Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Gérard RIBIÈRE: Computer scientist
INTRODUCTION
Fears inspired by the dematerialization of documents
Any exchange or type of commerce on a computer network, and particularly on the Internet, requires a function that enables the parties involved to identify each other. Once identified, the parties will then want to participate in transactions, consisting of exchanges of orders, invoices, payments and documents in general.
Consider, for example, the case of buying shares over the Internet from a broker. The problem is for the broker and the buyer to identify each other, i.e. to be sure of the partner's identity. But this is not enough: the broker must be able to prove that the buyer has indeed ordered a given type and number of shares; and the buyer must be sure that his order has been taken into account by the broker.
In order to achieve the same level of trust in exchanges over a computer network as in real life, where physical documents are exchanged with a handwritten signature, it is necessary to reproduce electronically the mutual identification of the parties involved in a transaction, and the signature of the documents linked to it.
Electronic identification of transaction participants
As we will see later in this article, password identification, and even the encryption of exchanged information, are not sufficient to meet the need described above. The answer is provided by a certification process for transaction actors, based on a set of components and functions constituting a Key Management Infrastructure (KMI) and enabling the digital signature of exchanged documents.
This type of process is already being used operationally today for transactional exchanges, notably by healthcare professionals to transmit electronic medical forms over the Internet. The functions and products we will describe in this article will make it possible to carry out any other type of network-based commerce, in the broadest sense of the term, going well beyond the framework of relations with the public administration.
In this article, we will begin by mentioning the security requirements imposed by the dematerialization of exchanges (via the Internet, for example), and then briefly describe the techniques used to meet authentication requirements, and consequently the need for certification.
This is followed by an introduction to the concept of electronic certificates and the functions of certificate-issuing authorities. To illustrate our point, we'll present some standard communication protocols and practical applications using certificates.
We're focusing on the Internet because it's the mode of network use that presents the greatest security risks. However,...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
CAN BE ALSO FOUND IN:
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Electronic certification
Bibliography
References
Standards and norms
- Information Technology – Open systems interconnection – The directory: general framework for public key and attribute certificates - ITU Rec. X.509 - 2016
- Information technology – Open Systems Interconnection – The Directory – Part 8: Public-key and attribute certificate frameworks - ISO/IEC 9594-8 - 2-2017
- Secure Hash Standard (SHS) - FIPS PUB 180 - 4(2015)
- Data Encryption Standard (DES) - FIPS...
Regulations
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (OJ L. 13, 19 January 2000, pp. 12-20).
Law no. 2000-230 of March 13, 2000 adapting the law of evidence to information technologies and relating to electronic signatures (JO no. 62 of March 14, 2000). Replaced by Ordinance n° 2016-131.
Decree...
Organizations
Internet Engineering Task Force
Virtual Private Network Consortium (VPNC)
French Ministry of the Economy, Finance and Industry
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference