Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Digital-Signature-in_organization.pdf

 Digital-Signature-in_organization.pdf

rizalbroer

May 12, 2020
Tweet

Other Decks in Education

Transcript

  1. Digital Signature
    Rizal Broer Bahaweres
    www.rizalbroer.info

    View full-size slide

  2. LIST OF ABBREVIATIONS
    • CA = Certification Authority/Agent
    • CRL = Certificate Revocation List
    • ECC = Elliptic curves Cryptography
    • EU = European Union
    • EU = European Union

    View full-size slide

  3. Introduction
    • Hand written signatures are common place,
    but there is now another possible way to
    acknowledge volition – a digital signature.
    • We will try to describe all positives and
    • We will try to describe all positives and
    negatives of a digital signature and propose
    some solution how to increase and improve
    the usage of a digital signature.

    View full-size slide

  4. Digital Signature
    • A digital signature is a specific type of electronic signature
    (e-signature) that relies on public-key cryptography to
    support identity authentication and provide data and
    transaction integrity. It is used as a means to reach a goal of
    providing irrefutable evidence that a specific digital object
    originated from a specific individual and has not been
    altered. The authentication mechanism supports the
    originated from a specific individual and has not been
    altered. The authentication mechanism supports the
    business need of capturing the signer’s intent to sign.
    Digital signatures are used to support several security
    functions. However, the focus of this technology profile is
    on digital signatures used to protect the integrity and
    authenticity of documents, such as forms, agreements or
    contracts, and to demonstrate intent to sign.

    View full-size slide

  5. Product capability

    View full-size slide

  6. Customer Experience

    View full-size slide

  7. What are digital signatures?
    • Digital signatures are like electronic
    “fingerprints.” In the form of a coded message,
    the digital signature securely associates a signer
    with a document in a recorded transaction.
    Digital signatures use a standard, accepted
    Digital signatures use a standard, accepted
    format, called Public Key Infrastructure (PKI), to
    provide the highest levels of security and
    universal acceptance. They are a specific
    signature technology implementation of
    electronic signature (eSignature).

    View full-size slide

  8. What’s the difference between a digital
    signature and an electronic signature?..(1)
    • The broad category of electronic signatures
    (eSignatures) encompasses many types of
    electronic signatures. The category includes
    digital signatures, which are a specific technology
    implementation of electronic signatures. Both
    digital signatures and other eSignature solutions
    implementation of electronic signatures. Both
    digital signatures and other eSignature solutions
    allow you to sign documents and authenticate
    the signer. However, there are differences in
    purpose, technical implementation, geographical
    use, and legal and cultural acceptance of digital
    signatures versus other types of eSignatures.

    View full-size slide

  9. What’s the difference between a digital
    signature and an electronic signature?.. .(2)
    • In particular, the use of digital signature
    technology for eSignatures varies significantly
    between countries that follow open, technology-
    neutral eSignature laws, including the United
    States, United Kingdom, Canada, and Australia,
    and those that follow tiered eSignature models
    States, United Kingdom, Canada, and Australia,
    and those that follow tiered eSignature models
    that prefer locally defined standards that are
    based on digital signature technology, including
    many countries in the European Union, South
    America, and Asia. In addition, some industries
    also support specific standards that are based on
    digital signature technology.

    View full-size slide

  10. How do digital signatures work?

    View full-size slide

  11. How do I create a digital
    signature?..(1)
    • eSignature providers, such as DocuSign, that
    offer solutions based on digital signature
    technology, make it easy to digitally sign
    documents. They provide an interface for
    documents. They provide an interface for
    sending and signing documents online and
    work with the appropriate Certificate
    Authorities to provide trusted digital
    certificates.

    View full-size slide

  12. How do I create a digital
    signature?..(2)
    • Depending upon the Certificate Authority you are
    using, you may be required to supply specific
    information. There also may be restrictions and
    limitations on whom you send documents to for
    signing and the order in which you send them.
    DocuSign’s interface walks you through the
    signing and the order in which you send them.
    DocuSign’s interface walks you through the
    process and ensures that you meet all of these
    requirements. When you receive a document for
    signing via email, you must authenticate as per
    the Certificate Authority’s requirements and then
    “sign” the document by filling out a form online.

    View full-size slide

  13. Public Key Infrastructure

    View full-size slide

  14. What is Public Key Infrastructure (PKI)?
    • Public Key Infrastructure (PKI) is a set of requirements
    that allow (among other things) the creation of digital
    signatures. Through PKI, each digital signature
    transaction includes a pair of keys: a private key and a
    public key. The private key, as the name implies, is not
    shared and is used only by the signer to electronically
    shared and is used only by the signer to electronically
    sign documents. The public key is openly available and
    used by those who need to validate the signer’s
    electronic signature. PKI enforces additional
    requirements, such as the Certificate Authority (CA), a
    digital certificate, end-user enrollment software, and
    tools for managing, renewing, and revoking keys and
    certificates.

    View full-size slide

  15. What is a Certificate Authority (CA)?
    • Digital signatures rely on public and private keys.
    Those keys have to be protected in order to
    ensure safety and to avoid forgery or malicious
    use. When you send or sign a document, you
    need assurance that the documents and the keys
    are created securely and that they are using valid
    need assurance that the documents and the keys
    are created securely and that they are using valid
    keys. CAs, a type of Trust Service Provider, are
    third-party organizations that have been widely
    accepted as reliable for ensuring key security and
    that can provide the necessary digital certificates.
    Both the entity sending the document and the
    recipient signing it must agree to use a given CA.

    View full-size slide

  16. Are eSignatures, based on digital signature
    technology, legally enforceable?
    • Yes. The EU passed the EU Directive for
    Electronic Signatures in 1999, and the United
    States passed the Electronic Signatures in
    Global and National Commerce Act (ESIGN) in
    Global and National Commerce Act (ESIGN) in
    2000. Both acts made electronically signed
    contracts and documents legally binding, like
    paper-based contracts. Since then, the legality
    of electronic signatures has been upheld many
    times.

    View full-size slide

  17. What is a digital certificate?
    • A digital certificate is an electronic document
    issued by a Certificate Authority (CA). It contains
    the public key for a digital signature and specifies
    the identity associated with the key, such as the
    name of an organization. The certificate is used to
    name of an organization. The certificate is used to
    confirm that the public key belongs to the specific
    organization. The CA acts as the guarantor. Digital
    certificates must be issued by a trusted authority
    and are only valid for a specified time. They are
    required in order to create a digital signature.

    View full-size slide