APPLICATION OF ELECTRONIC SIGNATURES IN TRANSFERRING THE INFORMATION ABOUT SPACE



Similar documents
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

SSLPost Electronic Document Signing

Protection Profiles for TSP cryptographic modules Part 1: Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Advanced Authentication

PARLIAMENT OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA

Ericsson Group Certificate Value Statement

THE ELECTRONIC SIGNATURE - TECHNICAL AND LEGAL IMPLICATIONS

An Act to provide for the facilitation of the use of electronic transactions and signatures and for related matters.

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

Merchants and Trade - Act No 28/2001 on electronic signatures

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

Electronic and Digital Signatures

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

E-Signatures. Chris Reed. Professor of Electronic Commerce Law

OB10 - Digital Signing and Verification

2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002

Review of methods for secret sharing in cloud computing

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

24-7 Electronic Signature White Paper

Savitribai Phule Pune University

Archived NIST Technical Series Publication

Fighting product clones through digital signatures

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Electronic Commerce ELECTRONIC COMMERCE ACT Act. No Commencement LN. 2001/ Assent

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

GOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT

Module 1: e- Learning

The Mathematics of the RSA Public-Key Cryptosystem

ETSI TS V1.1.1 ( ) Technical Specification

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

The role of Certification Authorities between Key Escrow and comply with secrecy of...

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Implementation of biometrics, issues to be solved

4. Laying of orders and regulations before Houses of Oireachtas.

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations

The Statute of Frauds in the Digital Age - Maintaining the Integrity of Signatures

How To Encrypt Data With Encryption

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

ARCHIVED PUBLICATION

Software Tool for Implementing RSA Algorithm

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL

ECE Lecture 1. Security Services. Need for information security. widespread use of data processing equipment: computer security

Controller of Certification Authorities of Mauritius

Digital Signatures and Interoperability

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Business Issues in the implementation of Digital signatures

A Digital Signature Scheme in Web-based Negotiation Support System

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

ETSI TS V1.4.3 ( )

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

ELECTRONIC SIGNATURES FACTSHEET

Danske Bank Group Certificate Policy

Bill. Electronic Signatures 1)

National Certification Authority Framework in Sri Lanka

THE ELECTRONIC SIGNATURE. ITS VALORIZATION AS A EVIDENTIARY MEANS IN NATIONAL OR INTERNATIONAL PENDING CASES JUDGED IN COURTS

Guidelines for the use of electronic signature

Digital Signature Standard (DSS)

The Virginia Electronic Notarization Assurance Standard

Understanding and Integrating KODAK Picture Authentication Cameras

Understanding digital certificates

The Legal Classification of Identity-Based Signatures

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Information Security Basic Concepts

Cryptography and Key Management Basics

PkBox Technical Overview. Ver

Trustis FPS PKI Glossary of Terms

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures

Risk Reduction for Electronic Signing of Large Value Business Obligations. Michał Tabor

ETSI TS V2.1.1 ( ) Technical Specification

ACT. of 15 March 2002

Fulfilment of the Recovery and Recycling Obligations by Entrepreneurs in Podkarpackie Province

Guidelines and instructions on security for electronic data interchange (EDI) English translation based on Swedish version 2.

An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Mar.2010

GT 6.0 GSI C Security: Key Concepts

IoT Security Platform

Key Management Interoperability Protocol (KMIP)

Chapter 10. Cloud Security Mechanisms

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

The Global Standard for Digital Transaction Management. Legal Aspects

CS 758: Cryptography / Network Security

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

CSCE 465 Computer & Network Security

Vulnerabilities of the usage of digital signature

Applying Cryptography as a Service to Mobile Applications

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Transcription:

APPLICATION OF ELECTRONIC SIGNATURES IN TRANSFERRING THE INFORMATION ABOUT SPACE Agnieszka Gryszczyńska Faculty of Law Cardinal Stefan Wyszyński University e-mail: gryni@wp.pl tel. +48 660 677 579, +48 022 8359869 Introduction The purpose of this work is to analyse the possibility of using electronic signature in transferring information about space. There will be presented the essence of electronic signature, legal framework established for electronic signature in international law and Polish regulation referring to electronic signature. There will be discussed civil legal consequences of putting signature and possibility of coding and verification with the aid of electronic signature. Due to many functions of electronic signatures, they may be used at different stages of data processing. 1. Functions of electronic signature The main functions of electronic signature may be: Signatures for Identification, serve to prove possessing private key. Signatures and certificates serve only to authenticate the system and identify the person trying to get access (e.g. to server or database). Identification is based on signing the random data sent by server demanding verification for signature and verification the electronic signature put in that way 34. Signatures for Authentication, are put automatically be devices. Signatures for declaration of knowledge, this signature serves to confirm reading or receiving a document Declaration of will Signatures as declaration of will, prove making declaration of will. Confirmation of originality enables to distinguish the original from a copy. Confirmation of integrity ensures detection of changes in signed data. Confirmation of learning about data confirms sending or receiving data 2. Legal base for electronic signature 2.1. Regulation of electronic signature under the model law UNCITRAL UNCITRAL, United Nations Commission on International Trade Law, in 1996 passed a model law on electronic trade, which defines rules of using modern means of communication and gathering information 35. The model law indicates international character of electronic trade. The most important feature of this act is legal acknowledgement of transferring data in electronic form (EDI - Electronic Data Interchange) Art. 7 of the model law regulates electronic signature. Regulation in art. 7 of the model law proved to be insufficient, so UNCITRAL directed the working group to prepare a detailed project on electronic signature. The model law on electronic signatures was passed in 2001 36. The text of the act is accompanied with comments, which aim at ensuring appropriate implementation of the law into domestic law. 2.2. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures The need for unifying the law regulating trade and electronic signature also acknowledged the European Union. The legal framework for functioning of electronic signature introduces the Directive of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic 34 R. Podpłoński, P. Popis, Podpis elektroniczny, Komentarz, Warszawa 2004, p. 32 35 http://www.uncitral.org 36 UNCITRAL Model Law on Electronic Signatures with Guide to Enantment 2001, New York 2002, http://www.uncitral.org/en-index.htm 131

signatures 37. It harmonizes the law of the European Union countries regulating using electronic signature in civil law transactions, establishes legal framework for electronic signatures and some certification services, which is aimed at ensuring good functioning of internal market and using electronic signatures in legal transactions. Its purpose is to make using electronic signature easier and promoting its legal acknowledgment. In this act there are contained legal conditions for electronic signature and defined certification services. The Directive express the rule of technologic neutrality, electronic signatures are not only those based on public key infrastructure (PKI), but they may also be signatures created on the basis of other technologies, provided that they meet legally defined conditions. According to a definition, electronic signature means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. Electronic signature cannot be denied legal effectiveness and admissibility on the ground that it is in electronic form, or not based upon a qualified certificate, or not based upon a qualified certificate issued by an accreditied certification-service-provider, or not created by a secure signature-creation device. To ensure confidence and security of electronic commerce, Directive define also advanced electronic signature, which means an electronic signature which meets following requirements: It is uniquely linked to the signatory, It is capable of identifying the signatory, It is created using means that the signatory can mantain under his sole control, It is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable. The Directive was implemented in all state members of the European Union 38, which enables functioning unified system of electronic signatures. 2.3. Electronic signature act of September 18, 2001 Passing the electronic signature law was forced by necessity for adjusting Polish law to the law of the European Union, especially to the Directive of European Parliament and Council 1999/93/WE of December 13, 1999. The principal effect of the electronic signature act is making some changes in the civil code and modification art. 60 and 78 of the civil code, which regulate declaration of will and form of legal acts. Passing the electronic signature act was without doubt a very important step in adjusting Polish law to demands of electronic transactions. 3. The essence of electronic signature 3.1. Electronic signature According to article 3 pt 1 of Polish act, an electronic signature are data in electronic form, which together with other data, to which they were attached or with which are logically linked, serve to identify the person putting electronic signature. The term data in electronic form should be understood as every possible representation of information, prepared, stored or sent in electronic form. The act doesn t limit the definition of data in electronic form to data in digital form, that is the form, in which the information is stored or sent in binary form (sequence of zeros and ones). The binary form isn t used for example in data recorded on a video or tape-recorder cassette 39. Therefore, electronic signature is every possible electronic identification of individuals. Wide definition of electronic signature allows to state, that an e-mail revealing the sender s data is also an electronic signature 40. 37 O.J. L 013, 19.01.2000 38 The legal and market aspects of electronic signatures, Legal and market aspects of the application of Directive 1999/93/EC and practical applications of electronic signatures in the Member States, the EEC, the Candidate and the Accession countries, Study for the European Commission DG Iformation Society, Katholieke Universiteit Leuven, september2003,http://europa.eu.int/information_society/eeurope/2005/all_about/security/electronic_sig_report.pdf 39 J. Jacyszyn, J. Przetoki, A. Wittlin, S. Zakrzewski, Podpis elektroniczny, Komentarz do ustawy z 18 września 2001, Warszawa 2002, p. 50 40 R. Podpłoński, P. Popis,..., p. 18 132

3.2. Safe electronic signature Article 3 pt 2 of the act introduces into legal transactions safe electronic signature. This term means an electronic signature which: is matched exclusively to the person putting this signature; is put with the aid of, subjected to the exclusive control of the person putting the signature, safe devices used for putting electronic signature and data used for putting electronic signature and is connected with the data, to which it was attached in the way, that any later changes in these data are recognisable. Putting this signature requires an active participation of the person putting this signature this person must have some attributes (e.g. biometric features while verifying the signature with the aid of iris, specific knowledge giving code or password, specific objects e.g. devices for putting electronic signature). In addition, the signature is in a specific way connected with the data, which ensures integrity of the signed data and certainty, that any later changes will be recognised. Electronic signature is put with the aid of data used for putting electronic signature. Every user can have some data of this kind, thanks to which may put different electronic signatures. Form of signature depends on signed data and data used for putting signature. Safe signature should be put with the aid of devices exclusively controlled by the person putting this signature and data serving to put the signature. According to Polish law, a device for putting signature is hardware and software configured in the way that allows to put electronic signature or certificate with the use of data serving to put electronic signature or certification. 4. Civil law effects of using electronic signature Electronic signature acts in the article 8 introduces a rule, that validity and effectiveness of electronic signature can t be refused only because it is in electronic form or data used for signature verification don t have qualified certificate or haven t been put with the aid of a safe device serving for putting electronic signature. The content of article 8 is based on article 5 pt 2 of the Directive and article 9 of the electronic trade model act from 1996 and article 9 of the directive 2000/31/EC regulating some electronic trade issues. 41 Additionally, the electronic signature act supplemented the article 60 of Polish civil code with the statement, that the will of the subject declaring his will may also be expressed by revealing this will in an electronic way 42. Electronic declaration of will a declaration made with use of information technology, may be expressed by any behaviour of a person, intending to create defined legal effects, taking into account accompanying circumstances, rules of equity and established customs 43. The electronic signature act creates legal conditions for using electronic signature in legal transactions as equal to handmade signature. According to article 5 of the act safe electronic signature verified with qualified certificate creates legal effects defined by law if it is put during validity of this certificate. Data in electronic form with safe signature verified with the aid of valid qualified certificate are legally equal to documents with handmade signatures, except as otherwise stated by law. 5. Coding and verification of data signed with electronic signature. Safety of using electronic signature is based on making it impossible to unauthorized use this signature on behalf of another person. 41 W. J. Kocot, Charakter prawny podpisu elektronicznego, PPH, nr 4/2002, p.39 42 Borowicz K., Ustawa o podpisie elektronicznym. Komentarz, Bielsko-Biała 2002, Butkiewicz M., Wpływ ustawy o podpisie elektronicznym na formę czynności prawnych, Przegląd Prawa Handlowego 2003/4 p. 30, Drozdowicz M., (Nie)bezpieczny podpis elektroniczny, PPH 2003/1/27, Jacyszyn J., Przetocki J. (red.), Wittlin A., Zakrzewski S., Podpis elektroniczny. Komentarz do ustawy z 18 września 2001 r., Warszawa 2002, Kocot W.J., Charakter prawny podpisu elektronicznego, PPH 2002/4/36; Radwański Z., Elektroniczna forma czynności prawnej, M.Prawn. 2001/22/1107; Szostek D, Podpis elektroniczny - problemy cywilnoprawne, PPH 2002/1/41, Wejman F, Wprowadzenie do cywilistycznej problematyki ustawy o podpisie elektronicznym, Pr.Bankowe 2002/2/37, 43 E. Wyrozumska, Elektroniczne oświadczenie woli w ustawie o podpisie elektronicznym i po nowelizacji kodeksu cywilnego, PPH nr 8/2003, p.47 133

The safety is realized in three fields: cryptographic (using special coding algorithms), technical (generating cryptographic keys in appropriate conditions and then storing the private key in correct way) and legal (criminal law regulation). At present the method guarantying appropriate safety of creating electronic signatures is based on asymmetric cryptography. Contrary to this method is symmetric cryptography, which uses only one key secret key. In asymmetric cryptography two keys are used. Algorithm is based on using in coding a very big prime, from which may be derived another very big prime. With the aid of the first number the message is coded, with the aid of the other, even though it s different from the firs one, the information may be decoded. One of first implementations of this techniques was a system based on RSA algorithm. The algorithm is based on existence of mathematical functions, which can be easily processed in one way, but it s hard to put it back. The fastness of coding with use of RSA algorithm is affected by length of document. Problem of long signatures was solved by application one-way abbreviation function, thanks to which instead of document, hash value created on the basis of this document is signed. As a result of abbreviation function, document extract is created transforming the content of document into sequence of bits, which doesn t reveal the document content. 44 Hashing ensures uniqueness of abbreviation of message and it is not possible to create two different documents with the same control values. In this way is created so called short electronic signature, which is attached to the original document sent in a public or coded form. Procedure of signing a document with an electronic signature based on asymmetric cryptography with use of abbreviation function, proceeds in the following way. 1. For document X is calculated value h(x), where h is an established hashing function. Hashing function generates one value on the basis of the whole file content. It s not possible to regenerate the file content on the basis of hashing function. 2.Value h(x) is coded by a sender with the aid of private key (electronic signature is put) 3. The sender sends the recipient a file with a document and a document abbreviation value signed with a private key (certificate or qualified certificate should also be attached in order to verify the sender s identity). If the sender would like to keep the sent data secret, may use coding the whole text with the aid of session key. The key used to code the document is coded by the sender with the recipient public key so that the recipient can decode the document. In this case only the recipient may decode the session key using his private key, with which he then decodes the document. 4. After receiving signed document abbreviation, the addressee calculates with the aid of computer the document abbreviation value, which he received. Then he checks if the abbreviation function value received from the sender is equal to function value calculated on the basis of the document. Summary Due to various functions fulfilled by electronic signatures, these signatures may be used at different stages of data processing in spatial information system. Signatures may serve to authenticate in the system the person trying achieve access to server or database, confirm the data integrity or declare the will and knowledge. At international level the basis for using electronic signature was defined in the model acts UNCITRAL and in the European Union law creating legal framework for electronic signature. In Poland electronic signature is regulated by the act of September 18, 2001. The term electronic signature is extremely broad, has got general character and means result of using with electronic message a technology, which allows to attribute to this message some features of handmade signature. In Polish law two legally defined electronic signatures may be defined: it s a electronic signature (common) and a safe electronic signature. Additional specific functions has got the safe electronic signature verifying with the aid of the valid qualified certificate. There are many types of electronic signatures. They are described on the basis of many different criteria: e.g. used method, purpose or characteristic of the 44 J. Jacyszyn, S. Zakrzewski, Podpis elektroniczny jako element systemu zabezpieczenia danych w sieci, Rejent, nr 10, X. 2001, p. 44 134

signature. Safety of using electronic signature is based on making it impossible to unauthorized use this signature on behalf of another person. The safety is realized in three fields: cryptographic, technical and legal. An important role in guarantying safety of transactions play also subjects providing certification services, whose task is to verify the people using advanced electronic signatures. Bibliography 1. Borowicz K., Ustawa o podpisie elektronicznym. Komentarz, Bielsko-Biała 2002, 2. Buonomo G., Processo telematico e firma digitale, Milano 2004 3. Butkiewicz M., Wpływ ustawy o podpisie elektronicznym na formę czynności prawnych, Przegląd Prawa Handlowego 2003/4 4. Drozdowicz M., (Nie)bezpieczny podpis elektroniczny, PPH 2003/1/27, 5. Finocchiario G., Firma digitale e firme elettroniche, Milano 2003 6. Gaweł J., Świerczyński M., Wprowadzenie do projektu ustawy modelowej UNCITRAL o podpisach elektronicznych i projekt ustawy modelowej, Kwartalnik Prawa Prywatnego 2001/1 7. Jacyszyn J., Podpis elektroniczny w praktyce notarialnej, Rejent 2003/12 str. 91 8. Jacyszyn, J. Przetoki, A. Wittlin, S. Zakrzewski, Podpis elektroniczny, Komentarz do ustawy z 18 września 2001, Warszawa 2002 9. Jacyszyn, S. Zakrzewski, Podpis elektroniczny jako element systemu zabezpieczenia danych w sieci, Rejent, nr 10, X. 2001 10. Kocot W.J., Charakter prawny podpisu elektronicznego, PPH 2002/4/36; 11. Kocot W.J., Elektroniczna forma oświadczeń woli, PPH nr 3/2001, 12. Kocot W.J., Wpływ Internetu na prawo umów, Warszawa 2004 13. Marucha M., Nowa ustawa o podpisie elektronicznym, Monitor Prawniczy 2002/2 Radwański Z., Elektroniczna forma czynności prawnej, M.Prawn. 2001/22/1107; 14. Podpłoński R.,. Popis P, Podpis elektroniczny, Komentarz, Warszawa 2004 15. Prawo Internetu, red. P.Podrecki, Warszawa 2004 16. Rzymowski, M. Kamiński, Podpis elektroniczny, Komentarz, Łódź 2002 17. Szostek D, Podpis elektroniczny - problemy cywilnoprawne, PPH 2002/1/41, 18. Szostek D. Elektroniczna data pewna, PPH 2003/3/19, 19. Szostek D., Dyrektywa Parlamentu Europejskiego i Rady Europy w sprawie podpisu elektronicznego, Rejent, nr 12 (128), 2001 20. Wejman F, Wprowadzenie do cywilistycznej problematyki ustawy o podpisie elektronicznym, Pr.Bankowe 2002/2/37, 21. Wyrozumska E., Elektroniczne oświadczenie woli w ustawie o podpisie elektronicznym i po nowelizacji kodeksu cywilnego, PPH 2003/8/45 135

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information