Cyber Law week 8

 Cyber Law week 8

What is a digital signature?

  • type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature.
How it works?
  • Digital signature creation uses a hash result derived from and unique to both the signed message and a given private key. For the hash result to be secure, there must be only a negligible possibility that the same digital signature could be created by the combination of any other message or private key. 
  • Digital signature verification is the process of checking the digital signature by reference to the original message and a given public key, thereby determining whether the digital signature was created for that same message using the private key that corresponds to the referenced public key.

Smart cards

  • The Private key is generated in the crypto module residing in the smart card.
  • The key is kept in the memory of the smart card.
Hardware Tokens
  • They are similar to smart cards in functionality as
  • Key is generated inside the token. 
  • Key is highly secured as it doesn’t leave the token. 
  • Highly portable. 
  • Machine Independent.

Public Key Infrastructure (PKI)  

  • Some Trusted Agency is required which certifies the association of an individual with the key pair. 
    • Certifying Authority (CA)
    • Public key certificate (PKC)

Certifying Authority 

  • Must be widely known and trusted 
  • Must have well defined Identification process before issuing the certificate 
  • Provides online access to all the certificates issued 
  • Provides online access to the list of certificates revoked 
  • Displays online the license issued by the Controller 
  • Displays online approved Certification Practice Statement (CPS) 
  • Must adhere to IT Act/Rules/Regulations and Guidelines 

Role of controller 

  • Controller of Certifying Authorities as the “Root” Authority certifies the technologies, infrastructure and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates




Comments

Post a Comment

Popular posts from this blog

Cyber Law Week 11

Image
 Cyber Law Week 11 WHAT IS PATENT ? A patent is a document issued by the government office which describes the invention and creates a legal situation in which the patented invention can normally only be exploited (made, used, sold, imported) by or with the authorization of the patentee. WHAT INVENTIONS ARE PATENTABLE ? An invention is a novel idea which permits in practice the solution of a specific problem in the field of technology. Under most legislations concerning inventions, the idea, in order to be protected by law ("PATENTABLE"), must be new in the sense that is has not already been published or publicly used, it must be "non-obvious" in the sense that it would not have occurred to any specialist in the particular industrial fields, had such a specialist been asked to find a solution to the particular problem and it must be "applicable in industry" in the sense that it can be industrially manufactured or used. WHAT THE PATENT ACT 1983 PROVIDES ? M...
Read more

Cyber Law Week 10

Image
 Cyber Law Week 10 Copyright Infringement   Copyright infringement is when someone other than the copyright owner copies the “expression” of a work without the owner’s permission Copyright Act 1987  A unique feature of the Act is the inclusion of provisions for enforcing the Act, which include such powers to enter premises suspected of having infringing copies and to search and seize infringing copies and contrivances. Types:- Direct infringement  Contributory infringement  Vicarious infringement a)  Direct Infringement occurs when a person without authorization makes, uses, offers to sell or sells any patented invention within the United States or imports into the United States any patented invention during the term of the patent therefor b)  Contributory copyright infringement is a way of imposing secondary liability for infringement of a copyright. It is a means by which a person may be held liable for copyright infringement even though he or s...
Read more

Cyber Law Week 13

 Cyber Law Week 13 A Taxonomy for Cybercrime Attack in the Public Cloud Public cloud users interact online or offline using natural language. While the language used could be in Xhosa, English, Afrikaans, Zulu or Ndebele, the core component is communication. Therefore, natural language is the language that people speak, listen to and understand. This is the same language that a public cloud user, uses to interact with another human and/or machine components of the public cloud. Meanwhile the same natural language is sometimes used by cybercrime attackers to achieve their aims when targeting users of the public cloud. The targeting of the users could be attributed to the user’s basic knowledge of the public cloud when seeking information or relationship formation, thereby unintentionally revealing points of vulnerabilities that often expose them to cybercrime attacks. A challenge to traditional digital forensic processes in the public cloud environment is the inability to retrieve a...
Read more