digital signature 123
TRANSCRIPT
-
8/8/2019 Digital Signature 123
1/25
A digital signature is a secure electronic password which uses encryption & password to protect theintegrity of the signature & guarantee the authenticity of the party who signed it.
-
8/8/2019 Digital Signature 123
2/25
Why digital signature Authenticity
Integrity
Non-repudiation
Affirmative act
-
8/8/2019 Digital Signature 123
3/25
P aper signature Vs Digital signature
-
8/8/2019 Digital Signature 123
4/25
HO W IT WORKS
-
8/8/2019 Digital Signature 123
5/25
P rivate Key used for making digital signature
P ublic key used to verify the digital signature
-
8/8/2019 Digital Signature 123
6/25
-
8/8/2019 Digital Signature 123
7/25
-
8/8/2019 Digital Signature 123
8/25
-
8/8/2019 Digital Signature 123
9/25
-
8/8/2019 Digital Signature 123
10/25
Where it is used
y Digital Signature Solutions for BFSIT he use of digital signatures in e-banking, online loan applications andapproval systems, e-mortgage, etc., helps eliminate paper costs and tellerinteractions in an increasingly competitive banking environment.
y
E lectronic fund transferS upposean electronic funds transfer message is generated to request that $100.00
betransferred from one account to another. If the message was passed over anunprotected network, it may be possible for an adversary to alter the messageand request a transfer of $1000.00. Without additional information, it would bedifficult, if not impossible, for the receiver to know the message had been altered.However, if the D S A was used to sign the message before it was sent, thereceiver would know the message had been altered because it would not verify correctly. T he transfer request could then be denied.
-
8/8/2019 Digital Signature 123
11/25
y B usiness application A)EDIB )installation of software
y In HospitalsElectronic Medical records
-
8/8/2019 Digital Signature 123
12/25
Applications in Judiciary
1. Instant posting of judgment on the web.2. Secured electronic communications within
judiciary3. Authentic archiving of Judicial records4. Submission of affidavits5. Giving certified copies of the Judgment
-
8/8/2019 Digital Signature 123
13/25
A ttacks O n Digital S ignature
y This section describes some attacks on digital signaturesand defines the types of forgery.
1. Attack Types2. Forgery Types
-
8/8/2019 Digital Signature 123
14/25
Attack Types:
y Key-Only Attack y Known-Message Attack y Chosen-Message Attack
Forgery Types:
y Existential Forgeryy Selective Forgery
-
8/8/2019 Digital Signature 123
15/25
S ecure digital signaturey A secure digital signature should satisfy the following
conditions:y
It should be unique to the subscriber affixing it.y A digital signature is unique and is based upon the
message that is signed and the private key of thesigner.
y It should be capable of identifying such subscriber. What this implies is that the digital signature shouldbe verifiable by the public key of the signer and by noother public key.
-
8/8/2019 Digital Signature 123
16/25
It should be created in a manner or using a means underthe exclusive control of the subscriber. T his implies thatthe signer must use hardware and software that arecompletely free of any unauthorized external control.It should be linked to the electronic record to which itrelates in such a manner that if the electronic record werealtered, the digital signature would be invalidated.
All standard software programs used to create digitalsignatures contain this feature. Without this feature the whole purpose of creating digital signatures would bedefeated.
-
8/8/2019 Digital Signature 123
17/25
Digital S ignature Certificatey Digital S ignature Certificate means a certificate issued by
a recognised certifying authority authenticating the digitalsignature of a subscriber.
y T he certifying authorities who are recognised licenseholders have the power to issue Digital S ignatureCertificate's. Any person desiring to issue a DigitalS ignature Certificate has to apply to a recognised certifying Authority in the prescribed manner.
-
8/8/2019 Digital Signature 123
18/25
Legal frameworky Certification Agencies are appointed by the office of
the Controller of Certification Agencies (CCA) under
the provisions of IT
Act, 2000.y T here are a total of seven Certification Agenciesauthorised by the CCA to issue the Digital S ignatureCertificates.
-
8/8/2019 Digital Signature 123
19/25
y Tata Consultancy Services Ltdy
National Informatics Centrey Institute for Development & Research in B ankingTechnology (IDR BT )
y MT NLy Customs & Central Excisey (n)Code Solutions Ltd., (A division of Gujarat
Narmada Valley Fertilisers Company Ltd.)y Safescrypty e-Mudhra CA
-
8/8/2019 Digital Signature 123
20/25
A dvantagesy Imposter prevention: B y using digital signatures you are
eliminating the possibility of committing fraud by animposter signing the document. S ince the digital signaturecannot be altered, this makes forging the signatureimpossible.
Message integrity: B y having a digital signature you are infact proving the document to be valid. You are assuring therecipient that the document is free from forgery or false
information.Legal requirements: Using a digital signature satisfiessome type of legal requirement for the document inquestion. A digital signature takes care of any formal legalaspect of executing the document.
-
8/8/2019 Digital Signature 123
21/25
Disadvantagesy Digital signatures carry a lot more authority than a
simple return address, because the forgery is so much
more difficult. If you lose your certificate andpassword, you have a problem because mail with adigital signature is more authoritative.
y T he certificate could be forged or crackedy
Some email clients are not compatible with thestandard, such as older browsers and many of the web-mail sites.
y primary avenue for any business
-
8/8/2019 Digital Signature 123
22/25
y money. T his is because the business may have to spendmore money than usual to work with digital signatures
including buying certificates from certificationauthorities and getting the verification software
-
8/8/2019 Digital Signature 123
23/25
Conclusiony Every industry, irrespective of its functionalities, is
adopting digital signatures in one or the other way.From external communications to internalcommunications, digitally signed electronic
documents have changed the way communicationstake place. Faster, simpler, yet secure and confidential,these communications have ignited the competitionamongst businesses like never before.
-
8/8/2019 Digital Signature 123
24/25
y In the passage of time, digital signatures have becomea tool to garner customers' confidence and support.B
ut at the core is legal validity. From bankingtransactions to medial records, and from online loanapplications to tendering, digital signatures have the'Golden Touch' to transform hectic business processesinto simpler ones.
-
8/8/2019 Digital Signature 123
25/25