Professional Documents
Culture Documents
and
Digital signature
Government of Nepal
Ministry of Science , Technology and Environment
Singhadurbar, Kathmandu
Cyber Crime , Cyber Security- Part I
Digital Signature Part II
Cyber Crime is a term used to broadly describe criminal activity
in which computers or computer networks are a tool, a target, or
a place of criminal activity and include everything from
electronic cracking to denial of service attacks.
Phishing
Foreign Lotteries
Sexual Enhancement products
The cyber security will defend us from critical attacks.
It helps us to browse the safe website.
Internet security process all the incoming and outgoing
data on our computer.
security will defend from hacks and virus.
The application of cyber security used in our PC needs
update every week.
The security developers will update their database every
week once. Hence the new virus also deleted
Cyber Security Strategies- Nepal
Legal Framework
IT Policy 2067
Electronic Transaction Act 2063
Telecommunication Act 1997
Secure Password Practices 2067
Institutional Development
Ministry of Science Technology and Environment(MoSTE)
Department of Information Technology(DOIT)
Office of Controller of Certification(OCC)
Cyber Forensics Lab
National Information Technology Centre (NITC)
Cyber Cell Hanuman Dhoka
CIB
ITERT(Information Technology Emergency Response Team) Under study
Part II
Digital Signature and its use
Electronic Record
i. Very easy to make copies
ii. Very fast distribution
iii. Easy archiving and retrieval
iv. Copies are as good as original
v. Easily modifiable
vi. Environmental Friendly
Reader +
Smart Card
USB Token
Smart Card
Digital Certificates
Digital Certificate is a data with digital signature from
one trusted Certification Authority (CA).
This data contains:
Who owns this certificate
Who signed this certificate
The expired date
User name & email address
Elements of Digital Cert.
A Digital ID typically contains the following information:
Your public key, Your name and email address
Expiration date of the public key, Name of the CA who issued your Digital ID
Public
PKA
Document
Document Document
Document
CONFIRMED
Digital Digital Digital
Signature Signature Signature
Private
SKA
Confidential
Signed Messages
Message Hash
Encrypted
Using Hash function
ENCRYPTSent thru Internet
Message
Message DECRYPT on the message
Message
+ Message + Message +
signature +
signature signature
with Receivers Signature
with Receivers
Public Key Private Key COMPARE
Hash
Private key
Public Key
Private key
Encrypted
Text Text
Encryption
User A
Message Encryption
Original Message Encrypted Message
CSC1720 Introduction to
Internet All copyrights reserved by C.C. Cheung 2003. 53
Transfer Encrypted Data
User A User B
Encrypted Encrypted
Text Text
Insecure Channel
Decryption with your Private
key
Encrypted Using Private key in
Text your personal computer
User B
User Bs
Private key
Decryption
Original Text
How digital Signature works?
User A Transmit via the Internet
User B received
the document with
Verify the signature signature attached
by As public key stored
at the directory
User B
What are digital signatures used for? Or its
Advantages
Data Integrity
Non-Repudiation
Security
Imposter prevention: By using digital signatures you
are actually eliminating the possibility of committing
fraud by an imposter signing the document. Since the
digital signature cannot be altered, this makes forging
the signature impossible.
Legal requirements: Using a digital signature
satisfies some type of legal requirement for the
document in question. A digital signature takes care of
any formal legal aspect of executing the document.
PKI
in
Authentication
60
PKI in E-Commerce
61
PKI Structure
Certification Authority Directory services
Public/Private Keys
E-gov
User Application
Services,
Banks,
Webserver
Etc.
Banking Solution Overview
Browser Internet
CA
The Client-side includes:
Smart token
The Server-side includes:
Backend user database integration - issuance, admin , self-service
Front-end (Web site) integration replace password login / logout pages with token pages
Certificate & certificate authority Private (free) or public (annual fee)
Deployment Overview
$
Web site and backend Token issuance User installs Secure online
server setup to online users Token package transactions
Internet HTTPS
Browser Secure
Server
(4) SSL authentication
and encryption with
Certificates, PKI
calculation from the
Client token
Clean Sign-off, No Traces Left
Internet HTTPS
Browser Secure
Server
(5) Take the lock away,
all SSL sessions
automatically self-destroy
upon that event.
Issuing CA
CM
CRL
24/7 Help
Desk
CA
RA
Customer
Govt. Dept.