zxcvczxcvxz

1
Implementation of Workflow Relevant in Law Using
Digital Signature Facilities GAMMA
TECHNOLOGIES RESEARCH LAB LLP2009
2
Digital Signature is an Analogue of Handwritten
Signature

• Signature is a handwritten, and sometimes styled,
  graphic name or other graphic mark in the bottom
  of a document, identifying the signer and
  denoting his/her agreement with the text of
  document. Normal signature is verified visually
  (by comparing the original with signature put on
  the document).
• In the world of e-documents, signing a document
  with graphic symbols becomes useless, since
  multiple forging and copying a graphic symbol is
  possible. Digital signature is an absolute
  electronic analogue of common signature on paper,
  but it is implemented using mathematical
  transformations of the content rather than
  graphic images.

3
Obvious Benefits of Digital Signature

• Specifics of mathematical algorithm for creation
  and verification of digital signature guarantees
  the impossibility of forging such signature by
  third parties (indisputability of authorship).
  Reliability and convenience of digital signature
  use is practically assured.Computer fulfils the
  verification procedure without any errors, which
  allows avoiding human factor that interferes when
  verifying a common signature.
• Digital signature not only provides information
  on the person who signed the document, but also
  enables verifying that the document as such was
  not altered or forged after signing (document
  authenticity and integrity).Convenience in
  exchanging, storing and working with e-documents
  relevant in law.

4
Common Documents Security
5
Digital Signature Generation and Verification
6
Digital Signature Scope of Application

• Digital signature can be applied in multiple
  areas
• Digital signature is used as a responsible
  signature on e-document, i.e. as an analogue of
  handwritten signature and/or seal on a paper
  document. It is exactly the way digital signature
  is used in e-workflow, specifically in government
  agencies (eWSS).
• Digital signature is a reliable tool that enables
  establishing authorship and confirm integrity of
  any data electronically. For instance, a letter
  without digital signature you received from your
  chief may turn out to be forged or containing
  information that had been altered. Application of
  digital signature rules out such possibility. 
  When verifying the digital signature it will be
  detected that the document was altered after it
  had been signed.

7
What needs to be done to use digital signature?

• Prior to starting practical application of
  digital signature in your work, you need to
  create files for certificate and private key. 
  The certificate will be used for verification of
  authenticity of data digitally signed by any
  person who uses those data. And private key is
  needed by a person for creation of digital
  signature for the data signed.
• To create and further use a certificate that
  would be relied upon by all those who will verify
  the digital signatures authenticity, an
  organization is needed which would ensure
  normative, organizational and legal framework for
  use of certificates issued by it. Such
  organization is National Certification Authority
  (or NIT JSC with NCA).  

8
What needs to be done to use digital signature?

• Creating the private key and obtaining the
  certificate
• Keys must be created at users workstation only,
  with public key being forwarded to Certification
  Authority for subsequent manufacturing the
  certificate and obtaining it over email. 
• In order that no one except for owner of
  signature could use the private key, it is
  typically recorded on removable media. These
  devices, just like bank cards, are equipped with
  PIN code so as to additionally protect them. And,
  like in operations with card, before using the
  key for creation of digital signature, you need
  to enter the proper PIN code.
• It is reliable storage of private key by user
  that can guarantee the impossibility of malicious
  forgery of a document and digital signature on
  behalf of the signer who attests the document.

9
What needs to be done to use digital signature?

• Certificate contains all the information required
  to verify a digital signature. Certificate data
  are public and transparent. Therefore,
  certificates are usually kept in the operating
  system repository (in each computer, in common
  network repository, in database, etc.).

10
(No Transcript)
11
What needs to be done to use digital signature?

• All certificates are always stored in National
  Certification Authority, just like a notary keeps
  all necessary information on a person for whom
  notary acts had been performed.

12
(No Transcript)
13
Crypto-provider is the base of security

• Creation of digital signature is a sophisticated
  mathematical procedure and is performed by
  special software, crypto-providers. In modern
  operating systems, crypto-providers are already
  contained.
• However, in our case, law requires usage of
  crypto-providers certified by government
  agencies. In such case, you will have to purchase
  and install them on all machines on which digital
  signatures will be signed or verified. As to
  creation of keys and obtaining the certificates,
  it will only be possible after installing the
  appropriate crypto-providers, since these will be
  used within the process of creation of keys and
  further processes of generating and verifying
  digital signatures.

14
Crypto-provider Tumar CSP

• TUMAR CSP cryptographic complex is a set of
  mechanisms for full complex of measures to
  protect information, to store, process and
  transmit it over telecommunication channels
• TUMAR CSP was certified for compliance with
  security/quality requirements against all 4
  levels established in the standard
• ?? ?? 1073 2002. Facilities for Cryptographic
  Protection of Information
• TUMAR CSP is Microsoft certified facility for
  information protection. TUMAR CSP implements
  cryptographic algorithms in Kazakhstan and has
  been developed in conformity with Microsofts
  cryptographic interface - Cryptographic Service
  Provider (CSP)

15
CERTEX HSM Software/Hardware System
CERTEX HSM software/hardware system is designed
for protecting private cryptographic keys and
performing cryptographic data processing. The
device enables exercising the following
functions generating the cryptographic
keys enciphering/deciphering the data computing
and verifying the digital signature computing
the hash-function value (computing the control
sum).