Professional Documents
Culture Documents
Digital Signatures 2
Digital Signatures 2
Transactions
TOPICS COVERED
REPORT INTEGRITY
AUTHENTICATION
TRUST IN PAPER-BASED REPORTS
ELECTRONIC REPORTING
FROM PAPER TO ELECTRONIC:
Repudiation Risks in Basic Electronic
Transactions
Digital Signatures
• Public Key Infrastructure
Public Key Infrastructure (PKI)
• A trusted authority
• Responsible for creating the key pair,
distributing the private key,
publishing the public key and
revoking the keys as necessary
• The “Passport Office” of the Digital
World
Digital Certificates
• A unique electronic signifier issued by a
Certificate Authority that functions like a
passport to verify a user’s identity.
• The certificate authority binds the unique
key to the following
• Name of the Certificate Authority
• Certificate Expiration Date
• Certificate Identity Number
• Certificate Storage
• software tokens
• browser certificate stores
• hardware tokens (Smart Cards, USB Tokens)
Public Key Cryptography
Encryption key
@#@#@$
$56455908283923
542#$@$#%$%
$^&
Decryption key
Unreadable Format
Public Key Infrastructure in Action
Secure
Encrypting Decrypting
Transmission
Signatures Decrypting Encrypting
Digital Signatures
Private key
Public Key
Decryption Algorithm
Digitally Signed
Authentication and Verification
Digital
Public Certificate
• Definitions
• Digital Signatures Must Be Created By An Acceptable
Technology- Criteria For Determining Acceptability
• List of Acceptable Technologies
• Provisions For Adding New Technologies to the List of
Acceptable Technologies
• Issues to Be Addressed By Public Entities When Using
Digital Signatures
California Digital Signature Regulations
The technology known as Public Key Cryptography is
an acceptable technology for use by public entities in
California, provided that the digital signature is
created consistent with the provisions in Section
22003(a)1-5.
"Acceptable Certification Authorities" means a
certification authority that meets the requirements of
either Section 22003(a)6(C) or Section 22003(a)6(D).
"Approved List of Certification Authorities" means the
list of Certification Authorities approved by the
Secretary of State to issue certificates for digital
signature transactions involving public entities in
California.
Summary: Electronic Report Transactions
are subject to fraud and easily repudiated: