documents Supplier handbook - Introduction to Digital Signature - Rome, January 2012



Similar documents
Digital Signature verification documents

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

Controller of Certification Authorities of Mauritius

User Manual Internet Access. for the public key. certification service

Digital Signatures on iqmis User Access Request Form

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Future directions of the AusCERT Certificate Service

Business Issues in the implementation of Digital signatures

Procedure for How to Enroll for Digital Signature

NICCA User Guide for digitally signing Using Digital Signature Certificate (DSC) in Outlook Express

User Manual. For. Digitally Signing of your application

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

Trustis FPS PKI Glossary of Terms

Document Digital Signature

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Guide Installing Digital Certificates in Outlook 2000

Public Key Infrastructure (PKI)

Oracle WebCenter Content

Trouble Shooting on e-filing

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

Building a Digital Signature to Meet State Statute Requirements Using a Certificate Authority. Adobe Acrobat Pro DC (Released July 2015)

ORDINANCE ON THE ELECTRONIC SIGNATURE CERTIFICATES IN THE. Chapter One GENERAL PROVISIONS

CALIFORNIA SOFTWARE LABS

User Guide. Digital Signature

Understanding digital certificates

Publicly trusted certification authorities (CAs) confirm signers identities and bind their public key to a code signing certificate.

Adobe 8 SAFE Signatures Configuration Procedure Draft

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

GLOBAL JOURNAL OF ENGINEERING SCIENCE AND RESEARCHES

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

CERTIFICATION PRACTICE STATEMENT UPDATE

GlobalSign PDF Signing Tool

ETSI TS V1.1.1 ( ) Technical Specification

SEAL. Acknowledgment. Sample Acknowledgment Form: State of Maine County of. The foregoing instrument was acknowledged before me this day of

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

Neutralus Certification Practices Statement

TERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Frequently Asked Questions Please read this document before using this application.

to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

SEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2

Concept of Electronic Approvals

Understanding Digital Signature And Public Key Infrastructure

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

DocuSign Information Guide. DocuSign Resource File. Overview. Table of Contents

HP ProtectTools Embedded Security Guide

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

PGP - Pretty Good Privacy

Secure Part II Due Date: Sept 27 Points: 25 Points

Secure Data Exchange Solution

User Guide Using Certificate in Microsoft Outlook Express

Secure Authentication and Session. State Management for Web Services

Digital Signature Certificate Online Enrollment Guide using etoken

Using Entrust certificates with Adobe PDF files and forms

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

INSTRUCTIONS FOR APPLICANTS WHO HOLD NBRC CERTIFICATION

DIGIPASS CertiID. Getting Started 3.1.0

Directorate Of Health Service s ONLINE NURSING HOME & CLINICAL ESTABLISHMENT LICENSING SYSTEM

Simple Guide to Digital Signatures

SAFE Digital Signatures in PDF

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

Long term electronic signatures or documents retention

INTRODUCTION TO CRYPTOGRAPHY

HELP MANUAL FOR MACHINE SETUP FOR DAE E-TENDERING SYSTEM

RWANDA STANDARDS BOARD NATIONAL CERTIFICATION DIVISION MANAGER. IDENTIFICATION No. AUTHOR:

Secure Envelope specification

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

Outline. Digital signature. Symmetric-key Cryptography. Caesar cipher. Cryptography basics Digital signature

ETSI TS V1.1.1 ( ) Technical Specification

DocuSign Desk Guide. Sign a Contract Electronically Other Actions in DocuSign 2. Assign Signature to Authorized Signer.

An Introduction to digital signatures

Verification of digitally signed PDFs

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

ELECTRONIC SIGNATURE LAW INTERNAL ORDER. PART ONE General Provisions

Biometric Authentication using Online Signature

Digital Signature Certificate Online Enrollment Guide using etoken Pro 72K (Java)

Digital Signing Specification

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Protecting Networks and Data with Public Key Infrastructure (PKI)

dobe Acrobat XI Pro Digital Signatures

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

General Rules for the certification of Management Systems

Representation of E-documents in AIDA Project

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Aloaha Sign! (English Version)

User Guide May Using Certificates in Outlook Express

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

PDF Signer User Manual

General tips for increasing the security of using First Investment Bank's internet banking

Ch. 435a KEY, GAMING & NONGAMING EMPLOYEES a.1. CHAPTER 435a. KEY, GAMING AND NONGAMING EMPLOYEES; BOARD-ISSUED CREDENTIALS

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

How to use Certificate in Outlook Express

ISSUANCE AND MANAGEMENT POLICY FOR. Spektar Org Universal Certificate

Type of Certificate: Secure Certificate

TELE 301 Network Management. Lecture 18: Network Security

Token User Guide. Version 1.0/ July 2013

Transcription:

Digital signature on received/sent documents Supplier handbook - Introduction to Digital Signature - Rome, January 2012

Digital signature - overview Digital signature is defined as an attestation system for digital document aimed to assure both the not denial and the document integrity Digital signature posted on a document aims to satisfy the following three requirements: othe receiver is able to verify the sender identity (authenticity) othe sender can not deny a document signed by him (not denial) othe receiver can not modify a document signed by someone else (integrity)

Digital signature - features To satisfy the requirements it is necessary that the digital signature tool: ois based on a cryptic asymmetric keys system oassures the messages content confidentiality, by preventing whom does not have the key (according to cryptic definition) iti from any interpretation oprovides each user with a pair of certified keys: one private key (not shared with anyone) for decoding the received messages and for signing the sent ones, and a public key available for other users in order to encode the messages sent to him and to decode/verify his signature ouses keys issued by a certification authority subject to DigitPA surveillance ois created through a device with the highest security level (smartcard/usb token)

Digital signature operating flow Signature process (user A) In the picture is reported the process followed by user A to sign a document: Signer Document Hash Digest Private key Crypto Signature (Cryptic digest) Envelope with document and signature Public key 1. The document to be signed is subject to hash algorithm to generate a digest that represents the document univocally 2. The digest is encoded by using the signer private key and then the signature is generated 3. Then document and related signature are inserted in an electronic envelope in order to create the signed document 4. Digital signature is permanently linked to the electronic document in order to add important information used to verify its integrity, authenticity and not denial 5. The user must have a proper kit (smart card, smart card reader and signature software). As an alternative for smart card, the user can use an USB token. Through these tools the user can digitally sign and apply timestamp to any documents

Digital signature operating flow Verification process (user B) In the picture is reported the process followed by user B to verify a document: Receiver Signer sender Private key Envelope with document and signature Document Hash Digest Signature (Cryptic digest) Digest Two digest are equal so the document is OK Comparison Public key 1. Document and signature is extracted from the envelope 2. The signature is decoded by using the signer public key (user A) and by extracting the original digest 3. The document is subject to hash algorithm to create the current digest to be compared to the original contained in the signature 4. If the two digests are equal the document has not been corrupted and it has been signed by the private key owner who has encoded his signature

Digital signature validity The owner certificate has a validity period, but it can be cancelled or suspended before the defined deadline (i.e.: signature device taking away or loss, not correctness of certificate information) Certificate cancellation and suspension correspond to the missed signature of the document Cancellation is permanently, suspension is a temporary condition of the certificate that can be passed to cancellation or suspension revocation Some criticalities could be related to the use of document digitally signed through certificate subsequently expired, cancelled or suspended In this cases the timestamp tool enables the possibility to identify the In this cases the timestamp tool enables the possibility to identify the exact moment in which the document has been signed and to demonstrate that in that moment the certificate was still valid

Digital signature accepted document formats Currently Italian law provides for three different document formats to produce file digitally signed: op7m format -> available since 1999, it is the format that PA must accept opdf format -> introduced d in 2006, it is a standard d format thatt not required any fees to anyone. It has a very wide diffusion and immediate availability (the reader software can be free downloaded from Internet) and it satisfies technical/legal requirements to manage digital signature oxml format -> introduced in 2006 to boost the digital signature diffusion within sectors in which the xml language is typically used for electronic management of documents exchanges (i.e.: banking, public health)

Digital signature Italian law In Italy it is possible to create electronic documents with the same legal validity of paper document with manual signature The law framework has been set up since 1977 throughh the issue of act 59/97 (art. 15) then evolved to receive the European guideline about electronic signature (Guideline 1999/93/CE) that lead to the issue of several amendments to create the current law framework On DigitPA site is available a brief compendium and other information on digital signature http://www.digitpa.gov.it/firme-elettroniche-certificatori At the following link is available the list of parties authorized to issue digital signature certificates http://www.digitpa.gov.it/firma-digitale/certificatori-accreditati/certificatori-attivi

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information