Slide 1

DIGITAL SIGNATURE Slide 2 CAN ELECTRONIC DATA BE TRUSTED? Accuracy and Authenticity Decisions regarding Environmental Health and Impact Security Protection from unauthorized access Tamper-resistant Accidental human errors Intentional - Fraud Credibility in Judicial Proceedings Effective Enforcement Plaintiff/Defendant Subpoena Slide 3 TRUST IN PAPER-BASED REPORTS Slide 4 ELECTRONIC REPORTING Slide 5 WHAT IS DIGITAL SIGN A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering Slide 6 1.AUTHENTICATION: the ability to prove the senders identity 2. REPORT INTEGRITY: the ability to prove that there has been no change during transmission, storage, or retrieval 3. NON-REPUDIATION: the ability to prove that the originator of a report intended to be bound by the information contained in the report Why to use digital signature Slide 7 Where to use digital signature On a agreement with authenticity On a formal email On a article Slide 8 HOW TO USE DIGITAL SIGNATURE Digital Signatures Public Key Infrastructure Slide 9 Public Key Infrastructure (PKI) PKI is a combination of software, encryption technologies and facilities that can facilitate trusted electronic transactions. PKI Components Key Pairs Certificate Authority Public Key Cryptography Slide 10 Key Pairs A key is a unique digital identifier Keys are produced using a random number generator A key pair consists of two mathematically related keys The private key is secret and under the sole control of the individual The public key is open and published Slide 11 A trusted authority Responsible for creating the key pair, distributing the private key, publishing the public key and revoking the keys as necessary The Passport Office of the Digital World Certificate Authority Slide 12 Report Encryption Algorithm Digitally Signed An individual digitally signs a document using the private key component of his certificate. Digital Signatures Private key Slide 13 Authentication and Verification The individuals public key, published by the CA decrypts and verifies the digital signature. Digitally Signed Public Key Decryption Algorithm Slide 14 Authentication and Verification Any changes made to the report will invalidate the signature Provides evidence of report integrity Provides proof of report originators identity - Authentication Slide 15 Slide 16 Security in Transmission Secure Socket Layer (SSL) https Submission is encrypted by the sender with recipients public key After receipt, submission is decrypted with recipients private key Slide 17 ACHIEVING TRUST IN ELECTRONIC REPORTS Slide 18 What Should Be Signed ? Balance between capturing the entire content of the transaction vs. ease of data integration Data that is Machine readable but which separates user entry content from context: database, comma delimited, spreadsheet, etc Data that records content and context but which are not easily integrated into databases: word, pdf, image, html, etc Slide 19 Granting Public Access to paper reports Public comes into agency office Public provides drivers license or other identification Agency can monitor who is accessing data Slide 20 Providing Trusted Electronic Access to Data Identity of user is unknown Access cannot be monitored Relying on the Certificate Authority Slide 21 Public Digital Certificate In order to obtain access to Community Right to Know Data, individuals first obtain digital Certificates. Applying PKI to Public Access Slide 22 Public After contributing a certificate to gain access, The individuals certificate can be cross- referenced with other security databases to monitor suspect individuals. Digital Certificates Agency Slide 23 Unsigned Web forms can be sent by anyone. They can be tampered in transmission and the sender cant be legally verified Unsigned Data in a database can be altered and does not provide adequate evidence in a court of law Data on Diskette can be altered without visible evidence Summary: Electronic Report Transactions are subject to fraud and easily repudiated: Slide 24 Conclusion, cont. 2. PKI supports trusted access to Public Data: Agencies require individuals to contribute digital certificates in order to gain access. Agencies can track who gains access at what time The names of individuals who seek access can be cross-referenced with additional security databases to protect public safety Slide 25 Conclusion, cont. 3. Complete Archiving ensures that a legal record of a transaction can be trusted : Non-repudiation- Storing a copy of the entire data (including questions on the form) with the digital signature.