Internet :
A global “network of networks” that connects individual computers and many computer networks for the purpose of exchanging information among millions of people.
In other words INTERNET refers to the global information systems that-
· Is logically linked together by a globally unique address spaces based on the Internet Protocol (IP) or its subsequent extensions:
· Is able to support communications using the Transmission Control Protocol/ Internet Protocol (TCP/IP) suits or its subsequent extensions/followons, and /or other IP-compatible protocol.
· Is provide, uses or marks accessible, either publicly or privately, high level services layered on the communications and related infrastructure.
Internet Requirement :
At a very basic level, a user needs the following access the Internet:
· An Internet access account from an ISP [ Internet Service
· Provider
· ]
· A Computer
· A Modem connected to a telephone line
· Necessary software for connecting to the Internet and accessing information.
Types of Internet Access :
There are two types of Internet connection :
a. Dedicated Internet Access
· It allows the computer tom remain connected to the internet 24 hrs. a day.
· Large companies and Universities have such connection all over the world.
b. Dial-Up Access
· Internet Service Provider is dialed using communication software on the computer.
· Internet can be accessed only for a fixed number of hours.
Internet :
This is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP). It is a "network of networks" that consists of millions of smaller domestic, academic, business, and government networks, which together carry various information and services, such as e-mail, online chat, file transfer, and the interlinked web pages and other resources of the World Wide Web (WWW). The Internet and the World Wide Web are not synonymous. The Internet is a collection of interconnected computer networks, linked by transmission media. In contrast, the Web is a collection of interconnected documents and other resources, linked by hyperlinks and URLs. The World Wide Web is one of the services accessible via the Internet.
Intranet :
An intranet is a private computer network that uses Internet protocols and network connectivity to securely share part of an organization's information or operations with its employees. Sometimes the term refers only to the most visible service, the internal website. The same concepts and technologies of the Internet such as clients and servers running on the Internet protocol suite are used to build an intranet. An intranet can be understood as "a private version of an Internet," or as a version of the Internet confined to an organization.
Extranet :
An extranet is a private network that uses Internet protocols, network connectivity, and possibly the public telecommunication system to securely share part of an organization's information or operations with suppliers, vendors, partners, customers or other businesses. An extranet can be viewed as part of a company's Intranet that is extended to users outside the company. Briefly, an extranet can be understood as a private intranet mapped onto the Internet or some other transmission system not accessible to the general public, but is managed by more than one company's administrator(s). For example, military networks of different security levels may map onto a common military radio transmission system that never connects to the Internet. Any private network mapped onto a public one is a virtual private network (VPN). In contrast, an intranet is a VPN under the control of a single company's administrator(s).
Internet Services :
1. World Wide Web :
The world wide web WWW or W3 is an information retrieval system that allows users on computer networks, a consistent means of access to a verity of media throughout the internet.
2. E- Mail :
Electronic mail or e-mail allows computer users locally and worldwide to exchange message. Each user of e-mail has a mailbox address to which message are sent. Messages sent through e-mail can arrive within a matter of seconds. A powerful aspect of this service is option to send electronics files to person’s e-mail address.
e-mail format :
· Header
· Body
· From
· Subject
· Date
· CC
· BCC
· Attachment(s)
Advantage of e-mail :
· Cost effective
· High Speed
· Easy to Use
· Time Saving
· Wastage Reduction
· Record maintenance
3. FTP :
FTP Stand for File Transfer Protocol. This is both a program and the method used to transfer between computers on the internet. FTP is an option that allows any user to transfer files between computers on the internet.
4. TELNET
TELNET is a program that allows you to log into computer on the Internet and use online database, library catalogs, and chat services, information services such as the WWW.
Search Engine :
A Search engine is used to find information on the Internet when you don’t know where start. Search engine allows users to enter keywords to find Internet sites. An internet search engine allows the user to enter keyword relating to topic and retrieve information about internet sites containing those keywords. Search engine are available for many of the internet protocols. Most popular search engines are: Google, Alta Vists, Khoj.com, yahoo etc.
Browser :
A browser is a computer program that resides on the computer enabling user to the computer to view WWW documents and access the internet talking advantage of text formatting, hypertext links, images, sounds, motion, and other features. i.e. Internet Explorer , Firefox, Netscap Nevigator, Mozilla, Safari, Opera etc. Web browser is a client program that allows you to display and interact with a hypertext document. Web browser are two types Text based browser and graphical. Text based web browser can be used using a shell account.
Web browser use the URL to retrieve the file from the source computer and the directory in which it resides, the file is the
SECURITY THREATS
The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often-damaging effects.
The most common blunder people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you to better protect your computer from their often-damaging effects.
VIRUS AND WORMS:
Worms :
In computer science, a worm is similar to a virus by design and is considered a sub-class of a virus. This self-replicating program does not alter files but resides in active memory and duplicates itself. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
Worm is harmful for neither software nor software but may decrease system speed because of replication. Worms use parts of anoperating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
Virus:
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses asattachments in the e-mail.
TROJAN HORSE:
In the context of computer software, it is a kind of security attack. Trojan horse is a program that appears to be legitimate but designed to have destructive effects, as to data residing in the computer onto which the program was loaded. The Trojan horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. The Trojan horse installs malicious software while under the guise of doing something else. Though not limited in their payload, Trojan horses are more notorious for installing backdoor programs, which allow unauthorized non-permissible remote access to the victim's machine by unwanted parties - normally with malicious intentions. Unlike a computer virus, a Trojan horse does not propagate by inserting its code into other computer files. The term was derived from the classical myth of the Trojan horse. Like the mythical Trojan horse, the malicious code is hidden in a computer program or other computer file, which may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When the unsuspecting user executes this computer program or file, the malicious code is also executed resulting in the set up or installation of the malicious Trojan horse program.
Often the term is shortened to simply Trojan.
There are two common types of Trojan horses. One is ordinary software that has been corrupted by a hacker. A hacker inserts malicious code into the program that executes while the program is used or modified. Examples include various implementations of weather alerting programs, computer clock setting software, and peer-to-peer file sharing utilities. The other type of Trojan is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into executing the file or program.Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Trojan horse programs depend on actions by the intended victims. As such, if Trojans replicate and distribute themselves, each new victim must run the Trojan.
A Trojan horse is an email virus usually released or attached by an email attachment. If opened, it will scour your hard drive for any personal and financial information such as your social security, account, and PIN numbers. Once it has collected your info, it is sent to a thief’s database.
There are several different types of Trojans. Some of these include: remote access Trojans (RATs), backdoor Trojans (backdoors), IRC Trojans (IRCbots), and keylogging Trojans. Many Trojan encompass multiple types. For example, a Trojan may install both a keylogger and a backdoor. IRC Trojans are often combined with backdoors and RATs to create collections of infected computers known as botnets.
It is important to note, though, that though most of Trojans actions are considered harmful, there are some actions that Trojans perform that actually annoying but harmless. Examples of the types of actions that a Trojan may perform are:
1. Delete files and data
2. Lock you out of your computer
3. Processing speed affected ( Slow)
4. Install backdoors so remote users can access your computer remotely.
5. Execute commands on your computer
6. Steal passwords that you enter into certain types of sites.
7. Restart your computer
As you can see from the above examples, not all of them are harmful, but they are all unwanted. Examples of how Trojans masquerade as beneficial programs are:
Fishing:
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Antivirus:
An Antivirus is a computer program that checks you computer for viruses and prevents their spread. Antivirus is designed software designed to defend your computer against malicious software. Malicious software or "malware" includes: viruses, Trojans, key loggers, hijackers, dialers, and other code that vandalizes or steals your computer contents. In order to be an effective defense, your antivirus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.
E-Commerce :
In global world many companies are transferring/ moving their business to the cyber space and the government showing sign to accelerating the pace of development. E-commerce promise to be a ‘VIRTUAL BAZAR’ at international level for localized Indian companies or the companies which are small in size and can not advertise their product globally.
E-commerce is the use of telecommunication and data processing technologies to improve the quality of transaction between business and their partners. E-commerce is the buying and selling of goods and services on the internet, especially the world wide web.
E-commerce may be defined on the basis of the following perspectives:
· Communication Perspective :
· Business Process Perspective :
· Online Perspective :
e-commerce is the use of thy internet for a range of business purpose, including :
· Marketing and publicity.
· Online Sales via web
· Communication
· Online advertisement
· Business to Business transaction
· Information Dissemination
· Online and real time transaction
Types of E-Commerce :
· Business–to–Business (B2B)
· Business–to–Customer (B2C)
· Customer–to–Business (C2B)
· Customer–to–Business (C2C)
Applications of e-commerce:
· E-advertisement
· E-Marketing
· E-Booking through credit cards
· E-book
· E-commerce & trading in stock exchange
· Information Services
· Education and Medicine
Function of E-Commerce
· Communication Management
· Process Management
· Service Management
· Transaction Management
Advantages of E-Commerce
· Easy and convenient shopping
· Unlimited market pace, and business access
· Shrink the Competition Gap
· Improved Productivity
· Cost Saving
· Streamlined Business Processes
· Better Customer Services
· Opportunities for new business
· Border Market approach
· Eliminate the chain of Commission agent
· Workflow Automation
· Secured Payment Systems
· Increased efficiency and accuracy
· Better Forecasting
· Instant Communicatio
Security Threats of E-Commerce
· Delay in delivery of products
· Uncertainty in delivery and fraud
· Limited and selected sensory information
· Difficulty in Returning goods
· Security and Security
· Payment and Identification
· Difficulty in very small and big transactions.
Electronic Payment Systems [EPS]:
Today in global world, banks are inevitable involved in payment systems, whether a transaction is traditional or an e-commerce transaction.
A Layered Protocol Model : A three layer model is used to compare payments schemes.
Policy: The semantic of the payment scheme. This includes policies, and the liabilities incurred by customers, merchants and financial instruction.
Data Flow: The requirement of storage of data by and communication between the parties. This includes not only the data flow for payments themselves but also for refunds, account enquires and settlement.
Mechanisms: The method by which the necessary security requirement for messages and stored data are achieved. All three abstraction levels are tightly coupled since policy makes requirements of data flow and data flow makes requirements of mechanism.
Payment Protocol Model
Cash : Cash consists of a token which may be authenticated independently of the issuer. This is commonly achieved through use of self authenticating tokens or tamper proof hardware.
Cheque :Cheque are payment instruments whose validity requires reference to the one issues.
Card : Card payment scheme provide a payments mechanism through the existing credit card payment infrastructure. Such schemes have many structure similarities to Cheque model except that solutions are constrained by that structure. A key feature of card payment system is that every transaction carries insurance. For example : E-Banking, E-Taxation
Electronic Data Interchange [EDI]:
EDI provides business process integration across companies by exchanging business documents such as purchase order, Invoice and shipment notice in electronic from using industry standard format such as ANSI (American National Standard’s Institute) and EDIFACT (Electronic Data Interchange for Administration Commerce and Transport).
EDI is electronic exchange of structured business information in standard formats, between computers. EDI eliminate the need for paper based system by providing an electronic link between companies.
In EDI, information is passed electronically from one computer to another over a network without having to be read, retyped or printed. Any company or group, partner’s uses EDI, is called a trading partner. The computers that different trading partner’ use, do not have to be from the same manufacturer. The information that EDI handles includes purchase orders and invoices. Current uses of EDI are as follows:
· Automatic Teller Machine (ATM) in bank where EDI is used for transferring and withdrawing funds between different bank accounts.
· Airline Reservation Systems.
· Stock Exchange Transactions.
· Railway Reservation Systems.
Benefits of EDI :
· Data availability in electronic form
· Minimized paperwork
· Reduced data entry errors
· Minimized processing cycle time.
· Reduced inventories and better planning
· Standard means of communication
· Better business processes.
· Components of EDI
· Application Services.
· Transaction Services.
· Communication Services.
E-Governance :
In today’s competitive environment, it is imperative that IT perform faster, better and more efficient, with fewer resources, Every It resource must prove its value and support the administration and management. E-governance enables that application of electronic in:
· The interaction between government and citizen (G2C).
· The government and business (G2B).
· In internal government operation (G2G).
· The governance and employee (G2E)
To simplify and improve democratic, government and business aspect of governance.
Objective of the E-Governance :
With a strategic objective to support and simplify governance for all parties, government, citizen, business and employee by using ICT for attaining good governance, following board objectives of the E-governance can be identified.
· Improve connections between citizens and government and encourage their participation in governance.
· Open up avenues for direct participation of women in government policy making process
· Reduce Poverty
· Enhance democratization and citizen empowerment.
Need of e-governance for development :
· Automation
· Informatization
· Transformation
Efficiency Gains:
· Governance that is cheaper
· Governance that is quicker
· Governance that does more
Effectiveness Gains:
· Governance that works better
· Governance that is innovative
Introduction to Cryptography:
Cryptography is the technology science and art of writing secrete codes. Internet provide unsafe environment during transmission of data. With in the context of any application –to-application communication. There are some specific security requirements, including :
Authentication:
Authentication means who are you? Your password and Login Name, the process of providing an identity of a person.
Privacy or confidentiality:
Ensuring that no one can read the message except the intended receiver.
Integrity :
Integrity means assuring the receiver that received message has not been altered in any sense from the original form.
Non-repudiation :
A method, which proves that the sender has really send this message.
Thus cryptography, not only protects data from theft or misuse, but can also be used for uswer authentication process.
In general three types of cryptographic schemes typically used to achieve these goals;
· Secrete-key cryptography (Symmetric)
· Public-key cryptography (Asymmetric)
· Hash Function
The Unencrypted data is called to as PLAIN TEXT. It is encrypted into CIPHER TEXT. Which will in turn be decrypted into plain text.
Smart Card :
A Smart Card, Chip Card, or Integrated Circuit Card (ICC), is a plastic card the size of a credit card with an integrated circuit built into it. This integrated circuit may consist only of EEPROM in the case of a memory card, or it may also contain ROM, RAM and even a Processor. This data is associated with either value or information or both and is stored and processed within the card's chip, either a memory or microprocessor. The card data is transacted via a reader that is part of a computing system. Smart card-enhanced systems are in use today throughout several key applications, including healthcare, banking, entertainment and transportation.
- VCC- Power supply
- GND- Ground or reference voltage
- CLK- Clock
- VPP- Programming voltage
- RST- Reset signal
- I/O- Serial Input/Output
Types of Smart Cards
These cards can be divided into three types;
(1) According to the uses -- contact or contact less cards,
(2) According to the architecture -- Integrated Circuit (IC) cards or IC cards with Microprocessor (3) Optical Memory Cards. E-cards that contain two or more chip technologies are referred to as hybrid cards or combo cards. There is a wide range of options to choose from when designing your system.
Contact Card
This is the most common type of smart cards. The contact card is easy to identify because of its gold connector plate contact smart cards have a small gold chip about 1cm by 1cm on the front view. Contact cards require insertion into a smart card reader with a direct connection to a conductive micro-module on the surface of the card. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back. Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer, a point of sale terminal, or a mobile telephone. Contact smart cards are the size of a conventional credit or debit card with a single embedded integrated circuit chip that contains just memory or memory plus a microprocessor.
Memory-only chips are functionally similar to a small floppy disk. They are less expensive than microprocessor chips, but they also offer less security so they should not be used to store sensitive or valuable information. Chips that contain both memory and a microprocessor are also similar to a small floppy disk, except they contain an "intelligent" controller used to securely add, delete, change and update information contained in
memory. The more sophisticated microprocessor chips have state-of-the-art security features built in to protect the contents of memory from unauthorized access.
When contact smart cards are inserted into a card acceptor device where pins attached to the reader, these pins make "contact" with pads on the surface of the card to read and store information in the chip.
Applications- This type of e-card is used in a wide variety of applications, including network security, vending, wireless communications, meal plans, loyalty, electronic cash, government IDs, campus IDs, e-commerce and health cards.
Contactless Smart Cards
These are smart cards that employ a radio frequency (RFID[1]) between card and reader without physical insertion of the card. Instead the card is passed along the exterior of the reader and read. Types include proximity cards which are implemented as a read-only technology for building access. These cards function with a limited memory and communicate at 125 MHz. In addition to the features and functions found in contact smart cards, contactless smart cards contain an embedded antenna instead of contact pads attached to the chip for reading and writing information contained in the chip's memory.
Contactless cards do not have to be inserted into a card acceptor device. Instead, they need only be passed within range of a radio frequency acceptor to read and store information in the chip. The range of operation is typically from about 2.5" to 3.9" (63.5mm to 99.06mm) depending on the acceptor. Contactless smart cards are often used in situations where transactions must be processed very fast such as in mass-transit turnstiles or toll collection points.
Applications- Contactless smart cards are used in many of the same applications as contact smart cards, especially where the added convenience and speed of not having to insert the card into a reader is desirable. There is a growing acceptance of this type of card for both physical and logical access control applications. Student identification, electronic passport, vending, parking and tolls are common applications for contactless cards.
Combi Cards :
Combi Cards provides dual interface since they contain both contact chip and antenna (contact and contactless features). These cards can be accessed through either contact pads or an embedded antenna. This form of smart card is growing in popularity because it provides ease-of-use and high security in a single-card product.
Mass transit is expected to be one of the more popular applications for the Combi card. In the mass transit application, a contact-type acceptor can be used to place a cash value in the chip's memory and the contactless interface can be used to deduct a fare from the card.
Hybrid Cards
Hybrid card is the term given to e-cards that contain two or more embedded chip technologies such as a contactless smart chip with its antenna, a contact smart chip with its contact pads, and/or a proximity chip with its antenna - all in a single card. The contactless chip is typically used for applications demanding fast transaction times, such as mass transit. The contact chip can be used in applications requiring higher levels of security. The individual electronic components are not connected to each other even though they share space in a single card.
Integrated Circuit (IC) cards without Microprocessor
Integrated Circuit (IC) cards without microprocessor can store data, but can’t t process data. IC memory cards can hold up to 1-4 KB of data, but have no processor on the card with which to manipulate that data. IC cards are dependent on the card reader (also known as the card-accepting device) for their processing and are suitable for uses where the card performs fixed operations.
Integrated Circuit (IC) cards with Microprocessor
The microprocessor smart card is defined as an IC chip contact card with a microprocessor and memory. The size of a credit card, this smart card contains a dime-sized microchip that can process and store thousands of bits of electronic data. Unlike passive devices (such as a memory card or magnetic stripe card) that can only store information, the microprocessor smart card is active and able to process data in reaction to a given situation.
This capability to record and modify information in its own non-volatile, physically protected memory makes the smart card a powerful and practical tool - smart cards are small and portable, they can interact with computers and other automated systems, and the data they carry can be updated instantaneously.
Optical Memory Cards
Optical cards can only store data, but have a larger memory capacity than IC memory cards. Optical cards store up to 4MBs of data. But once written, the data cannot be changed or removed. Thus, this type of card is ideal for record keeping - for example medical files, driving records, or travel histories. Today, these cards have no processor in them (although this is coming in the near future). While the cards are comparable in price to chip cards, the card readers use non-standard protocols and are expensive.
Benefits of Smart Card
Smart cards find applications in a wide variety of fields. They are convenient to carry and easy to use. They assure protection of data stored on them and offer user authentication facilities. The secret of their popularity lies in the manifold benefits they offer. Sure, they are here to stay!
ü Convenient- It is always safer to carry a single card than bundles of green bucks. Moreover, the purchase of goods, payment of bills and other bank transactions can be performed easily and speedily with the use of smart cards.
ü Security- Smart cards offer protection of information that is stored on them. By using smart, you eliminate a username/password compromise as a potential point of entry (ID-Password can not be hacked). The smart card technology offers transaction security. Each card has a unique serial number of its own and is capable of performing encryption, thus reassuring secure transactions. Modern-day smart cards have a chip operating system, which possesses error-checking capabilities and user authentication facilities.
ü Processing- Smart cards can not only store data, but also process information. Through smart card readers, one can communicate with other computing devices. Moreover, smart cards are electrically erasable because of which they can be modified. It is possible to update information stored on the card without having to issue a new one.
ü Portability- Owing to their small size, they can be easily carried along. Their communication with the readers is wireless, thus makes it easy to use. Owing to their portability and wireless capabilities, the smart card technology can be implemented in remote areas where wired online communication is not possible. Due to the ease of use and high transaction speeds offered by them, the elderly, the disabled and the socially deprived can achieve improved access to resources and services.
Contact Cards
|
Contactless Cards
| |
Main Component
|
Small gold chip about 1cm by 1cm on the front
|
Magnetic strip
|
Reading
|
Inserted into a card reader
|
Data read by RFID between card and Reader
|
Fabrication
|
EEPROM (volatile), RAM, Processor
|
Magnetic strip, Antenna, ROM (non-volatile)
|
Maximum-Data Capacity
|
8 Kbytes
|
140 bytes
|
Processing Power
|
Processor (16 or 32 bits)
|
None
|
Applications
|
SIM, N/W security, E- Commerce, health cards etc.
|
Vending, tolls, Credit/Debit Cards, ID cards etc.
|
What is a digital signature :
You can use a digital signature for many of the same reasons that you might sign a paper document. A digital signature is used to authenticate digital information — such as form templates, e-mail messages, and documents — by using computer cryptography. Digital signatures help to establish the following assurances:
- Authenticity The digital signature helps to assure that the signer is who he or she claims to be.
- Integrity The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed.
- Non-repudiation The digital signature helps prove the origin of the signed content to all parties. "Repudiation" refers to the act of a signer denying any association with the signed content.
To make these assurances about a form template, you must digitally sign your form template. You can also enable digital signatures for your form template so that your users can make the same assurances about the forms that they fill out. In either case, the following requirements must be met in order to digitally sign a form or form template:
- The digital signature is valid.
- The certificate associated with the digital signature is current (has not expired).
- The signing person or organization, known as the publisher, is trusted.
- The certificate associated with the digital signature is issued to the publisher by a trusted certificate authority (CA).
No comments:
Post a Comment