do we need signatures? • Types of security services • What is a digital signature? • The XML Signature WG • Application integration • Digital signature issues

  4. eBUSINESS SCENARIOS • Official communication with public institutions • application forms, identity documents, tax declarations, etc. • Contractual relations in open networks • eBuying, eSelling, financial transactions, etc. • Identifying or authorising purposes • validate the identity of a correspondent, etc.

  5. WHY DO WE NEED SIGNATURES? • Signatures are authentic • Signatures are unforgeable • Signatures are not reusable • Signed documents are unalterable • Signatures can not be repudiated

  6. TYPES OF SECURITY SERVICES • Authentication • Identification • Real-world equivalent: passport • Confidentiality • Privacy • Real-world equivalent: sealed envelope • Non-repudiaton • Signatures • Real-world equivalent: personal signature

  7. WHAT IS A DIGITAL SIGNATURE? • A digital signature • confirms the identity of a message sender • confirms the authenticity of the message • confirms the integrity of the message • is verifiable • cannot be retracted

  8. Encrypted Message Digital Signature irw983jkaf9 Message Message Digest Buy 100 stock A6HR40 HT84K8 One-way Hash Function f(msg) Sender’s Private Key Message Buy 100 stock HOW DIGITAL SIGNATURES WORK

  9. Encrypted Message Digital Signature Sender’s Public Key Message Digest irw983jkaf9 A6HR40 HT84K8 Message Message Digest Buy 100 stock A6HR40 HT84K8 One-way Hash Function f(msg) HOW DIGITAL SIGNATURES WORK

  10. XML AND DIGITAL SIGNATURES • More and more of eBusiness transactions in our networks are XML-based. • There is a real need for leveraging digital signature technology in these transactions. • XML offers a established framework for transmitting signed content and generic tools for the processing and verification of signatures.

  11. THE XML SIGNATURE WG • XML Signature Requirements public WD • August 20, 1999 • The mission of the WG • develop a XML syntax used for digital signatures • develop procedures for computing and verifying digital signatures • Signatures will provide • data integrity, authenticationand/or non-repudiation

  12. THE XML SIGNATURE WG • Signature requirements • XML-signatures apply to any resource addressable by a locator • XML-signatures must be able to apply to a part or totality of an XML document • An XML document of a certain type must still be recognizable as its original type when signed • Must permit the use of arbitrary encryption alogrithms

  13. THE XML SIGNATURE WG • XML-Signature Scenarios document • describes different uses of XML-based digital signatures • enveloped-, unenveloped content etc. • A proposal to the XML Signature WG • Richard D. Brown, GlobeSet, Inc. • base for future work

  14. APPLICATION INTEGRATION • For example a browser plug-in to add digital signatures to XML messages • Application services to verify digital signatures • XML provides the framework

  15. APPLICATION INTEGRATION Browser Server XML Form Decoding Posted HTMLForm Data(XML) XML Message(signed by server) Add ServerSignature Sign Message Add ClientSignature VerifyServer Signature XML Message (signed by bothserver and client) Commit Transaction

  16. DIGITAL SIGNATURE ISSUES • Time Stamping • a signature having been found once to be valid, shall continue to be so, for the same data, months or years later • Key Length & Encryption Technology • a breakthrough in encryption technology may “reveal” all signatures made with that technology • Legal issues globally and locally applied • different rules in different parts of the world

  17. PUBLIC KEY INFRASTRUCTURE Certification Authority Directory User Services

  18. CONCLUSION • Businesses have to gain confidence in the security and confidentiality of eBusiness transaction. This will lead to real eBusiness growth. • Transaction security • Transaction confidentiality

More Related