Understanding Digital Signatures

Discover Digital Signatures, Security For A Commerce-Driven Internet

Internet security is a hot topic and justifiably so. Customers are already demanding on-line access to their personal records, bank accounts, and other private information; furthermore, researchers estimate sales on the internet could reach $200 billion by the year 2000, as PCs worldwide link to form a global shopping mall.

But how can a company be sure of the identity of the party accessing the information? On a global, interconnected network, how can you be certain:

• Providers and users are who they say they are?
• Information being exchanged between provider and user cannot be stolen or altered?
• Order being offered to you is valid?

The answers lie in digital signature, which are based on public key cryptography and its infrastructure to bind unique keys to individuals and corporations through identity verification.

Written by leading Internet business consultant Gail Grant, Understanding Digital Signatures: Establishing Trust over the Internet and Other Networks. details the business, legal, social, and technological issues surrounding Digital Signatures and key infrastructure.

This book explains this complex technology in terms that a businessperson can understand, covering the unique problems of on-line authentication, how digital signatures help to solve these problems, ways companies are using the technology in real life, and issues concerning its usage. The book includes a list of product and service vendors, future potential, and suggestions for companies considering implementation of digital signatures for their customers or employees.

• Part 1: Background and Definition
1. Background
• E-mail and Customer Service
• The World Wide Web
• More than Billboards
• Online Sales
• Worldwide Opportunity
• Enter the Intranet
2. Security and the Internet
• The Physical World vs. the Networked World
• Authentication
• Authorization Authentication
• Privacy and Confidentiality
• Data Integrity
• Trust
3. Securing the Internet
4. Public Key Infrastructure
• Network of Trust
• Identity Verification
• Technology
• Applying for a Certificate
• Certificate Management
• policies, Procedures, and Practices
• Operations
• Part 2: Case Studies
5. Use of Public Key Systems
• Justification
• Public Key Buckets
• Identification
• Securing Communication
• Application Integration
6. Identification and Authentication
• GE Research Center
• GTE
• Hewlett-Packard
• Liberty Financial Companies, Inc.
• State of Massachusetts
• QSpace
• USWeb
7. Securing Communication
• Ultramar Diamond Shamrock
• Mellon Bank
• PrimeHost
• Wells Fargo
8. Application Integration
• CyberCash
• E-Stamp
• NetDox
• Open Market. Inc.
• United States Postal Service
9. Secure Electronic Transaction Protocol
• Business Situation
• How SET Works
• Part 3: Issues
10. Technical Issues
• Hardware vs. Software
• Interoperability
• In-House vs. Outsourcing
• Algorithms
• Public Key Cryptography in Applications
• Standards
• Key Size and Key Splitting
• Key Recovery/Escrow
• Security Policies and Procedures
• Registration Authority Functionality
• Directory Services
• Revocation Lists
11. Legal Issues
• Digital Signature Legislation
• Certificate Holder Responsibility
• CA Responsibilities and Liabilities
• CA Requirements
• Technology Implications and Requirements
• International Issues
• Certification Practice Statements
• Relying Parties
• Agreements
12. Business Issues
• Business Models and Risks
• Hardware vs. Software
• Interoperability and Cross Certification
• In-House vs. Outsourcing
• Public Key Cryptography in Applications
• Key Recovery/Escrow
• Security Policies and Procedures
• Certificate Holders Responsibility
13. Developing Requirements
• Product or Service?
• Understanding Requirements
• Futures
• Budget
• Pricing
• Requirements Document Contents
• Evaluation
• Part 4: Vendor Review
14. CA Products and Services
• Atalla Corporation
• BBN Corporation
• CertCo
• Cylink Corporation
• Entrust Technologies Inc.
• GTE CyberTrust Solutions Incorporated
• International Business Machines Corporation (IBM)
• Netscape Communications
• VeriSign
• Xcert Software Inc.
15. Application and Toolkit Vendors
• E-Stamp Corporation
• Product/Services Offered
• Harbinger
• Premenos Technology Corporation
• RSA Data Security, Inc., a Security Dynamics Company
• S/MIME Products
• SET Vendors
• Web Browser and Server Vendors
• Part 5: What The Future Holds
16. Future Applications
• Remote Authentication
• Internet VAN
• Remote Trusted Devices
• Distributed Applications
• Signed Instruments
• The Impact of Certificates and Digital Signatures on Business
• Closing Notes

• Appendix I: Hobbes' Internet Timeline
• Appendix II: Trading Partner Agreement
• Digital Signature Trading Partner Agreement
• Appendix III: Digital Signature Legislation
1. Introduction
2. The Law of Signatures
3. Digital Signature Technology
4. Verifying Owners of Public Keys Pairs
5. Legal Considerations
6. Overview of Liability
7. Liability for the Loss or Compromise of the Private Key by Subscribers
8. Liability of Certification Authorities
9. Regulatory Oversight of Certification Authorities
10. Technological Standards
11. Digital Signature Legislation
12. Conclusion
• Appendix IV: Digital Signature Legislation Status
• State Legislation and Regulations
• Federal Legislation and Regulations
• International
• Appendix V: Pointers to Pertinent Web Sites
• Appendix VI: US Government

The title says it all, but it is pretty boring.