Digital Signatures Concepts and Regulation - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Digital Signatures Concepts and Regulation

Description:

Approval: implies approval and binding intent ... http://www.magnet.state.ma.us/itd/legal/mersa.htm. Survey of States' DigSig Legislation ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 15
Provided by: rohit8
Learn more at: https://ics.uci.edu
Category:

less

Transcript and Presenter's Notes

Title: Digital Signatures Concepts and Regulation


1
Digital Signatures Concepts and Regulation
  • Rohit Khare
  • Computer Law
  • June 9, 1998

2
Digital Signatures Concepts and Regulation
  • 1. Electronic and Digital Signatures
  • 2. Legal Conception of Signature
  • 3. Identifying Apportioning Risk
  • 4. Legal Models of Certification Authorities
  • 5. Deployment Adoption Scenarios

3
1. Electronic and Digital Signatures
  • Digitized Signatures
  • Check imaging, Faxed contracts
  • Electronic Signatures
  • Stroke capture
  • Biometric data
  • System artifacts (email addresses)
  • Digital Signatures
  • Asymmetric-key cryptography

4
2.1 Legal Conception of Signature
  • General Purposes of Signing
  • Evidence a distinctive mark of the signer
  • Ceremony calls attention to the act
  • Approval implies approval and binding intent
  • Efficiency prima facie validation of the
    instrument
  • Laws cite unnecessarily specific means

5
2.2 Legal Conception of Signature
  • Requisite Attributes of Signatures
  • Signer Authentication proof of identity
  • Document Authentication proof of subject
  • Approval nonrepudiable act should require
    conscious intervention
  • Efficiency provide maximum assurance with
    reasonable effort

6
2.3 Legal Conception of Signature
  • A new need for a trusted 3rd partyCertification
    Authorities (CAs)
  • Certificates bind a key to a subject
  • Identity Certificates
  • Attribute Certificates
  • Transactional/Authorization Certificates
  • Requisite service online verification/
    Certificate Revocation Lists (CRLs)

7
3. Identifying Apportioning Risk
  • Hierarchical trust management
  • Cross-certification and the Web of Trust
  • Purposes of an assertion and Liability
  • Open PKI can be unlimited liability
  • Closed PKI apportions by contract
  • Types of Fraud
  • Misrepresentation by subject
  • Negligent investigation of subject
  • Violation of terms of service (e.g. overbroad use)

8
4. Legal Models of Certification Authorities
  • Certificates as a hybrid good/service
  • Which portions of UCC Article 2 apply?
  • Rights of 3rd Parties
  • Privity can they be parties to the contract?
  • Tort is the CA liable to forseeable users?
  • Fails the Ultramares test public attestation
  • Jurisdiction
  • Can the means of publication affect controlling
    authority?

9
4.1 The Utah Model
  • Limits liability of licensed CAs
  • None have petitoned such status to date
  • Reverses the presumption of authenticity
  • Signer must prove the signature was forged
  • Promulgates a hierarchical model
  • Coevolved with Key Escrow ideas
  • UK Trusted Third Parties conflates both roles

10
4.2 The Massachusetts Model
  • Merely undefines obsolete paper-only references
  • Silent on liability
  • Proposed for government use only
  • Allows Secretary of State / Chief Information
    Officer to approve various technologies
  • California law follows this model
  • Defined for a variety of public records since 1995

11
5. Deployment Adoption Scenarios
  • CAs already out there (without benefit of
    legislation!)
  • Broad disclaimers like the Verisign Certification
    Practice Statement
  • unknown validity of webwrap usage licenses
  • Larger market opportunity in closed or
    private-label CAs
  • Narrow certificates proliferating
  • Credit-card specific, corporate registration,
    mobile code testimonials

12
6. Resources (1/3)
  • C. Bradford Biddle, Esq.
  • http//www.acusd.edu/biddle/LMW.htm
  • Prof. Michael Froomkin, Esq.
  • http//www.law.miami.edu/froomkin/articles/truste
    dno.htm
  • Verisigns Code Signing Certificates
  • http//www.verisign.com/developers/info.html

13
6. Resources (2/3)
  • Electronic Privacy Information Center
  • http//epic.org/crypto/dss/
  • Computer Software Industry Association
  • http//www.SoftwareIndustry.org/issues/1digsig.ht
    ml
  • W3J Weaving a Web of Trust
  • http//www.w3j.com/7/

14
6. Resources (3/3)
  • ABAs Digital Signature Guidelines
  • http//scratch.abanet.org/scitech/ec/isc/dsgfree.h
    tml
  • Proposed Massachusetts statue
  • http//www.magnet.state.ma.us/itd/legal/mersa.htm
  • Survey of States DigSig Legislation
  • http//www.magnet.state.ma.us/itd/legal/sigleg7.ht
    m
Write a Comment
User Comments (0)
About PowerShow.com