Digital Signature

Category: Education

Presentation Description

No description available.


Presentation Transcript

What is Digital Signature?:

What is Digital Signature? A type of asymmetric cryptography used to simulate the security properties of a signature in digital. Used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged . Digital signature schemes normally give two algorithms. One for signing which involves the user's secret or private key One for verifying signatures which involves the user's public key .

Why Digital Signature?:

Why Digital Signature? To provide Authenticity, Integrity and Non-repudiation to electronic documents. To use the Internet as the safe and secure medium for e-Commerce and e-Governance . Eliminate the need to print, fax, scan, and ship documents . So both time and money saved. Send documents with signature and get a response in minutes, not days .

Usages of Digital signature:

Usages of Digital signature Digital signatures are used for many kinds of documents and transactions, for both personal and business use. Sign contracts, invoices, and work orders Approve project estimates and change orders Sign school forms and permission slips Complete and sign leases and rental agreements Sign NDAs and client agreements Sign bank documents and insurance forms

Paper signatures v/s Digital Signatures:

Paper signatures v/s Digital Signatures Parameter Paper Digital Authenticity May be forged Cannot be copied Integrity independent of the document depends on the contents of the document Non-repudiation Handwriting expert needed Error prone Any computer user Error free

PowerPoint Presentation:

Benjamin Franklins Mahatma Gandhi. Pablo Picasso Barack Obama Michael Jackson Bruce Lee Albert Einstein Arnold Schwarzenegger

How it Works:

How it Works

Private Key protection:

Private Key protection The Private key generated is to be protected and kept secret. The responsibility of the secrecy of the key lies with the owner. The key is secured using PIN Protected soft token Smart Cards Hardware Tokens

PIN protected soft tokens:

PIN protected soft tokens The Private key is encrypted and kept on the Hard Disk in a file, this file is password protected. This forms the lowest level of security in protecting the key, as The key is highly reachable. PIN can be easily known or cracked. Soft tokens are also not preferred because The key becomes static and machine dependent. The key is in known file format.

Smart Cards:

Smart Cards The Private key is generated in the crypto module residing in the smart card. The key is kept in the memory of the smart card. The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card. The card gives mobility to the key and signing can be done on any system. (Having smart card reader)

Hardware Tokens:

Hardware Tokens They are similar to smart cards in functionality as Key is generated inside the token. Key is highly secured as it doesn’t leave the token. Highly portable. Machine Independent. iKEY is one of the most commonly used token as it doesn’t need a special reader and can be connected to the system using USB port.

Certifying Authority:

Certifying Authority Must be widely known and trusted. Must have well defined Identification process before issuing the certificate. Provides online access to all the certificates issued. Provides online access to the list of certificates revoked. Displays online the license issued by the Controller. Displays online approved Certification Practice Statement (CPS). Must adhere to IT Act/Rules/Regulations and Guidelines.

Digital Signature Certification Authorities:

Digital Signature Certification Authorities Comodo CA ltd DigiCert , Inc Entrust, Inc GeoTrust , Inc GlobalSign , Inc Thawte , Inc Symantic Trust Network

Disadvantages of digital signature:

Disadvantages of digital signature Expiry Date : Digital signatures are based on technology and the laws surrounding it depend on the state laws. The certificates of the digital signatures expire and it is the duty of the receiver to make sure that public key is valid. Buy certificates and verification software : Businesses using the digital signature might have to spend more money as digital signature involves buying of certificates from concerned authorities as well as the verification software. Educate the users : Within a business organization there might be many employees who are totally unaware of how a digital signature works. Additional times as well as money need to be spend on training the employees about how the process works that takes them away from their jobs . Compatibility issues : There are quite a lot of digital signature standard available which are incompatible with each other and there is an urgent need to come up with a standard procedure through which they can interact.