In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.

Slides:



Advertisements
Similar presentations
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
International forum on eNotarization and eApostilles The impact of e-technology on notarial acts: legal and technical possibilities and limits -relevance.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Electronic Contracts- eSign & UETA Copyright, Peter S. Vogel,
CHAPTER Current Future Contract Law for E-Commerce Current Future Contract Law for E-Commerce 9.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
The ABA’s Digital Signature Guidelines: An Imperfect Solution to Digital Signatures on the Internet By: Edward D. Kania.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
9 - 1 © 2007 Prentice Hall, Business Law, sixth edition, Henry R. Cheeseman Chapter 17: E-Contracts and Licensing.
Electronic and Digital Signatures
The E-Signatures Act and eConsent Karin Fuog Nelnet Policy Services November 6, 2006.
ESIGN 101 Ken Moyle Margo Tank David Whitaker Chief Legal Officer
Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
State of Texas NOTARY PUBLIC REGULATIONS “TEST YOUR NOTARY SKILLS- WHAT YOU KNOW FACT OR FICTION” Brought to you by TERESA FROST Texas Agency Manager.
Non-repudiation Robin Burke ECT 582. Midterm scores Ave: 69 Std. dev: 23 Median: 75 Max: 100 Min: 35.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Legislation, Regulation, Guidelines
Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.
COPYRIGHT GRANTS AND THE E-SIGN ACT Jeanne M. Hamburg Norris, McLaughlin & Marcus, P.A. 875 Third Avenue New York, New York (212)
IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.
Business Law for the Entrepreneur and Manager
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
NYSAIS | Webinar | May 11, 2011 Electronic Signatures and Red Flag Rules Presented by: Donald J. Mosher Partner Schulte Roth & Zabel LLP
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
MT311 – Business Law I Seminar Presentation UNIT 6 Contracts – Part III Professor Joanne D’Aurizio, JD I.Chapter 12, Breach and Remedies II. Chapter 13,
Electronic Signatures in the SFA Loan Programs Electronic P-Notes Presented by Jeff Baker & Kay Jacks.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Evolving Issues in Electronic Data Collection Workshop Interoperability Russ Savage Electronic Transactions Liaison Arizona Secretary of State Office.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.
LECTURE – V e-COMMERCE İstanbul Commerce University Vocational School.
Electronic Signatures CTO Workshop January 6, 2005 System Computing Services.
E-Filing of IT Returns - salaried Employees An Overview of the Process of e-Filing of Returns.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
1  Only 370 million of world’s 6 billion population know English as native language  70% content on web is in English but more than 50% of current internet.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA.
How the ESign Act Makes Esignatures Work
Electronic Transactions & Authentication
Digital Signature.
Digital Signatures and Forms
Legislation, Regulation, Guidelines
E-Contracts and Internet Law
WEQ-012 PKI Overview March 19, 2019
Reiniger LLC.
Remote Online Notarization (RON) – Update and Look Ahead
Presentation transcript:

In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006

The Public Key Infrastructure is adjudicated by the individual States “Contracts involving interstate or foreign commerce may not be denied legal effect, validity, or enforceability solely because it and/or the signatures on it are in electronic form.” Electronic Signatures In Global And National Commerce Act (E-Sign) passed in the Congress of the United States, June 2000[2]. "Laws and policies for digital signatures should balance the need for consistency across state and national boundaries, the need to allow for experimentation and innovation, and need to respect traditional state jurisdictions, e.g., commerce, contracts, and state rules of evidence." American Bar Association, 1997

States have taken 2 approaches Electronic signature lawsSecure signature laws Clarify how current law should apply to electronic authentication. Explicitly recognize that many different technologies are capable of creating valid signatures, including digital images of signatures, PIN numbers, and biometric devices. Give special statutory benefits (such as evidentiary presumptions and liability limits or other special recognition) for electronic signatures that have an established degree of reliability States include Florida, Virginia, and Texas States include Utah, Washington and Minnesota "If a law requires a signature or record to be notarized, acknowledged, verified, or made under oath, the requirement is satisfied if the electronic signature of the person authorized to perform those acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the signature or record." Texas Business and Commercial Code, Chapter 43; Uniform Electronic Transaction Act "Where a rule of law requires a signature, or provides for certain consequences in the absence of a signature, that rule is satisfied by a digital signature, if: The digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority; The digital signature was affixed by the signer with the intention of signing the message; and The recipient has no knowledge or notice that the signer either breached a duty as a subscriber; or does not rightfully hold the private key used to affix the digital signature." RCW 19.34, Washington Electronic Authentication Act

CA Certification Certification Authorities are approved: by the State (E.g., Washington) by a designated (non-government) registration authority (E.g., Kansas) Washington has licensed VeriSign and Digital Signature Trust. (VeriSign bought Thawte in 2000) CAs must show: Their equipment and processes protect the CAs’ private keys adequately, Their processes verify the authenticity of subscribers adequately, (At least in Washington) They have an office or representative in the state. CAs document their processes in a Certification Practice Statement (VeriSign’s is 73 pages long).

Classes of Certificates ClassAssurance LevelPurposeSubscriber Validation 3High  Code and content signing  SSL tunnels Subscriber must physically visit the CA and provide proof of identity and affiliation to the represented organization. 2Medium  Same as below Matching information against a trusted source such as a credit bureau. 1Low  Signing,  Encryption,  Client authentication Confirmation of subscriber's address. 0Rudimentary  Data Integrity None VeriSign offers certificates in classes 1 – 3 US Postal Service offers Electronic Postmark Service certificates in class 0

Liability CA is largely immune Subscriber is vulnerable to breach of contract Relying Party carries burden of proof Lost or forged certificates Punitive or exemplary damages Damages for pain and suffering CA is liable for damages resulting from inappropriate subscriber authentication to an amount determined in the CA’s own CPS Washington law exempts the CA from liability for: Subscriber is liable for damage resulting from loss or theft of certificates VeriSign’s CPS specifies that before any act of reliance, the Relying Party is responsible for understanding VeriSign’s CPS and verifying: appropriateness of the certificate for the transaction, verification of key usage field extensions, the state of all certificates in the Relying Party to Root path - This is interesting since the whole process is largely automated!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.