Archive for the ‘E-Signatures’ Category
Information Security Software : E-Signatures
E-Commerce (EC) Implementation of business communication and transactions over networks and through computers. As most restrictively defined, electronic commerce is the buying and selling goods and services and transfer of funds, through digital communications. However, all EC functions and inter-intra (eg, marketing, finance, production, sales and negotiation) that enable commerce and use electronic mail, EDI, file transfer, fax, video conference, workflow, or interaction with a remote computer. E-signature – the definition of a digital signature is an electronic device (Code) signature that can be used to establish the identity of the sender of a message or the signer to authenticate a document and can be guaranteed that original content of the message or document was sent is unchanged. Digital signatures are easily transportable, can not be imitated by someone else, and can be automatically provided with a timestamp. The ability to ensure that the original message signed means that the sender can deny it as easily come later. A digital signature can be used with any type of message, if it is encrypted or not, just so the recipient can be sure that the arrival of the sender identity and message intact. A digital certificate contains the digital signature of the certificate-issuing authority so that everyone can verify that the certificate is authentic. A formal definition: “(I) calculated a value of a data encryption algorithm and a joint purpose in a way that each can receive data using the signature to verify the data origin and integrity. (Ii) data attached, or a cryptographic transformation of a unit of data that a recipient of the data unit which enables the source and integrity of the data unit and to prove to protect against counterfeiting, eg by the recipient. “Source: IETF. E-signature – How it works (using PKI) Suppose you wanted to send the draft contract with your lawyer in a another city. You want your lawyer to be sure it is unchanged from what was sent and it has really come to you. First you copy and paste the contract (it is a very short!) In a notice via email. 2nd Using special software, you receive a message hash (mathematical summary) of the Treaty. Then third, you use a private key that you previously received a public authority of the private key cryptographic hash. The fourth hash is encrypted digital signature of your message. (Note that this will be different each time you send a message.) At the other end, then your lawyer the message. To ensure First it intact and you, your lawyer makes a hash of the received message. Your second lawyer then uses your public key to decode the message hash or summary. 3rd If the hashes match, the received message is valid. E-signature – the facts we all know it from different definitions of electronic signature legislation and so far clear that almost everyone has tried to adopt to remain independent of technology date. But it is generally considered that the use of PKI provides a popular way to create electronic signatures (digital signature) in the world. The use of PKI has several advantages over other methods which are clearly too easily and securely with industry and businesses to use such a solution seen. The ease of sharing have issued key hashing algorithms and irreversible association of the key for individual use certificate Digital with a trusted third party (Certificate Authority), contributed to this recipe especially food. A certification authority (CA) is a digital certificate information provided for the certificate, verifying the accuracy and provide information and digitally signs the certificate, the certificate for those employees with a public key and also published his guard by this button. By intelligently CA legal agreements, any liability on the responsibility of the holder and s Relying parties, while the most popular Internet browsers and email clients mechanism has developed to trust a certificate, implicitly or explicitly. In such scenarios, it is very important for everyone to ensure that Certificates are trusted and relied upon when the CA issued by a trusted and are not expired by the issuing authority is validated and / or revoked. Addition of each certificate is explicitly managed in the trust list of your operating system ‘s Harakiri is not less. CA is required to publish its Certificate Policy (CP) and Certificate Practice Statement (CPS) in cooperation with other agreements such as the Agreement by the Subscriber and Relying Party Agreement. Equally important is the fact that all parties must understand and know exactly fix the compensation and guarantees in various legal contracts. The digital certificate guarantees that the key pair for digital signatures is the person whose data are in accordance with the certificate to be involved. The certificate may also, of a person, as a company secretary. This total dependence shows the relying party must trust the certificate issuing authority (issuing CA) and confirmed its ability to have the certificate CA. It has been recognized and recommended practices of not believing that the certificate can be checked for its validity, this means that the CA certificate must be checked online in real time. Each certificate revocation CA lists that this provision is not good enough for a serious matter. Trusting a CA must be a deliberate decision again and have a good knowledge of CA security, they, they, their policies and practices associated with the platform certificate management life cycle, recruitment of staff, access to sensitive information, and areas (physical access), segregation of personnel, etc. require an individual task order shall not be on a digital signature informed have the advantage of all the legalities and contracts, however, the individual will be more comfortable if an external entity can invoke the verification and certification certificate issuing CA trusted. Conclusion There is no doubt that we have come a long way in improving this technology for comfort and confidence of the parties business transactions by electronic documents and transactions throughout the world on the other, yet need for governance in an entirely new territory for us all. And I must be content with these technologies (Web) to provide practical methods of searching, collecting information and business processes at such a rate that would been impossible a few decades back have. We provide information Security Solution software for system testing, forensic risk management of public services, vulnerability analysis, auditing tools, tools for penetration testing, tools and regulatory compliance.