Cyber Law Week 4

 Cyber Law Week 4

Digital Signature

Digital signature is an electronic signature used to verify the identity of the sender/ signer of a message and also to ensure the correctness and validity of information in electronic transactions. The use of recognized digital signature can fulfil requirements of confidentiality, identity authentication, non-repudiation, and integrity of an information.
 
The Digital Signature Act 1997 (DSA 1997) which came into force on 1st October 1998, with the purpose of regulating the use of digital signature in Malaysia, ensures the security of legal issues related to electronic transactions and verifies the use of digital signatures through certificates issued by licensed Certification Authority (CA).
 
The Malaysian Communications and Multimedia Commission (MCMC) is responsible to administer, enforce, carry out and give effect to the provisions under DSA 1997 for the purpose of monitoring and overseeing the activities of CAs.


How do digital signatures work?

Digital signatures, like handwritten signatures, are unique to each signer. Digital signature solution providers, such as DocuSign, follow a specific protocol, called PKI. PKI requires the provider to use a mathematical algorithm to generate two long numbers, called keys. One key is public, and one key is private.

When a signer electronically signs a document, the signature is created using the signer’s private key, which is always securely kept by the signer. The mathematical algorithm acts like a cipher, creating data matching the signed document, called a hash, and encrypting that data. The resulting encrypted data is the digital signature. The signature is also marked with the time that the document was signed. If the document changes after signing, the digital signature is invalidated.

As an example, Jane signs an agreement to sell a timeshare using her private key. The buyer receives the document. The buyer who receives the document also receives a copy of Jane’s public key. If the public key can’t decrypt the signature (via the cipher from which the keys were created), it means the signature isn’t Jane’s, or has been changed since it was signed. The signature is then considered invalid.

To protect the integrity of the signature, PKI requires that the keys be created, conducted, and saved in a secure manner, and often requires the services of a reliable Certificate Authority (CA). Digital signature providers, like DocuSign, meet PKI requirements for safe digital signing.






Comments

Post a Comment

Popular posts from this blog

Cyber Law Week 11

Image
 Cyber Law Week 11 WHAT IS PATENT ? A patent is a document issued by the government office which describes the invention and creates a legal situation in which the patented invention can normally only be exploited (made, used, sold, imported) by or with the authorization of the patentee. WHAT INVENTIONS ARE PATENTABLE ? An invention is a novel idea which permits in practice the solution of a specific problem in the field of technology. Under most legislations concerning inventions, the idea, in order to be protected by law ("PATENTABLE"), must be new in the sense that is has not already been published or publicly used, it must be "non-obvious" in the sense that it would not have occurred to any specialist in the particular industrial fields, had such a specialist been asked to find a solution to the particular problem and it must be "applicable in industry" in the sense that it can be industrially manufactured or used. WHAT THE PATENT ACT 1983 PROVIDES ? M...
Read more

Cyber Law Week 10

Image
 Cyber Law Week 10 Copyright Infringement   Copyright infringement is when someone other than the copyright owner copies the “expression” of a work without the owner’s permission Copyright Act 1987  A unique feature of the Act is the inclusion of provisions for enforcing the Act, which include such powers to enter premises suspected of having infringing copies and to search and seize infringing copies and contrivances. Types:- Direct infringement  Contributory infringement  Vicarious infringement a)  Direct Infringement occurs when a person without authorization makes, uses, offers to sell or sells any patented invention within the United States or imports into the United States any patented invention during the term of the patent therefor b)  Contributory copyright infringement is a way of imposing secondary liability for infringement of a copyright. It is a means by which a person may be held liable for copyright infringement even though he or s...
Read more

Cyber Law Week 13

 Cyber Law Week 13 A Taxonomy for Cybercrime Attack in the Public Cloud Public cloud users interact online or offline using natural language. While the language used could be in Xhosa, English, Afrikaans, Zulu or Ndebele, the core component is communication. Therefore, natural language is the language that people speak, listen to and understand. This is the same language that a public cloud user, uses to interact with another human and/or machine components of the public cloud. Meanwhile the same natural language is sometimes used by cybercrime attackers to achieve their aims when targeting users of the public cloud. The targeting of the users could be attributed to the user’s basic knowledge of the public cloud when seeking information or relationship formation, thereby unintentionally revealing points of vulnerabilities that often expose them to cybercrime attacks. A challenge to traditional digital forensic processes in the public cloud environment is the inability to retrieve a...
Read more