Diapositiva 1 - Warsaw School of Economics
Download
Report
Transcript Diapositiva 1 - Warsaw School of Economics
Electronic signature
Klara Góral
Karolina Kozak
Ignacio Lastres
Agenda:
1. Introduction
2. General overlook
3. Legal statements
4. History
5. Construction
6. Use of electronic signature
7. Future
General overlook
Signature
Stylized script associated
with a person
Electronic signature
An electronic sound, symbol,
or process, attached to or
logically associated with a
contract or other record and
executed or adopted by a
person with the intent to sign
the record
electronic signature
vs.
digital signature
Legal statements
Laws regarding use of electronic signatures
Slovakia - Zákon č.215/2002
o elektronickom podpise
Singapore - Singapore
Electronic Transactions Act
Republika Srpska
Canada - PIPEDA
South Africa - The
Electronic
Communications and
Transactions Act
UK - s.7 Electronic
Communications
Act 2000
Costa Rica Digital Signature
Law
Peru - Ley Nº 27269.
Ley de Firmas y
Certificados Digitales
Spain - Real Decretoley 14/1999, sobre firma
electrónica
Poland - Ustawa o
podpisie elektronicznym
Japan - Law Concerning
Electronic Signatures and
Certification Services
Canada - PIPEDA
Czechia – Zákon o
elektronickém
podpisu
India - Information
Technology Act
European Union Electronic
Signature Directive
U.S. - Digital Signature
And Electronic
Authentication Law
China - Law of the
People’s Republic of
China on Electronic
Signature
Philippines - Electronic
Commerce Act
Turkey - Electronic
Signature Law
Croatia
Slovenia Slovene
Electronic Commerce
and Electronic
Signature Act
Mexico - E-Commerce Act
Laws regarding use of electronic signatures
Slovakia - Zákon č.215/2002
o elektronickom podpise
Singapore - Singapore
Electronic Transactions Act
Republika Srpska
Canada - PIPEDA
South Africa - The
Electronic
Communications and
Transactions Act
UK - s.7 Electronic
Communications
Act 2000
Costa Rica Digital Signature
Law
Peru - Ley Nº 27269.
Ley de Firmas y
Certificados Digitales
Spain - Real Decretoley 14/1999, sobre firma
electrónica
Poland - Ustawa o
podpisie elektronicznym
Japan - Law Concerning
Electronic Signatures and
Certification Services
Canada - PIPEDA
Czechia – Zákon o
elektronickém
podpisu
India - Information
Technology Act
European Union Electronic
Signature Directive
U.S. - Digital Signature
And Electronic
Authentication Law
China - Law of the
People’s Republic of
China on Electronic
Signature
Philippines - Electronic
Commerce Act
Turkey - Electronic
Signature Law
Croatia
Slovenia Slovene
Electronic Commerce
and Electronic
Signature Act
Mexico - E-Commerce Act
The Electronic Signatures in Global and National
Commerce Act (ESIGN)
Validity and legal effect of contracts entered
into electronically
legal status equivalent to a written signature
may not be denied legal effect, validity, or
enforceability solely because it is in electronic
form
Legal requirements of electronic
signatures:
must be unique to the person using it
must be verifiable
must be under the sole control of the person using it
must guarantee that the document signed cannot be
altered after it has been electronically signed
must capture and preserve the signer's intent,
consent, understanding, or responsibility related to a
document that is being signed
History
History of electronic signatures
Before 1861 – morse code used to send messages
electronically by telegraphy
1869 - acceptance of the enforceability of
telegraphic messages as electronic signatures in
New Hampshire Supreme Court
1980s – use of fax
1990s - Acceptance of the enforceability of
agreements made by e-mail, entering PIN into a
bank ATM, signing a debit or credit slip with
digital pen pad device, installing software with a
clickwrap software licence on the package, signing
electronic documents online
History of electronic signatures
Joint Communicué on
electronic commerce
first agreement signed
electronically by USA and
Ireland in 1998
Construction
How it works?
Cryptography
The basis of electronic signatures is
cryptography, mathematical discipline
that not only handles the encryption of
texts to ensure their confidentiality and
provides mechanisms to ensure data
integrity and identity of participants in a
transaction.
Cryptography
Encryption involves transforming a plain
text (understood by all) by an algorithm in a
cipher text, thanks to a secret or encryption
key, which is unintelligible to all except the
legitimate recipient.
HASH function
Hash function
To obtain a hash (also called a message
digest) of a text
fairly short series of characters representing
the text to which you apply this hash
function the fingerprint of a document.
Hash function
Must only associate a hash with a plain text
the slightest alteration of the
document will cause a change in the hash.
It must be a one-way function
for the original message can not be retrieved
from the hash.
If there is a way of finding the plaintext
from the hash, it seems that the hash
function has a "trapdoor. "
Hash algorithms
MD5 (Message Digest)
- developed by Rivest in 1991
- creates (from a text whose size is chosen
at random) a 128-bit fingerprint processing it
into blocks of 512 bits.
- it is common to see Internet downloads
that are accompanied by MD5 files to verify
its integrity.
Hash algorithms
SHA (Secure Hash Algorithm)
- creates a digital fingerprint that is 160 bits of
length.
- SHA-1 is an improved version from 1994
produces a fingerprint of 160 bits from
a message that has a maximum length of
264 bits and processed in blocks of 512 bits.
Integrity verification
when sending a message along with its hash
the recipient can be sure that the message has
not been altered(intentionally or accidentally).
when a recipient receives a message simply has to
calculate the hash of the received message and
comparing it with the hash that accompanies the
document.
if the message(or hash) is falsified during the
communication, the two digital fingerprints will
not coincide.
Sealing data
to ensure that the message has been sent by
the person claiming to be the sender.
the sender simply encrypts (signs)
the hash using its private key (seal) and
send the seal to the recipient
the recipient must decrypt the seal with
the sender's public key
then the recipient must compare the
received hash with the hash function of
the hash received as attachment.
Methods of encryption
Asymmetric encryption or public key
- when using a pair of separate keys
for encryption and decryption processes.
- one key, the private is kept secret,
while the second key, the public, is known by
everyone.
-using RSA algorithms, Diffie-Hellman, etc.
Example
1. John produces a summary of the document.
2. John encrypts the abstract with his private
key, thereby signing the document.
This summary is your electronic signature.
3.John sends the document along with the summary
signed (electronic signature) to Peter.
4. Peter produces a summary of the document received
from John, using the same function summary way.
5. Peter then decrypted with the public key of John,
which is known, the summary signed (electronic
signature of John).
6. If the digest matches the digest signed Peter
has generated the electronic signature is valid.
Methods of encryption
Symmetric key encryption or secret
- when using the same key in encryption and
decryption operations.
- these systems are much faster than public
key, and appropriate for the encryption of large
volumes of data.
- this is done using algorithms such as IDEA,
RC5, DES, Triple DES, etc..
Use of electronic
signature
Use of electronic signatures
e-government and on-line banking
signing electronic contracts and other
documents
authorizing online forms and service
orders
provide advantage over non-user
competition
Future
Electronic signatures in Poland
ID card with chip