the authenticity behind aic’s digital signature
DESCRIPTION
The Authenticity Behind AIC’s Digital Signature. Overview. The possibilities of new technologies The security challenges of new technology Overview of Federal, Provincial « e legislation » What’s a digital signature based on PKI technology - PowerPoint PPT PresentationTRANSCRIPT
The Authenticity Behind AIC’s Digital Signature
Overview• The possibilities of new technologies• The security challenges of new technology • Overview of Federal, Provincial « e legislation » • What’s a digital signature based on PKI technology• The challenge : linking digital signatures and professional title
The possibilities of “e” data exchange and
transactions• Faster• Reliable • Available • Portable• Easy• Completes the cycle of computerisation
The security challenges
• Authentication
• Authorization
• Non-repudiation
• Data integrity
• Privacy
Federal law (PIPEDA) • Electronic signatures are accepted
• A secure electronic signatures should have the following qualities :
– The electronic signature is unique to the person– The use of the electronic signature is under the sole control of the person– The technology or process can be used to identify the person– The link between the electronic signature and the document protects the document’s integrity
Provincial legislation overview
• “Electronic” signatures are accepted
• It’s all a question of proof i.e. :– Can the identity of the signatory be confirmed ?– Is the signatory authorized to sign and seal ?– Can the link between the digital document and
the signatory be proven?– Can the data integrity be guaranteed?
Not all electronic signatures are equal!
•An electronic signature is NOT a digital signature.
•A digital signatue is one form of electronic signature.
•Both are not equal…
What about a scanned signature?
•It’s a form of electronic signature
•It does not provide data integrity
•Anyone that has your scanned signature can use it
What about password protection with a scanned
signature?•It’s a form of electronic signature
•It does provides weak data integrity– For example, if you passwrod protect a pdf file, have you ever done a search on
Google with « pdf and crack »?
•Still, anyone that has the image of your signature can also password protect a document with your signature…
The technological solutionAsymmetric key cryptography managed
by a trusted certificate authority
Digital signatures explained
•Digital signatures uses asymetric key cryptography.
•It provides a garantee to a recipient that the signed data (electronic document) came from the person who signed it.
•It provides a garantee to a recipient that the signed data was not altered since it was signed.
Digital signatures explained
•Aymetric key works in key pair. One key is a signing key (private key), one is a public key (verification key)
How it works•The sender starts the process by talking a mathematical summary (called a hash) of the data with (task performed by your digital signature software signature software)
•This hash is a uniquely identifying fingerprint of the data (even a single bit of data changes, affects the hash)
How it works•Next the sender encrypts the hash code with their private signing key (task perfomed by the encryption software)
•The sender can then archive and send the data which is now linked with the encrypted hash code
How it works
•The hash code is considered a signature because only the signer, using their private key, could have generated the code.
•The next steps explains how a digital signature can be verified
How it works•Upon receipt of the data (electronic document) the recipient can verify that the hash code was encrypted by the sender by decrypting the hash using the sender’s verification public
How it works•The recipient, having possession of what presumably is the original data, uses the data to generate a new hash code
How it works•The new hash code and the decrypted hash code are compared. If both are the same, they have forcibly been generated by the same integral source of data.
The certificates• How to be sure of the link between
the public key and its owner?
√ By associating the public key and its owner with a certificate!
The Certificate Authority• How to be sure that the information
contained in the certificate is valid?
√ By having the information in all certificates guaranteed by a certificate authority.
The partnership between the AIC and Notarius:
• Confirms the identity of a digital signature service subscriber
• Confirms and maintain the professional title designation with the digital signature
The partnership between AIC and Notarius provides
• Identity verification (in person or via documented verification)
– CONFIDENCE and TRUST are the basis and the purpose of the system: to protect the public and the Appraiser
• The confirmation of the link between the identity of the beholder of the private key
and his professional status (detaining the appropriate permit to practice) can only be made by the AIC
Features
• Identity (guards against identity theft)
• Authorization (Appraiser’s professional title)
• Integrity (fraud prevention)
• Non-repudiation • Confidentiality (protection against data
mining)
Benefits• Time Saving:
– Click/Sign (no more handwritten signatures)
– Click/Send
• Money Saving:– No printing (paper, toner, binding, handling,
courier, paper archives)– Fully compliant electronic archives
• Protects sensible information• Increases corporate security
CostDigital Signature
Regular rates
Between May 1st and 31st 2009
Subscription Fee Annual Service FeeBetween $145 and
$175/subscriberBetween $160 and
$200/subscriber
Subscription Fee Annual Service FeeBetween $145 and
$175/subscriber100$ for the first year of
service
What’s included• A complete architecture:
– Secure and available infrastructure– All the necessary resources for the management, maintenance
and upgrade of the infrastructure
• The digital signature toolkit:– Your digital certificate (electronic ID)– The cryptographic application (Entrust Enteligence)– PDF995– ConsignO
• All upgrades and updates• End user phone support (Monday – Friday 8:30 to 17:00
EST.)
Notarius offers• Tried and proven CA
– Operational since 1998– Trusted CA for Notaries, Appraisers,
Technicians, land surveyors, Engineers, Architects etc.
• Trusted CA– Financial institution– Governmental recognition
• Dedicated to professionals• A non profit organization (not profit
driven)• Notarius is accredited ISO 9001-2000• Notarius’s PKI is accredited ISO 27001
How to subscribe• Fill in a subscription form• Have your subscription form witnessed
(signed) by another member in good standing of AIC
• Transmit the subscription form and photocopy of two pieces of Valid ID’s to AIC
• Your activation codes will be delivered in a sealed envelope via Express Post
Easy to use
There’s nothing like a live demo
For online demos :
http://www.notarius.com/en/online_demos.html
Recap• Legal requirements• Professional requirements• The technological answer: digital signatures• The AIC’s mission (protection of the public)• The need to incorporate the professional
status into digital signatures• Allowing members to move from a paper
environment to a “compliant” electronic environment efficiently
• Integration with everyday use
Thank you for your time
Please come visit us at our booth for more information and to take advantage of
our May promotion
