Hungary's Electronic Signature Act: Enhancing economic development with Secure Electronic Commerce transactions

Hungary's Electronic Signature Act (ESA) became effective in 2001 and provides for legal recognition of electronic signatures (e-signatures) and electronic documents. Electronic documents and e-signatures are presumed to be admissible evidence in court and may not be challenged successfully based on the mere fact of their electronic form. An electronic document signed with an e-signature is deemed to be in compliance with a statutory requirement for a handwritten signature on a paper document. However, the ESA excludes family-related documents (e.g., marriage certificates and divorce decrees), and those documents must continue to be in paper form to have legal validity. Also, consumers are not obligated to accept the electronic form; if a consumer objects, a business firm must use paper documents. Hungarian government departments may elect to issue or accept electronic documents. Although all types of e-signatures are recognized, the digital signature enjoys most-favored status because it utilizes cryptographic methods resulting in a heightened degree of reliability and security. The ESA provides for the licensure of certification authorities (CAs). In order to get a CA license, an applicant applies to the Hungarian Communications Inspector (Authority) and must meet financial and knowledge requirements and not have a prior criminal record. The principal duties of CAs are to issue certificates to successful applicants and confirm the authenticity and integrity of e-signatures (and the electronic documents to which they are attached) to relying third parties. Before issuance of the certificate, the CA must confirm the identity of the applicant and ensure that all information received on the application is accurate. The CA is responsible for maintaining the security of all information that it receives from the applicant. For a CA to issue a 'qualified' certificate it must comply with higher security standards; the only type of e-signature that can meet these standards is the digital signature. When a qualified certificate is issued, the subscriber will be given the private key that will enable them to 'sign' electronic documents. CAs must maintain a publicly accessible repository of certificates and public keys that can be used to decrypt a subscriber's message. A CA may incur legal liability for publishing a certificate with inaccurate information or for issuing a private key that does not have an interactive relationship with its public key. The ESA provides for legal recognition of certificates issued by CAs in foreign countries if the foreign CA meets one of the five criteria.     

Security of the design of time-stamped signatures

To ensure integrity and originality of digital information, digital signatures were proposed to provide both authority and non-repudiation. However, without an authenticated time-stamp, we can neither trust signed documents when the signers' signature key was lost, stolen, or accidentally compromised, nor solve the cases when the signer himself repudiates the signing, claiming that has accidentally lost his signature key. To withstand forward forgery suffered by linking schemes and to reduce verification cost, Sun et al. proposed four time-stamped signature schemes that are based on absolute temporal authentication. Though Sun et al. claimed that these schemes are quite secure against the forward forgery, we find that they suffered from substitution attacks, by which the signer can backward/forward forge signatures and the time-stamping service can also forge signatures. Finally, we also propose four time-stamped signature schemes to overcome these security flaws. Moreover, the proposed new schemes are more efficient than the Sun et al. schemes.     

电子身份认证的法律性质探究

电子身份认证在技术和制度层面上保证了电子商务和电子政务活动的安全,这种身份认证主要是通过电子签名及其认证而实现的,涉及到电子认证机构与电子签名人、电子签名信赖方之间的法律关系,所以明确三者之间的权利义务关系尤为重要。本文通过介绍电子签名、电子认证二者关系并分析了关于电子身份认证性质的各种学说,明确了电子身份认证是一种专业信用服务。     

Computer security research: a British perspective

Computer security is critical to software quality. With the emphasis in applications shifting from calculation to communication, the archiving, analysis, security, and privacy of information have become increasingly important. Most computer security research has focused on cryptography and network protocols. Today's security problems, however, include authenticity, digital signatures, data integrity, access control, electronic copyrights, and digital watermarking, which prevents unauthorized duplication and distribution of images and documents. The author presents a British perspective on computer security research     

散列函数和数字签名在保存电子证据方面的应用

本文首先介绍了与保存电子证据有关的数学算法。然后将讨论保存电子证据的现有方法在技术和可操作性方面存在的弱点,并提出了简化和改进证据保存和收集过程的解决办法。     

公文传输系统安全设计与实现策略研究

随着信息化的发展,有些地区、行业、单位应用现代通讯、办公技术与之配套的安全技术程度相对滞后,失泄密隐患和漏洞较多,有些单位甚至还处于不设防状态,公文安全存在严重隐患。本文基于PKI,利用数据加密、数字签名、数字信封进行身份认证、授权、加密、签名、审计,从整体上保证了安全公文传输的实现,加快信息处理节奏,增强信息处理能力,提高各级党政机关服务的质量和水平,从而更好地为建设和社会发展服务。     

Digital signature: use and modification to achieve success in next generational e-business processes

A US law, the electronic signatures (E-Sign) in Global and National Commerce Act (signed by then President Clinton on 30 June 2000 with an effective date of 1 October 2000), grants electronic signatures legal validity equivalent to traditional hand-written counterparts. The intention of this law is to cut costs while providing more stringent security. In the emerging e-commerce arena, electronic signatures hold great potential for facilitating secure electronic transactions. But signatures are used in many critical business processes that occur prior to or independent of final transactions. Contract development and numerous other processes entail a series of draft modifications and sign-offs. Can electronic signatures provide cost savings and security in these activities? In this paper, we

• (i)detail fundamentals and the current status of electronic signatures;
• (ii)describe the integration of electronic signatures with electronic verification and authentication technologies;
• (iii)explore e-commerce applications, especially document management processes, that could benefit from adopting electronic signatures; and
• (iv)propose modifications to the electronic signature process to enable innovative document management processes. We propose modifications using partial document ownership, soft signatures, and hard signatures.

     

A Hierarchical Extraction Policy for content extraction signatures

Content extraction signatures (CES) enable the selective disclosure of verifiable content from signed documents. We have previously demonstrated a CES Extraction Policy for fragment grouping to allow the document signer to designate which subsets of the original document are valid subdocuments. Extending this ability, we introduce a new Hierarchical Grouping Extraction Policy that is more powerful, and for which the encoding is dramatically smaller, than the existing Grouping Extraction Policy. This new Extraction Policy maps naturally onto the hierarchically structured documents commonly found in digital libraries. After giving a motivating example involving digital libraries we then conjecture as to how to enrich their functionality through the use of CESs. We also show how to implement the new extraction policy using XML signatures with a custom transform along with an improved design for the XML signature structure in order to achieve CES functionality.     

电子商务中的安全支付技术的研究

电子商务是新兴商务形式,信息安全的保障是电子商务实施的前提。该文针对电子商务中存在的安全问题,分析了电子商务中信息安全基本原理,介绍了应用于电子商务中的安全认证技术及目前电子商务中广泛使用的安全认证协议。     

电子商务中的安全支付技术的研究

电子商务是新兴商务形式,信息安全的保障是电子商务实施的前提。该文针对电子商务中存在的安全问题,分析了电子商务中信息安全基本原理,介绍了应用于电子商务中的安全认证技术及目前电子商务中广泛使用的安全认证协议。     

基于SM2联合签名的电子发票公开验证方案

为解决当前电子发票防伪困难、隐私泄露、验证效率低等问题,针对全程无纸化的电子发票文件,提出了一种基于国密签名算法的电子发票公开验证架构.面向电子发票文件数据来源复杂、票面用户信息敏感、数据流转频繁等特征及电子发票高效公开查验需求,在电子发票服务架构下设计电子发票生成及查验协议,基于无证书联合签名提出发票防伪签名码生成方...     

Business requirements for secure electronic communications

This article presents the experience gained over many years by Shell in the use of electronic business communications which have resulted in carefully developed strategies for maintaining control and security of sensitive electronic messages. These ideas include accreditation and certification schemes, the use of digital signatures, and the introduction of TTPs.     

基于XML的电子公文多重签名算法

随着电子公文应用的发展,多重签名算法的安全性成为研究热点。本文针对XML格式的电文公文多重数字签名的特点,提出了一种安全的多重数字签名算法。该算法在多重签名的产生阶段加入新的计算公式来生成多个签名,签名收集者使用算法就可以确定那一个签名者的签名被纂改。通过和Eric Jui-Lin Lu的签名方案比较,证明了该算法是可行和有效的。     

Document‐centric XML workflows with fragment digital signatures

The use of digital document management and processing is increasing. Traditional workflows of paper forms are being replaced by electronic workflows of digital documents. These workflows often require multiple signatures to be added to the documents for authorization and/or integrity. We describe examples of digital workflows that illustrate problems with digital signatures: i.e. the use of digital signatures across entire documents results in signatures that can be unnecessarily invalidated by subsequent modification of the document. We propose the use of fragment signatures, which reduce unnecessary invalidation of signatures and enable greater concurrency in workflows. Our approach is document‐centric and does not use a centralized database. We report on an implementation that allows fragment signatures over document fragments as well as the attachment (or embedding) of other documents. This allows collaborative or cooperative editing to occur on parts of a document without disturbing unrelated signatures. We describe the lessons learned from our deployments and offer further ways to embed such signatures into other document types. Copyright © 2010 John Wiley & Sons, Ltd.     

针对互联网盗版电子信息产品现状的一个解决方案

当前互联网电子信息产品盗版现象严重,为了解决这一问题,我们开发了新型数字信息安全传播平台。该平台基于海南大学信息学院顾建教授两项专利技术,即《任意周期可控复杂度满足公设的随机序列方法和系统》和《同一信道独立授权的数字信息安全传输方法和系统》。通过该平台,对电子信息产品版权起到很好的保护作用。     

Secure transfer of measurement data in open systems

The liberalization of different markets which are liable to legal metrology accelerates the need for transferring measuring data over open networks. This increases the involvement of communication technology in measuring systems and raises new security threats in legal metrology. The goal of the SELMA (Secure ELectronic Measurement dAta exchange) project is to create technical procedures according to legal requirements which ensure the secure transfer of measured energy data from decentralized meters to the authorized users via open networks.This paper gives an overall view of the research project SELMA and the developed concepts and technologies. The security architecture is presented and the standards and interfaces are described which were specified and afterwards used to implement and deploy a large-scale field trial. SELMA has developed a security architecture to establish trust in the electronic transfer of data from the meter to data acquisition systems and further to the customers. The introduced security mechanisms are based on asymmetric cryptography and more specifically on digital signatures that enable the signed measurement data to be verified and authenticated in conjunction with a suitable key management. Particular security units have been created that contain the necessary security mechanisms.The SELMA architecture represents a best practice solution of strong cryptographic mechanisms to secure a wide range of metrology applications and is compatible with appropriate European directives and guidelines.     

基于PKI的二维条码电子消费券及其系统设计

目前在电子商务中主要采用序列号形式的电子消费券,信息容量小且安全性差。为解决该问题,将PKI与二维条码技术相结合,提出一种新型二维条码电子消费券及其使用流程和系统架构,该电子消费券的创建过程为:将原始的消费券信息利用PKI技术进行签名和加密后,再利用Base64编码进行字符编码,最后利用二维条码技术生成二维条码图像形式的电子消费券。实验证明,相比现有技术,该电子消费券信息容量大,数据安全且来源可靠,并可以支持离线使用,适用于团购等新的电子商务模式。     

有关信息加密技术在计算机网络安全中的应用研究

信息加密技术是保障计算机网络安全的关键技术。本文将信息加密技术分为一般技术(对称和非对称加密技术)和新技术(数字签名、信息隐藏和量子加密技术等),并对其在计算机网络安全中的应用进行了较为深入的探讨。     

特殊数字签名在电子商务中的应用

通过分析电子商务中的一些特殊安全需求,找出解决这些安全需求的特殊数字签名技术及相应的签名方案,介绍了这些方案的基本思想、签名过程和验证方法,以及在保障交易安全方面的安全特性,讨论了特殊数字签名技术在电子商务中的应用前景.     

Reactively secure signature schemes

Protocols for problems like Byzantine agreement, clock synchronization, or contract signing often use digital signatures as the only cryptographic operation. Proofs of such protocols are frequently based on an idealizing “black-box” model of signatures. We show that the standard cryptographic security definition for digital signatures is not sufficient to ensure that such proofs are still valid if the idealized signatures are implemented with real, provably secure signatures. We propose a definition of signature security suitable for general reactive, asynchronous environments, called reactively secure signature schemes, and prove that, for signature schemes where signing just depends on a counter as state, the standard security definition implies our definition. We further propose an idealization of digital signatures that can be used in a reactive and composable fashion, and we show that reactively secure signature schemes constitute a secure implementation of our idealization.