Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Signatures & Encryption February 20011 Electronic Signatures & Encryption Abu Dhabi Chamber of Commerce and Industry February 20/21, 2001 John D. Gregory.

Similar presentations


Presentation on theme: "E-Signatures & Encryption February 20011 Electronic Signatures & Encryption Abu Dhabi Chamber of Commerce and Industry February 20/21, 2001 John D. Gregory."— Presentation transcript:

1 E-Signatures & Encryption February 20011 Electronic Signatures & Encryption Abu Dhabi Chamber of Commerce and Industry February 20/21, 2001 John D. Gregory Ministry of the Attorney General (Ontario, Canada)

2 E-Signatures & Encryption February 20012 Encryption zWhat is encryption? zWhat is encryption for? yConfidentiality ySignature yIntegrity of text zApplicable law zLegal advantages of encryption ypresumption of attribution ypresumption of integrity

3 E-Signatures & Encryption February 20013 What is encryption? zEncryption is the transformation of text by a known process that permits the recreation of the original text by someone able to use the process. zCryptography is the science or method of creating encryption zAlgorithm is the mathematics of the encryption process zKey is the way of making the algorithm work with a particular text or for a particular person

4 E-Signatures & Encryption February 20014 What is encryption? zSecret key / single key / shared key cryptography ythe same key is used to encrypt and to decrypt the text ytraditional method of encryption yproblems of key distribution, especially if multiple users, expiring keys

5 E-Signatures & Encryption February 20015 What is encryption? zPublic key / dual key / asymmetric cryptography yTwo mathematically-related keys (key pair) yText is encrypted with one key and decrypted only with the other key yKnowing one key does not allow calculation of the other key yOne key is kept secret (private key), the other is available to anyone (public key)

6 E-Signatures & Encryption February 20016 What is encryption? zPublic key infrastructure (PKI) yis ensemble of hardware, software, contracts and administrative practices designed to identify the holder of a valid key pair yfeatures (a) Certification Authority (CA) that follows published procedures and policy and: xissues keys (in some versions) xissues certificates about the holder of the key pair xmay perform or outsource other functions xmust be trusted by people relying on encryption

7 E-Signatures & Encryption February 20017 What is encryption? zPublic Key Infrastructure (2) yOther functions of a PKI: xRegistration authority - identifies keyholders xDirectory of keyholders xRevocation and suspension - control lists xTime-stamping yThe main participants of a PKI: xCertification Authority / (admin functions) xKeyholder / subscriber / holder of signing device/ “signatory” xPerson who wishes to rely on encryption (RP)

8 E-Signatures & Encryption February 20018 What is encryption for? zConfidentiality: ySingle key cryptography xonly the holder of key (but any holder) can read message encrypted by that key yDual key cryptography xonly holder of one key can read message encrypted by the other key xencrypt with public key, only holder of private key can read message - so secret except to the holder xuse certificate to confirm holder of private key

9 E-Signatures & Encryption February 20019 What is encryption for? zSignature: ySingle key cryptography xanyone who holds the key may be source of message yDual key cryptography (digital signature) xsign with private key, open with public key xonly holder of private key can be source xso long as key is private, source is reliable xuse certificate to identify source (= signer+-)

10 E-Signatures & Encryption February 200110 What is encryption for? zIntegrity of text: ysingle key cryptography: no traditional role ydual key cryptography xhash text with agreed one-way hash function to create message digest (mathematical function) xencrypt digest with private key (= the signature) xtransmit plaintext and encrypted digest xrecipient hashes text, decrypts received digest xif digests match, text has not been altered

11 E-Signatures & Encryption February 200111 What is encryption for? zIssues for a PKI yPolicy Management Authority (PMA) xgovernance issues are not easy yIdentity certificates and role certificates xprivacy considerations, technical challenges ySignature keys and confidentiality keys xkey recovery policies and practices yCross-certification, cross-recognition xstandards of interoperability

12 E-Signatures & Encryption February 200112 Applicable law zUNCITRAL Model Law and variants zAuthorizes use of electronic signatures yintention to sign ylink with signed document zAuthorizes use of electronic originals yintegrity must be shown zNo law prevents confidentiality (Canada) ysome obligation to preserve confidentiality ysome obligation to give access to records

13 E-Signatures & Encryption February 200113 Applicable law zSome laws on encrypted e-signatures yUtah (1995) - the pioneer - regulated system ySingapore (1998) optional but regulated yIllinois (1998) optional and accredited yEU (2000) standards-based, party autonomy yCanada - Bill C-6 - for some functions zNOT in: yUNCITRAL ML on E-Signatures yUniform Electronic Transactions Act (US) yUniform Electronic Commerce Act (Canada)

14 E-Signatures & Encryption February 200114 Legal effects of encryption zPresumption of attribution yWho signed the document? yPresumption is rebuttable - how easily? yConsequences of rebuttal - negligence? yEU - only “equivalent to handwritten” status zPresumption of integrity yClear technical basis for this presumption yAlmost irrebuttable in practice yDebate: is this necessary for a good signature? Or is it an added benefit only?

15 E-Signatures & Encryption February 200115 Legal effects of encryption zIssue: technical reliability xhow trustworthy is the system? xwhat registration procedures? xWhat management of keys by keyholders? zIssue: variants in implementation xrole of CA may vary xcontent of certificate may vary xcommercial use of certificates may vary zIssue: knowledge of legal standards xsome users may misjudge duties, effects zIssue: fairness xpossible liability without avoidable fault

16 E-Signatures & Encryption February 200116 Legal effects of encryption zSources on encrypted signatures and law zhttp://www.pkilaw.comhttp://www.pkilaw.com zhttp://www.state.ma.us/itd/legal/pki.htmhttp://www.state.ma.us/itd/legal/pki.htm zhttp://www.ilpf.org/http://www.ilpf.org/ yEspecially http://www.ilpf.org/digsig/analysis_IEDSII.htm http://www.ilpf.org/digsig/analysis_IEDSII.htm zCanadian federal government PKI: zhttp://www.cio-dpi.gc.ca/pki-icp/index_e.asphttp://www.cio-dpi.gc.ca/pki-icp/index_e.asp


Download ppt "E-Signatures & Encryption February 20011 Electronic Signatures & Encryption Abu Dhabi Chamber of Commerce and Industry February 20/21, 2001 John D. Gregory."

Similar presentations


Ads by Google