digital signature 123

8/8/2019 Digital Signature 123

1/25

A digital signature is a secure electronic password which uses encryption & password to protect theintegrity of the signature & guarantee the authenticity of the party who signed it.


2/25

Why digital signature Authenticity

Integrity

Non-repudiation

Affirmative act


3/25

P aper signature Vs Digital signature


4/25

HO W IT WORKS


5/25

P rivate Key used for making digital signature

P ublic key used to verify the digital signature


6/25


7/25


8/25


9/25


10/25

Where it is used

y Digital Signature Solutions for BFSIT he use of digital signatures in e-banking, online loan applications andapproval systems, e-mortgage, etc., helps eliminate paper costs and tellerinteractions in an increasingly competitive banking environment.

y

E lectronic fund transferS upposean electronic funds transfer message is generated to request that $100.00

betransferred from one account to another. If the message was passed over anunprotected network, it may be possible for an adversary to alter the messageand request a transfer of $1000.00. Without additional information, it would bedifficult, if not impossible, for the receiver to know the message had been altered.However, if the D S A was used to sign the message before it was sent, thereceiver would know the message had been altered because it would not verify correctly. T he transfer request could then be denied.


11/25

y B usiness application A)EDIB )installation of software

y In HospitalsElectronic Medical records


12/25

Applications in Judiciary

1. Instant posting of judgment on the web.2. Secured electronic communications within

judiciary3. Authentic archiving of Judicial records4. Submission of affidavits5. Giving certified copies of the Judgment


13/25

A ttacks O n Digital S ignature

y This section describes some attacks on digital signaturesand defines the types of forgery.

1. Attack Types2. Forgery Types


14/25

Attack Types:

y Key-Only Attack y Known-Message Attack y Chosen-Message Attack

Forgery Types:

y Existential Forgeryy Selective Forgery


15/25

S ecure digital signaturey A secure digital signature should satisfy the following

conditions:y

It should be unique to the subscriber affixing it.y A digital signature is unique and is based upon the

message that is signed and the private key of thesigner.

y It should be capable of identifying such subscriber. What this implies is that the digital signature shouldbe verifiable by the public key of the signer and by noother public key.


16/25

It should be created in a manner or using a means underthe exclusive control of the subscriber. T his implies thatthe signer must use hardware and software that arecompletely free of any unauthorized external control.It should be linked to the electronic record to which itrelates in such a manner that if the electronic record werealtered, the digital signature would be invalidated.

All standard software programs used to create digitalsignatures contain this feature. Without this feature the whole purpose of creating digital signatures would bedefeated.


17/25

Digital S ignature Certificatey Digital S ignature Certificate means a certificate issued by

a recognised certifying authority authenticating the digitalsignature of a subscriber.

y T he certifying authorities who are recognised licenseholders have the power to issue Digital S ignatureCertificate's. Any person desiring to issue a DigitalS ignature Certificate has to apply to a recognised certifying Authority in the prescribed manner.


18/25

Legal frameworky Certification Agencies are appointed by the office of

the Controller of Certification Agencies (CCA) under

the provisions of IT

Act, 2000.y T here are a total of seven Certification Agenciesauthorised by the CCA to issue the Digital S ignatureCertificates.


19/25

y Tata Consultancy Services Ltdy

National Informatics Centrey Institute for Development & Research in B ankingTechnology (IDR BT )

y MT NLy Customs & Central Excisey (n)Code Solutions Ltd., (A division of Gujarat

Narmada Valley Fertilisers Company Ltd.)y Safescrypty e-Mudhra CA


20/25

A dvantagesy Imposter prevention: B y using digital signatures you are

eliminating the possibility of committing fraud by animposter signing the document. S ince the digital signaturecannot be altered, this makes forging the signatureimpossible.

Message integrity: B y having a digital signature you are infact proving the document to be valid. You are assuring therecipient that the document is free from forgery or false

information.Legal requirements: Using a digital signature satisfiessome type of legal requirement for the document inquestion. A digital signature takes care of any formal legalaspect of executing the document.


21/25

Disadvantagesy Digital signatures carry a lot more authority than a

simple return address, because the forgery is so much

more difficult. If you lose your certificate andpassword, you have a problem because mail with adigital signature is more authoritative.

y T he certificate could be forged or crackedy

Some email clients are not compatible with thestandard, such as older browsers and many of the web-mail sites.

y primary avenue for any business


22/25

y money. T his is because the business may have to spendmore money than usual to work with digital signatures

including buying certificates from certificationauthorities and getting the verification software


23/25

Conclusiony Every industry, irrespective of its functionalities, is

adopting digital signatures in one or the other way.From external communications to internalcommunications, digitally signed electronic

documents have changed the way communicationstake place. Faster, simpler, yet secure and confidential,these communications have ignited the competitionamongst businesses like never before.


24/25

y In the passage of time, digital signatures have becomea tool to garner customers' confidence and support.B

ut at the core is legal validity. From bankingtransactions to medial records, and from online loanapplications to tendering, digital signatures have the'Golden Touch' to transform hectic business processesinto simpler ones.


25/25

digital signature 123

Documents