30-03-2012, 11:45 AM
Digital Signatures full report
Digital Signatures.ppt (Size: 1.26 MB / Downloads: 244)
Key Generation
Random Numbers
RSA Key Pair [Private/Public Key]
Digital Signature
Generate Message Digest [SHA1]
Encrypting Digest using Private Key [Signatures]
Attaching the Signatures to the message.
Verification of Signatures
Run the test for Authentication, Integrity and Non repudiation.
Digital Signature Certificate
ITU X.509 v3
Private key protection
The Private key generated is to be protected and kept secret. The responsibility of the secrecy of the key lies with the owner.
The key is secured using
PIN Protected soft token
Smart Cards
Hardware Tokens
PIN protected soft tokens
The Private key is encrypted and kept on the Hard Disk in a file, this file is password protected.
This forms the lowest level of security in protecting the key, as
The key is highly reachable.
PIN can be easily known or cracked.
Soft tokens are also not preferred because
The key becomes static and machine dependent.
The key is in known file format.
Smart Cards
The Private key is generated in the crypto module residing in the smart card.
The key is kept in the memory of the smart card.
The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.
The card gives mobility to the key and signing can be done on any system. (Having smart card reader)
Hardware Tokens
They are similar to smart cards in functionality as
Key is generated inside the token.
Key is highly secured as it doesn’t leave the token.
Highly portable.
Machine Independent.
iKEY is one of the most commonly used token as it doesn’t need a special reader and can be connected to the system using USB port.
Public Key Infrastructure (PKI)
Some Trusted Agency is required which certifies the association of an individual with the key pair.
Certifying Authority (CA)
This association is done by issuing a certificate to the user by the CA
Public key certificate (PKC)
All public key certificates are digitally signed by the CA
Applications in Telecommunications
Subscribers
Subscriber’s services management
STD/ISD, Opening, Closing, Initializing Password
Shifting of telephones, Accessories (Clip, Cordless)
Small Payments through telephones bills
Books, gifts, Internet purchases
Mobile Authentication of SMS
Share market trading, Intra/Inter office instructions
Mobile Phones as Credit cards
Mobile operator can venture into credit card business
Applications in Telecommunications (contd.)
Internal
Intra/Inter offices authentic communications
OBs, approvals, Instructions, requests
Procurement of material
Calling/Receiving bids, Purchase orders, Payment instructions
Network Management functions
Change of configuration, Blocking/unblocking routes
E-Governance
Empowering Citizens
Transparency
Accountability
Elimination of Intermediatory
Encouraging Citizens to exercise their Rights
Government Online
Issuing forms and licences
Filing tax returns online
Online Government orders/treasury orders
Registration
Online file movement system
Public information records
E-voting
Railway reservations & ticketing
E-education
Online money orders