From December press release
Digital Signature Guidelines Tutorial
People are "surfing" the Internet for knowledge, amusement, and to make small purchasesusing secure browsers which can encrypt credit card numbers. Very soon, however, the Internetwill be used to conduct serious commercial transactions where it is not enough to merely encryptthe message but to make sure that the message originates from the entity allegedly sending it andhas not been altered or garbled in transit.
Those engaging in such commerce will want to know that the message and the electronic"signature" attached to the message can both be verified and can be used in court to bind the"signer" to the deal. Looking ahead, the American Bar Association Section of Science andTechnology has produced the first legal overview of the use of cryptology, electronic signatures,and entity authentication over an open network like the Internet (called "open" because anyonecan "tap" the Internet and intercept electronic traffic flowing over it). The resulting document iscalled the Digital Signature Guidelines, now available from the ABA.
Business owners who have an interest in using the Internet for commercial transactionsneed a basic understanding of the process and the legal principles underlying electroniccommerce. The "Digital Signature Guidelines" begin with a tutorial that describes in simpleterms the technological elements of the public key encryption system. Public key cryptosystemsare based on the use of an associated key pair: a private key that is kept private, and a public keythat can be published. The system allows secret messages to be sent over insecure channels likethe Internet. By encrypting the messages using the intended recipient's openly available publickey, the sender can be certain that only the intended recipient -- the holder of the associatedprivate key -- will be able to decrypt the message.
The "Guidelines" also describe a system for ensuring the identity of the holder of aprivate key, for making digital signatures as usable in commerce and in legal proceedings as awritten signature on paper, and for ascribing appropriate responsibility to those engaged inelectronic commerce should one of the parties involved deny liability under the transaction. Essential to the process is the concept of a Trusted Third-Party. Such parties will investigate toassure themselves, and the public, of the link between the public key and the holder of the privatekey, authenticate dates and times of transactions, and electronically publish reports of privatekeys that are no longer reliable. All of this -- the transaction, the signatures, the authentication,the dating, and so on -- is electronic and requires no paper and no warehouses full of documents,and can be accomplished with the speed that is now essential to world-wide commerce.
Download a FREE full text copy of the Digital Signature Guidelines!
100pp. Paper.
ISBN: 1-57073-250-7
Product Code: 5450012
