An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010"

Transcription

1 An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010

2 Understanding the information security Technology of Encryption and Electronic signature The legal instruments in EU

3 General technical definition information security is a state of affairs where information, information processing and communication is protected against the confidentiality, integrity and availability of information and information processing. In the context of information networks this also covers reliable identification and authentication.

4 Legal definition the obligation to take adequate measures for the purpose of safeguarding the state of affairs corresponding the required level of security, and notably the protection of rights related to informational assets

5 Trust The basic elements of information security Confidentiality Integrity Availability

6 Data protection art17 95/46/EC art /66/EC Spam and cyber crime Art 13 02/58/EC Communication to counter spam(com(2004)28) Convention on Cybercrime Dual use technology OECD recommendation and guidelines for cryptography policy1997 Electronic Signature Directive

7 Underline principles. Technical neutral Non-discrimination Party-autonomy/contractual freedom No-harmonization of national civil law

8 The legality issues The technical answers The liability issues

9 Definition: Electronic signature : data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication (Directive 99/93/EC) Advanced electronic signature: any electronic signature which meets the following requirements: uniquely linked, capable of identifying, maintain sole control, change detectable

10 Form conditions: QC (annex I) CSP (annex II) secure signature creation device (annext III) SKE E-sign Advanced signature advance biometricsqualified signature Digital signatur e

11 Legal effects of the e-signature article 5 of the Directive: Art5 (2) non-discrimination : electronic form, not certified, not certified by accredited CSP (certified service provider); not created by secure signature device Art5 (1) qualified advanced e-signature: the validity in transaction as handwritten signature and evidence effect at court

12 Cryptography basis: The conversion of data into a secret code for transmission over a public network. Encrypt: convent plain text into cipher text Decrypt: convert cipher text into plain text Symmetric key encryption (secret key) Asymmetric key encryption (public key)

13

14 Public key encryption (PKE) in detail problem of PKE: More computational intensive Large amounts of encrypted data vulnerable of hacking Solution = hashing of the data message

15 Digital signature 1

16 Digital signature 2

17 Problem With digital signature Trustworthy linkage between public key and real world identity of accountable person Secure distribution of public keys over open networks Integrity? Solution= Public key infrastructure (PKI)

18 PKI Process Flow Step 1. Subscriber applies to Certification Authority for Digital Certificate Step 2. CA verifies identity of Subscriber and issues Digital Certificate. Step 3. CA publishes Certificate to Repository. Step 4. Subscriber digitally signs electronic message with Private Key to ensure Sender Authenticity, Message Integrity and Non-Repudiation and sends to Relying Party. Step 5. Relying Party receives message, verifies Digital Signature with Subscriber's Public Key, and goes to Repository to check status and validity of Subscriber's Certificate. Step 6.Repository returns results of status check on Subscriber's Certificate to Relying Party.

19

20 agenda The legality issues The technical answers The liability issues -UNCITRAL e-sign ML, EU e-sign Directive

21 E-sign ML-liability concept CA signatory Reasonable allocation of responsibilities in accordance with domains under the specific control of PKI participants Relying party

22 Approach Soft law: Technology neutrality comprehensive Responsibility of the signatory (art8) Responsibility of the relying party(art11) Responsibility of the CSP(art9,10)

23 Approach Hard law Technology neutrality Liability rules CA s liability

24 Article 6 strict liability of CSP liable to ANY person who reasonably relies in qualified certificates Reversed burden of proof Consumer protection rules also applies (art. 6.5 value limitation rule)

25 Art. 6.1 D 99/93/EC Accuracy at time of issuance of all information contained in the qualified certificate - be used in complementary manner Inclusion of minimum required content, regarding Annex I of the Directive The certificate must be marked as qualified certificate Consumers relying in certificates must be able to identify a qualified certificate

26 Art. 6.2 D 99/93/EC: Incorrect revocation data make the CSP liable for all damaged suffered by relying parties Includes the failure to register and process a revocation request Typically also includes the delay in publication of certificate revocation information

27 Art. 6.3 and 6.4 D 99/93/EC: The CSP control risk with two methods: Use and value limitations Key usage (digital signature, key encipherment, etc) Extended key usage ( protection, code signing, etc) Notice inside certificate (may not be seen) Policy control: high level usage definition (contracts, e-invoices, etc) Subscriber and relying party agreements: best solution in civil law systems)

28 Market access: no prior authorization (art 3.1 ) voluntary accreditation (art 3.2)

29 Other provisions data protection issues (art8) International aspects (art7) Committee (art9. 10) Notification (art 11) Review (art 12)

30 Export control measures Wassennar agreement EU dual use regulation of Dec.1994 Domestic control measures Key escrow and key recovery systems Privacy considerations

31 Additional links: SLCommentary_pdf.pdf Thank you for your attention!

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

SSLPost Electronic Document Signing

SSLPost Electronic Document Signing SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information

More information

PKI Disclosure Statement

PKI Disclosure Statement Land Registry Version 2.0 23/07/2008 PKI Disclosure Statement 1. Introduction Land Registry has created an e-security platform for its customers to facilitate role-based access, authentication and electronic

More information

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained

More information

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015 ING Public Key Infrastructure Customer Certificate Policy Version 5.4 - November 2015 Colophon Commissioned by Additional copies Document version General Abstract Audience References ING PKI Policy Approval

More information

ARTL PKI. Certificate Policy PKI Disclosure Statement

ARTL PKI. Certificate Policy PKI Disclosure Statement ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed

More information

E-Signatures. Chris Reed. Professor of Electronic Commerce Law

E-Signatures. Chris Reed. Professor of Electronic Commerce Law E-Signatures Chris Reed Professor of Electronic Commerce Law Centre for Commercial Law Studies, Queen Mary University of London Of counsel, Lawrence Graham Agenda Rethinking the concept of signature e-signature

More information

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

TERMS OF USE FOR NOTARIAL CORPORATE CERTIFICATES FOR ELECTRONIC SIGNATURE

TERMS OF USE FOR NOTARIAL CORPORATE CERTIFICATES FOR ELECTRONIC SIGNATURE TERMS OF USE FOR NOTARIAL CORPORATE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

UNCITRAL Colloquium Legal issues related to Identity Management and Trust Services Vienna - 22 April Trust Services

UNCITRAL Colloquium Legal issues related to Identity Management and Trust Services Vienna - 22 April Trust Services UNCITRAL Colloquium Legal issues related to Identity Management and Trust Services Vienna - 22 April 2016 Trust Services Hervé Jacquemin University of Namur (CRIDS) Member of the Brussels Bar Trust is

More information

National Certification Authority Framework in Sri Lanka

National Certification Authority Framework in Sri Lanka National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

Qualified Electronic Signatures Act (SFS 2000:832)

Qualified Electronic Signatures Act (SFS 2000:832) Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Guidelines for the use of electronic signature

Guidelines for the use of electronic signature Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION

TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION TERMS OF USE FOR NOTARIAL PERSONAL REPRESENTATION CERTIFICATES FOR AUTHENTICATION Prior to the verification of the electronic certificate, or to access or use the certificate status information and other

More information

Trustis FPS PKI Glossary of Terms

Trustis FPS PKI Glossary of Terms Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Dow Corning Corporation. Digital Certificate Practice Statement (DCPS)

Dow Corning Corporation. Digital Certificate Practice Statement (DCPS) Dow Corning Corporation Digital Certificate Practice Statement (DCPS) Page 1 1 Table Of Contents 1. GENERAL CONSIDERATIONS Page 1.1 Purpose Of This Document 3 1.2 Dow Corning DCPS Overview 3 1.3 Reproduction

More information

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc. Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Business Issues in the implementation of Digital signatures

Business Issues in the implementation of Digital signatures Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous

More information

GEOSURE PROTECTION PLAN

GEOSURE PROTECTION PLAN GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates

More information

Protection Profiles for TSP cryptographic modules Part 1: Overview

Protection Profiles for TSP cryptographic modules Part 1: Overview Date: 2015-08 prts 419221-1:2015 Protection Profiles for TSP cryptographic modules Part 1: Overview Document type: Technical Specification Document language: E Contents Introduction...3 1 Scope...4 2 References...4

More information

The contribution of UNCITRAL texts to paperless trade

The contribution of UNCITRAL texts to paperless trade The contribution of UNCITRAL texts to paperless trade Luca Castellani UNCITRAL Secretariat The mandate of UNCITRAL The core legal body of the United Nations system in the field of commercial law. A legal

More information

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013 Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines

More information

LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS

LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS Article 1 - Purpose and scope of the law 1. This Law establishes a legal framework for electronic document flow systems and the use of electronic

More information

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,

More information

SubmitedBy: Name Reg No Email Address. Mirza Kashif Abrar 790604-T079 kasmir07 (at) student.hh.se

SubmitedBy: Name Reg No Email Address. Mirza Kashif Abrar 790604-T079 kasmir07 (at) student.hh.se SubmitedBy: Name Reg No Email Address Mirza Kashif Abrar 790604-T079 kasmir07 (at) student.hh.se Abid Hussain 780927-T039 abihus07 (at) student.hh.se Imran Ahmad Khan 770630-T053 imrakh07 (at) student.hh.se

More information

WACOM esignature Solutions

WACOM esignature Solutions WACOM esignature Solutions Compliance with European e-signature legislation WHITE PAPER www.dlapiper.com CONTENTS 1. INTRODUCTION...3 2. CONTRACTUAL VALIDITY AND ENFORCEABILITY...3 3. CONTESTING HANDWRITTEN

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002 STATUTORY INSTRUMENTS 2002 No. 318 ELECTRONIC COMMUNICATIONS The Electronic Signatures Regulations 2002 Made - - - - - 13th February 2002 Laid before Parliament 14th February 2002 Coming into force - -

More information

Adding e to life Conveniences and Complexities

Adding e to life Conveniences and Complexities Title: Adding e to life Conveniences and Complexities Author: Mustafa Syed Profile: M.Sc. Software Development, 30+ years IT related local & foreign experience, extensive experience of data centre operations,

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS June 2015 Purpose The Electronic Signatures in Global and National Commerce (ESIGN) Act (15 U.S.C. 7001-7006), enacted in 2000, permits, but does not require,

More information

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above).

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above). Subscriber Agreement for Certificates PLEASE READ THIS AGREEMENT AND MICROS CERTIFICATION PRACTICES STATEMENTS ("CPS") CAREFULLY BEFORE USING THE CERTIFICATE ISSUED TO YOUR ORGANIZATION. BY USING THE CERTIFICATE,

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Legal aspects of electronic signatures in Bulgaria

Legal aspects of electronic signatures in Bulgaria Article Legal aspects of electronic signatures in Bulgaria GEORGE G DIMITROV Legal Framework The contemporary Bulgarian law provides a thorough regulation of electronic signatures by a set of primary and

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

PKI COMPONENTS AND RELATED STANDARDS.

PKI COMPONENTS AND RELATED STANDARDS. PKI COMPONENTS AND RELATED STANDARDS. COMESA/POTRAZ Zimbabwe 4-6 May 2016. Dr. Izzeldin Kamil Amin Associate Professor. Faculty of Mathematical Sciences University of Khartoum. izzeldin@outlook.com PKI

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Act. on Strong Electronic Identification and Electronic Signatures (617/2009)

Act. on Strong Electronic Identification and Electronic Signatures (617/2009) NB: Unofficial translation; legally binding texts are those in Finnish and Swedish Act on Strong Electronic Identification and Electronic Signatures (617/2009) Chapter 1 General provisions Section 1 Scope

More information

ETSI TS 101 456 V1.4.3 (2007-05)

ETSI TS 101 456 V1.4.3 (2007-05) TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Presentation by Sunimal Weerasooriya, CEO LankaClear (Pvt) Ltd. Introduction to LankaClear Originated as Sri

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

Certum QCA PKI Disclosure Statement

Certum QCA PKI Disclosure Statement CERTUM QCA PKI Disclosure Statement v1.1 1 Certum QCA PKI Disclosure Statement Version 1.1 Effective date: 1 st of April, 2016 Status: valid Asseco Data Systems S.A. ul. Żwirki i Wigury 15 81-387 Gdynia

More information

Code of Practice on Electronic Invoicing in the EU

Code of Practice on Electronic Invoicing in the EU CEN/WS einvoicing Phase 3 Date: 2011-11 CEN Workshop AgreementTC WI Secretariat: NEN Code of Practice on Electronic Invoicing in the EU Status: for public review (23 November 2011-23 January 2012) ICS:

More information

Gatekeeper. Public Key Infrastructure Framework

Gatekeeper. Public Key Infrastructure Framework Gatekeeper Public Key Infrastructure Framework V 3.0 NOVEMBER 2014 Gatekeeper Public Key Infrastructure Framework V 3.0 DECEMBER 2014 Foreword Information and Communication Technologies (ICT) are transforming

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

Digital Signatures, Certification Authorities: Certainty in the Allocation of Liability. I. Introduction

Digital Signatures, Certification Authorities: Certainty in the Allocation of Liability. I. Introduction Singapore Journal of International & Comparative Law (2003) 7 pp 183 200 Digital Signatures, Certification Authorities: Certainty in the Allocation of Liability Yee Fen Lim I. Introduction Electronic signatures

More information

Egyptian Best Practices Securing E-Services

Egyptian Best Practices Securing E-Services Egyptian Best Practices Securing E-Services Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA Agenda Security Measures for E-Services Examples of E- Services Threats

More information

II. NATIONAL E-COMMERCE LEGISLATION IN ASIA AND THE PACIFIC: THE CASE OF SINGAPORE. A. Overview

II. NATIONAL E-COMMERCE LEGISLATION IN ASIA AND THE PACIFIC: THE CASE OF SINGAPORE. A. Overview National e-commerce legislation in Asia and the Pacific: the case of Singapore II. NATIONAL E-COMMERCE LEGISLATION IN ASIA AND THE PACIFIC: THE CASE OF SINGAPORE By Goh Seow Hiong 9 A. Overview The e-commerce

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Cryptography and Network Security 1. Overview. Lectured by Nguyễn Đức Thái

Cryptography and Network Security 1. Overview. Lectured by Nguyễn Đức Thái Cryptography and Network Security 1. Overview Lectured by Nguyễn Đức Thái Outline Security concepts X.800 security architecture Security attacks, services, mechanisms Models for network (access) security

More information

The Information Security Problem

The Information Security Problem Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify

More information

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

Getting started with Digital Certificates Part I

Getting started with Digital Certificates Part I Getting started with Digital Certificates Part I This is a two part presentation where we will attempt to unlock the mysteries of digital certificates. Part I will get you started in the world of Digital

More information

Public Key Cryptography in Practice. c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13)

Public Key Cryptography in Practice. c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) Public Key Cryptography in Practice c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

January 30, 2014 Mortgagee Letter 2014-03

January 30, 2014 Mortgagee Letter 2014-03 U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT WASHINGTON, DC 20410-8000 ASSISTANT SECRETARY FOR HOUSING- FEDERAL HOUSING COMMISSIONER January 30, 2014 Mortgagee Letter 2014-03 To: All FHA-Approved Mortgagees

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

ETSI TS 102 042 V1.1.1 (2002-04)

ETSI TS 102 042 V1.1.1 (2002-04) TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

THE ELECTRONIC SIGNATURE - TECHNICAL AND LEGAL IMPLICATIONS

THE ELECTRONIC SIGNATURE - TECHNICAL AND LEGAL IMPLICATIONS Bulletin of the Transilvania University of Braşov Series VII: Social Sciences Law Vol. 7 (56) No. 2-2014 THE ELECTRONIC SIGNATURE - TECHNICAL AND LEGAL IMPLICATIONS Adrian Constantin MANEA 1 Abstract:

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 1. Contact Information Enquiries or other communications about this statement should be addressed to: The Royal Bank of Scotland TrustAssured

More information

Operating a CSP in Switzerland or Playing in the champions league of IT Security

Operating a CSP in Switzerland or Playing in the champions league of IT Security Operating a CSP in Switzerland or Playing in the champions league of IT Security Agenda SwissSign Technology Products and Processes Legal Aspects and Standards Business Model Future Developments 2 SwissSign

More information

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit

More information

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM

RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM Qi Wenhua, Zhang Qishan, Liu Hailong School of Electronics and Information Engineering BeiHang University, P. R. China 100083 ABSTRACT Security hardware based

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

7 Key Management and PKIs

7 Key Management and PKIs CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin. www.itmr.ac.in

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin. www.itmr.ac.in 01 0110 0001 01101 WHITE PAPER ON Data Encryption Prepared by Mohammed Samiuddin www.itmr.ac.in Contents INTRODUCTION... 2 NEED FOR DATA ENCRYPTION... 3 DUE CARE... 3 REPUTATIONAL RISK... 3 REGULATORY

More information

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services.

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services. THIS EXTENDED WARRANTY PROTECTION PLAN ( Plan ) is provided by Symantec Corporation ( Symantec ) to NetSure Subscribers identified below. NetSure Subscribers holding Symantec Trust Network, Thawte, GeoTrust,

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES

LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES LAW No. 107/2015 ON ELECTRONIC IDENTIFICATION AND TRUST SERVICES Pursuant to article 78 and 83, paragraph 1 of the Constitution, upon the proposal of the Council of Ministers, THE ASSEMBLY OF THE REPUBLIC

More information