Electronic Signatures. Legal and Technical Aspects of E-Commerce, Budapest, 7.-11.10.2002. ?. ?. Questions?. ?. ?. Please ask them immediately!. ?. ?. Content. Why the need? Cryptography basics Symmetric, asymmetric, hash; types of attacks Key distribution / Signature systems
Legal and Technical Aspects of E-Commerce, Budapest, 7.-11.10.2002
Please ask them immediately!
Security & Trust
Know, whom you communicated with, and be able to provide evidence accordingly
System for public transmission of data must cope with the following attacks:
The following methods can be used for protecting systems for public transmission:
D… Detection, P…Prevention, ()…restricted/partly/certain sense
DecryptionCryptography basics:Symmetrical cryptosyst.
Symmetrical cryptography uses the same key for encryption and decryption
DecryptionCryptography basics:Asymmetrical cryptosyst.
= Identity of the signer
Plain + Signature
Before method (not: certificate!) expires, a signature with a new (longer/more secure) key must be created, which includes a secure timestamp.
What something must fulfill to be called “signature”
What a signature should provide
unless the CA proves, he did not act negligently
Requires a secure computing center, large organization and numerous experts Rare!
See the directive and the local laws/ordinances!
Unknown whether actually in use or not!