Klara GóralKarolina KozakIgnacio Lastres

Electronic signature

Agenda:1. Introduction2. General overlook3. Legal statements4. History5. Construction6. Use of electronic signature7. Future

General overlook

Signature

Stylized script associated with a

person

Electronic signature

An electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record

electronic signature vs.

digital signature

Legal statements

Laws regarding use of electronic signatures

Canada - PIPEDA

Japan - Law Concerning Electronic Signatures and Certification Services

India - Information Technology Act

European Union - Electronic Signature Directive

Czechia – Zákon o elektronickém podpisu

Croatia

Costa Rica - Digital Signature Law China - Law of the

People’s Republic of China on Electronic Signature

Canada - PIPEDA

Singapore - Singapore Electronic Transactions Act

Poland - Ustawa o podpisie elektronicznym

Philippines - Electronic Commerce Act

Peru - Ley Nº 27269. Ley de Firmas y Certificados Digitales

Mexico - E-Commerce Act

Republika Srpska 

Spain - Real Decreto-ley 14/1999, sobre firma electrónica

South Africa - The Electronic Communications and Transactions Act

Slovenia Slovene Electronic Commerce and Electronic Signature Act

Slovakia - Zákon č.215/2002 o elektronickom podpise

U.S. - Digital Signature And Electronic Authentication Law

UK - s.7 Electronic Communications Act 2000

Turkey - Electronic Signature Law

Laws regarding use of electronic signatures

Canada - PIPEDA

Japan - Law Concerning Electronic Signatures and Certification Services

India - Information Technology Act

European Union - Electronic Signature Directive

Czechia – Zákon o elektronickém podpisu

Croatia

Costa Rica - Digital Signature Law China - Law of the

People’s Republic of China on Electronic Signature

Canada - PIPEDA

Singapore - Singapore Electronic Transactions Act

Poland - Ustawa o podpisie elektronicznym

Philippines - Electronic Commerce Act

Peru - Ley Nº 27269. Ley de Firmas y Certificados Digitales

Mexico - E-Commerce Act

Republika Srpska 

Spain - Real Decreto-ley 14/1999, sobre firma electrónica

South Africa - The Electronic Communications and Transactions Act

Slovenia Slovene Electronic Commerce and Electronic Signature Act

Slovakia - Zákon č.215/2002 o elektronickom podpise

U.S. - Digital Signature And Electronic Authentication Law

UK - s.7 Electronic Communications Act 2000

Turkey - Electronic Signature Law

The Electronic Signatures in Global and National Commerce Act (ESIGN)

Validity and legal effect of contracts entered into electronically

legal status equivalent to a written signature

may not be denied legal effect, validity, or enforceability solely because it is in electronic form

Legal requirements of electronic signatures:must be unique to the person using itmust be verifiable must be under the sole control of the person

using it must guarantee that the document signed

cannot be altered after it has been electronically signed

must capture and preserve the signer's intent, consent, understanding, or responsibility related to a document that is being signed

History

History of electronic signaturesBefore 1861 – morse code used to send

messages electronically by telegraphy1869 - acceptance of the enforceability of

telegraphic messages as electronic signatures in New Hampshire Supreme Court

1980s – use of fax1990s - Acceptance of the enforceability

of agreements made by e-mail, entering PIN into a bank ATM, signing a debit or credit slip with digital pen pad device, installing software with a clickwrap software licence on the package, signing electronic documents online

History of electronic signaturesJoint Communicué on electronic commerce first agreement signed

electronically by USA and Ireland in 1998

Construction How it works?

Cryptography

The basis of electronic signatures is cryptography, mathematical discipline that not only handles the encryption of texts to ensure their confidentiality and provides mechanisms to ensure data integrity and identity of participants in a transaction.

Cryptography

Encryption involves transforming a plain text (understood by all) by an algorithm in a cipher text, thanks to a secret or encryption key, which is unintelligible to all except the legitimate recipient. 

HASH function

Hash function

 To obtain a hash (also called a message digest) of a text

 fairly short series of characters representing

the text to which you apply this hash function the fingerprint of a document.

Hash function Must only associate a hash with a plain

text  the slightest alteration of the document will cause a change in the hash. 

It must be a one-way function  for the original message

can not be retrieved from the hash. If there is a way of finding the plaintext  from the hash, it seems that the hash function has a "trapdoor. "

Hash algorithmsMD5 (Message Digest) 

- developed by Rivest in 1991- creates (from a text whose size is chosen

at random) a 128-bit fingerprint processing it into blocks of 512 bits.

- it is common to see Internet downloads  that are accompanied by MD5 files to

verify its integrity.

Hash algorithmsSHA (Secure Hash Algorithm)

- creates a digital fingerprint that is 160 bits of length.

- SHA-1 is an improved version from 1994

produces a fingerprint of 160 bits from 

a message that has a maximum length of 264 bits and processed in blocks of 512 bits.

Integrity verificationwhen sending a message along

with its hash the recipient can be sure that the message has not been altered(intentionally or accidentally).

when a recipient receives a message simply has to calculate the hash of the received message and comparing it with the hash that accompanies the document. 

if  the message(or hash) is falsified

during the communication, the two digital fingerprints will not coincide.

Sealing datato ensure that the message has been

sent by the person claiming to be the sender.

the sender simply encrypts (signs) the hash using its private key (seal) and send the seal to the recipient

the recipient must decrypt the seal with the sender's public key

then the recipient must compare the  received hash with the hash

function of the hash received as attachment.

Methods of encryptionAsymmetric encryption or public key

- when using a pair of separate keys for encryption and decryption processes. 

- one key, the private is kept secret, while the second key, the public, is known by everyone.

-using RSA algorithms, Diffie-Hellman, etc.

Example1. John produces a summary of the document.2. John encrypts the abstract with his private

key, thereby signing the document.  This summary is your electronic signature. 3.John sends the document along with the summary  signed (electronic signature) to Peter.4. Peter produces a summary of the document

received from John, using the same function summary way. 

5. Peter then decrypted with the public key of John, which is known, the summary signed (electronic signature of John). 

6. If the digest matches the digest signed Peter  has generated the electronic signature is valid.

Methods of encryptionSymmetric key encryption or secret

- when using the same key in encryption and decryption operations. 

- these systems are much faster than public key, and appropriate for the encryption of large volumes of data.

- this is done using algorithms such as IDEA, RC5, DES, Triple DES, etc..

Use of electronic signature

Use of electronic signaturese-government and on-line bankingsigning electronic contracts and

other documentsauthorizing online forms and

service ordersprovide advantage over non-user

competition

Future

Electronic signatures in PolandID card with chip