220 likes | 756 Views
Digital Signature and Public Key Infrastructure. Course: COSC513-01 Instructor: Professor Anvari Student ID: 106845 Name: Xin Wen Date: 11/25/00. Content. Introduction Digital Signature and information security Public key cryptography Digital Signature components & processes
E N D
Digital Signature and Public Key Infrastructure Course: COSC513-01 Instructor: Professor Anvari Student ID: 106845 Name: Xin Wen Date: 11/25/00
Content • Introduction • Digital Signature and information security • Public key cryptography • Digital Signature components & processes • Public key infrastructure(PKI) & its Flow
Introduction • Paperless office • Cultural tradition • Tangible paper • Handwritten signature • Sealed envelopes etc. • Lack of legal admit • Lack of infrastructure to support it • Technology
The Internet and electronic commerce • Internet • Lack of sufficient information security • Lack of framework to enable electronic commerce • Public key cryptography technology • Legal recognition of digital signatures • The elimination of paper becomes true
Fundamental requirement • Sender authenticity • Message integrity • Non-repudiation • Signature formalities
Satisfying the requirements in electronic commerce • The purpose is to • Protect the message • Not the medium • No way to make a secure environment • The availability and affordability of the public network • Secure the message • Base on public key cryptography • Utah Digital Signature Act is the first one
Digital Signatures & information security • A digital signature is not • a digitized image of a handwritten signature • like the UPS signature • Signature is digitized • Image is transferred to electronic document • Once captured, can be easily copy and paste • A digital signature is • An actual transformation of an electronic message using public key cryptography • Tied to the signed document and signer, not reproducible • Legal admitted • Contract can be done over internet
The basic principles • All data entered into a computer is read as a binary number. • For example: “Jack and Jill went up the hill • The computer read it as:”1000111010100111000101” etc • Perform mathematical functions on the number • Messages be transformed to alternate representations unique to the original one
Public key cryptography • Employs an algorithm using two different but mathematically related “keys” • One (primary key) for creating a digital signature or transforming data into a seemingly unintelligible form • Another key (public key) for verifying a digital signature or returning the message to its original form
Public key cryptography • Also termed as asymmetric key cryptography • Involves an asymmetric key pair • Public key: freely disseminated; no need of confidential • Private key: must keep secret • Characteristics of the key pairs • Mathematical related, but impossible to calculated each other • Each key perform the inverse function of the other, one key does only that the other can undo
Digital Signature components • Digital signatures are based on asymmetric, public key cryptography • The digital signing and verification processes involve a hash algorithm and a signature algorithm(extremely complex math equation)
100 Original Message *2 Hash Algorithm = 200 MessageDigest(fingerprint) *2 Signature Algorithm = 400 Digital Signature (*2 is primary key) a digital signature has nothing to do with the signer’s name or handwritten signature An actual transformation of the message itself , and that is “secret” only known by the signer Tied to both the signer and the message being signed. Digital Signature components
Message Message Hash Function Message Digest Signature Function Digital Signature Signature Private Key Creating a digital signature
Verifying a digital signature If the message digest are identical, the signature will verify, If they are different in any way, the signature will not verify. Message Hash Function Message Digest Digest Signature Signature Function Message Digest Signer’s Public Key
Public key infrastructure • Using digital signature software • Generate a key pair • Release his public key to the on-line world • Use any identity he choose • Certification authority (CA) • A trusted third party • Guarantee individuals’ identities, • Guarantee their relationship to their public keys • (Bind their identities to the key pairs)
Public key infrastructure • Digital certificates contains: • Name of the subscriber • The subscriber’s public key • The digital signature of the issuing CA • The issuing CA’s public key • Other pertinent information about the subscriber • Subscriber’s organization (e.g. his authority to conduct certain transactions.etc) • These certificates are stored in a on-line, publicly accessible repository
PKI Process Flow Certification Authority Repository 3 1 2 6 5 Subscriber 4 Relying Party
PKI Process Flow • Step1. Subscriber applies to Certification Authority for Digital Certificate • Step2. CA verifies identity of subscriber and issues Digital Certificate • Step3. CA publishes Certificate to Repository • Step4. Subscriber digitally signs electronic message with Private key to ensure Sender Authenticity, Message Integrity and Non-repudiation and sends to Relying Party • Step5. Relying Party receives message, verifies Digital Signature with Subscriber’s Public Key, and goes to Repository to check status and validity of Subscriber’s Certificate • Step6. Repository returns results of status check on Subscriber’ Certificate to Relying Party
Digital signature applications • Any processes that requires strong authentication of both sender and contents of the message, and non-repudiation. • Such applications as • Purchase order systems • Automated forms processing contracts • Remote financial transactions or inquires
Covers • Digital Signature • What it is • Basic principle • Its components • Create and verifying it • Its application • Public key cryptography • Definition • Character of key pairs • Public key infrastructure • PKI • PKI Process Flow