1 / 15

Security Requirements for Business Communication

Security Requirements for Business Communication. HENRIQUE DE CONTI Director — Membership and Information Services. Schedule. About BRISA Main Protections for e-business e-business protections — Technical Solutions Legal Issues Brazilian Legal Framework. About BRISA. BRISA is.

tymon
Download Presentation

Security Requirements for Business Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Requirements for Business Communication HENRIQUE DE CONTI Director — Membership and Information Services

  2. Schedule • About BRISA • Main Protections for e-business • e-business protections — Technical Solutions • Legal Issues • Brazilian Legal Framework

  3. About BRISA BRISA is... • 12 years old association whose mission is to support members in developping solutions in Telecommunications and Informatics • Not for profit, private, open for any company, exempt, independent, accredited as a Public Utility Organization since 1992

  4. Instituições de Crédito, Financiamento e Investimento ACREFI ASSOCIAÇÃO NACIONAL Supremo Tribunal Federal Nacional Members 5/16/01

  5. offices members staff BRISA has...

  6. Total Online Spending Percent of Online Buying Consumer Online SpendingReaches $8.3 Billion in 2005 (in billions) Source: Jupiter Internet Commerce Model, 02/00

  7. e-business — Main Protections (1) • Authentication of origin • guarantee identity of the originator of a message or object • implies non-repudiation of origin (independent CA) • guarantees integrity against corruption of message or information object (accidental or malicious) • not used as contractual binding • Signature • proof that the originator accepts all responsabilities for object or message • validity  validity of originator’s pair of keys • offers all protections of Authentication of Origin • tied to document formation (hash) • exclusive use by owner (verification) (1) EEMA-SPLC Secure Inter-organisational Electronic Messaging Framework

  8. e-business — Main Protections (1) • Non-repudiation of content received • provides guarantee that a recipient has received message or information object intact as sent • recipient cannot deny its reception • Notarisation • irrevocable proof and guarantee that an information object was subject of Authentication of Origin or Signature • authentication or signature occured no later than time and date appended by Notary • validity exceeds that of pair of keys of originator • information object can be archived • offers all protections of Authentication of Origin of Signature • applies only to objects (1) EEMA-SPLC Secure Inter-organisational Electronic Messaging Framework

  9. e-business protections Techical Solutions • Authentication of origin • X.509 Certificate • supported by main messaging products (Windows and Linux) • Signature • X.509 Certificate • hash function • supported by main messaging products (Windows and Linux)

  10. e-business protections Techical Solutions • Non-repudiation of content received • no internet protocol standard specification • supported by X.400 protocol • supported by main messaging products (proprietary solutions) • need of a bilateral agreement (if not X.400) • Notarisation • X.509 Certificate (signed by a Notary) • supported by main messaging products (Windows and Linux) • Notary  independent third party (usually)

  11. Legal Issues • Validity of digital signatures • accepted as agreement of proof of wish (not only proof of origin) • essential for Government • Validity of electronic documents • same value than paper documents • exceptions for specific situations (not validity for specific situations) • Validity of digitalized documents • obtained from paper documents  same value than electronic documents • exceptions for specific situations, if needed • Security • definition of crimes by computer (must be caracterized in Penal Laws)

  12. Legal Framework — Brazil Main acts, bills and decrees • e-commerce/e-documents • Bill 1483/99 (Dep. Dr. Hélio) • electronic invoice • Bill 1589/99 (Dep. Luciano Pizzato) • e-commerce • e-documents • signatures • notaries • conditions to offer products and services by electronic means • certification • Bill 672/99 (Sen. Lúcio Alcântara) • e-commerce • e-messages • signatures EC Comission Representatives House Joint Comission ApprovedSenate  Representative House

  13. Legal Framework — Brazil Main acts, bills and decrees • e-commerce/e-documents • Dec. 3585/00 • validity  government • e-documents (some must be electronic) • Dec. 3587 • Government PKI • asymmetric keys • certification policy • Instruction SRF 156/99 • e-CPF (persons) & e-CNPJ (companies) • electronic services • CAs & RAs bypass lack of laws

  14. Legal Framework — Brazil Main acts, bills and decrees • security • Bill 84/99 (Dep. Luiz Piauhylino) • crimes by computer • all main crimes • Law 9983/00 • crimes against Social Security • 2 crimes by computer • insertion of fraudulent data • non-authorized data modification • no other crimes (hacking without modification or insertion, etc.) • Dec. 3505/00 • Information Security Policy for Federal Administration

  15. HENRIQUE CÉSAR DE CONTI Director — Membership and Information Services henrique.conti@brisa.org.br Tel. +55-61-328 8872 Fax +55-61-328 2593

More Related