the authenticity behind aic’s digital signature

The Authenticity Behind AIC’s Digital Signature

Overview• The possibilities of new technologies• The security challenges of new technology • Overview of Federal, Provincial « e legislation » • What’s a digital signature based on PKI technology• The challenge : linking digital signatures and professional title

The possibilities of “e” data exchange and

transactions• Faster• Reliable • Available • Portable• Easy• Completes the cycle of computerisation

The security challenges

• Authentication

• Authorization

• Non-repudiation

• Data integrity

• Privacy

Federal law (PIPEDA) • Electronic signatures are accepted

• A secure electronic signatures should have the following qualities :

– The electronic signature is unique to the person– The use of the electronic signature is under the sole control of the person– The technology or process can be used to identify the person– The link between the electronic signature and the document protects the document’s integrity

Provincial legislation overview

• “Electronic” signatures are accepted

• It’s all a question of proof i.e. :– Can the identity of the signatory be confirmed ?– Is the signatory authorized to sign and seal ?– Can the link between the digital document and

the signatory be proven?– Can the data integrity be guaranteed?

Not all electronic signatures are equal!

•An electronic signature is NOT a digital signature.

•A digital signatue is one form of electronic signature.

•Both are not equal…

What about a scanned signature?

•It’s a form of electronic signature

•It does not provide data integrity

•Anyone that has your scanned signature can use it

What about password protection with a scanned

signature?•It’s a form of electronic signature

•It does provides weak data integrity– For example, if you passwrod protect a pdf file, have you ever done a search on

Google with « pdf and crack »?

•Still, anyone that has the image of your signature can also password protect a document with your signature…

The technological solutionAsymmetric key cryptography managed

by a trusted certificate authority

Digital signatures explained

•Digital signatures uses asymetric key cryptography.

•It provides a garantee to a recipient that the signed data (electronic document) came from the person who signed it.

•It provides a garantee to a recipient that the signed data was not altered since it was signed.

Digital signatures explained

•Aymetric key works in key pair. One key is a signing key (private key), one is a public key (verification key)

How it works•The sender starts the process by talking a mathematical summary (called a hash) of the data with (task performed by your digital signature software signature software)

•This hash is a uniquely identifying fingerprint of the data (even a single bit of data changes, affects the hash)

How it works•Next the sender encrypts the hash code with their private signing key (task perfomed by the encryption software)

•The sender can then archive and send the data which is now linked with the encrypted hash code

How it works

•The hash code is considered a signature because only the signer, using their private key, could have generated the code.

•The next steps explains how a digital signature can be verified

How it works•Upon receipt of the data (electronic document) the recipient can verify that the hash code was encrypted by the sender by decrypting the hash using the sender’s verification public

How it works•The recipient, having possession of what presumably is the original data, uses the data to generate a new hash code

How it works•The new hash code and the decrypted hash code are compared. If both are the same, they have forcibly been generated by the same integral source of data.

The certificates• How to be sure of the link between

the public key and its owner?

√ By associating the public key and its owner with a certificate!

The Certificate Authority• How to be sure that the information

contained in the certificate is valid?

√ By having the information in all certificates guaranteed by a certificate authority.

The partnership between the AIC and Notarius:

• Confirms the identity of a digital signature service subscriber

• Confirms and maintain the professional title designation with the digital signature

The partnership between AIC and Notarius provides

• Identity verification (in person or via documented verification)

– CONFIDENCE and TRUST are the basis and the purpose of the system: to protect the public and the Appraiser

• The confirmation of the link between the identity of the beholder of the private key

and his professional status (detaining the appropriate permit to practice) can only be made by the AIC

Features

• Identity (guards against identity theft)

• Authorization (Appraiser’s professional title)

• Integrity (fraud prevention)

• Non-repudiation • Confidentiality (protection against data

mining)

Benefits• Time Saving:

– Click/Sign (no more handwritten signatures)

– Click/Send

• Money Saving:– No printing (paper, toner, binding, handling,

courier, paper archives)– Fully compliant electronic archives

• Protects sensible information• Increases corporate security

CostDigital Signature

Regular rates

Between May 1st and 31st 2009

Subscription Fee Annual Service FeeBetween $145 and

$175/subscriberBetween $160 and

$200/subscriber

Subscription Fee Annual Service FeeBetween $145 and

$175/subscriber100$ for the first year of

service

What’s included• A complete architecture:

– Secure and available infrastructure– All the necessary resources for the management, maintenance

and upgrade of the infrastructure

• The digital signature toolkit:– Your digital certificate (electronic ID)– The cryptographic application (Entrust Enteligence)– PDF995– ConsignO

• All upgrades and updates• End user phone support (Monday – Friday 8:30 to 17:00

EST.)

Notarius offers• Tried and proven CA

– Operational since 1998– Trusted CA for Notaries, Appraisers,

Technicians, land surveyors, Engineers, Architects etc.

• Trusted CA– Financial institution– Governmental recognition

• Dedicated to professionals• A non profit organization (not profit

driven)• Notarius is accredited ISO 9001-2000• Notarius’s PKI is accredited ISO 27001

How to subscribe• Fill in a subscription form• Have your subscription form witnessed

(signed) by another member in good standing of AIC

• Transmit the subscription form and photocopy of two pieces of Valid ID’s to AIC

• Your activation codes will be delivered in a sealed envelope via Express Post

Easy to use

There’s nothing like a live demo

For online demos :

http://www.notarius.com/en/online_demos.html

Recap• Legal requirements• Professional requirements• The technological answer: digital signatures• The AIC’s mission (protection of the public)• The need to incorporate the professional

status into digital signatures• Allowing members to move from a paper

environment to a “compliant” electronic environment efficiently

• Integration with everyday use

Thank you for your time

Please come visit us at our booth for more information and to take advantage of

our May promotion

Questions? infoicp@notarius.com

Toll free 1-800-567-6703or

1-888-588-0011 ext.1211Charles.tremblay@notarius.com