Upload
howard-quinn
View
224
Download
4
Tags:
Embed Size (px)
Citation preview
Controller ofCertifying Authorities
Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status
Mrs Debjani NagDeputy Controller
Electronic Transactions
The success of electronic transactions depends on“the trust that the transacting parties place in the
security of the transmission and content of their communications”
• Authenticity• Non-Repudiability• Confidentiality • Integrity
Information Technology (IT) Act, 2000
Accorded legal recognition to Digital signatures Digital signatures treated at par with handwritten signaturesTechnology-specific
Public key cryptography for Digital signatures
Pair of keys for every entityOne Public key – known to everyone
One Private key – known only to the possessor
To digitally sign an electronic document the signer uses his/her Private key.
To verify a digital signature the verifier uses the signer’s Public key.
No need to communicate private keys
Creating a Digital signature
Encryption Algorithm
Encryption Algorithm
Signed document
DocumentDocument
Document+
Digital signature
Document+
Digital signature
Private KeyPrivate Key
Verifying a Digital signature
Decryption Algorithm
Decryption Algorithm
Document+
Digital signature
Document+
Digital signature
Signature verification and
Document integrity
Signature verification and
Document integrity
Public Key of signer
Public Key of signer
Public key Cryptography & Digital Signatures
Assurance of Authenticity of the Digital Signature created by the Private key is determined by the Trust that can be placed in the Public key
Public key Certificates or Digital Signature Certificates bind a “public key” to an “Identity”
Public key Cryptography & Digital Signatures
Change in Document => Change in the Digital Signature
Digital Signature is bound to the Document as well as the Signer => Assurance of Integrity
Issues in Public key Cryptosystems
How will verifier get signers public key?How will verifier authenticate signers public key ?How will the signer be prevented from repudiating his/her digital signature?
Public key Cryptography & Digital Signatures
Digital Signature Certificates(containing the public key) are issued by Certifying Authorities after Identity verification
Responsibility of protecting the private key lies with its owner.
Loss or compromise of private key should be communicated to the CA so as to result in REVOCATION of the corresponding Digital Signature Certificate.
Certifying Authority
Issues Digital signature Certificates (Public Key Certificates). Is widely known and trustedHas well defined methods of assuring the identity of the parties to whom it issues certificates.Confirms the attribution of a public key to a person by means of a public key certificate.Always maintains online access to the Digital Signature Certificates issued.
Public Key Certification
Usercredentials
User’sPublicKey
CA’sName
Validationperiod
Signatureof CA
Usercredentials
User’sPublicKey
CA’sName
Validationperiod
Signatureof CA
User 1 certificate
User 2 certificate.
User 1 certificate
User 2 certificate.
DigitallySigned usingCA’s
privatekey
DigitallySigned usingCA’s
privatekey
Usercredentials
Usercredentials
User’s Publickey
User’s Publickey
Digital Signature Certificate Certificate Database
PublishCertificateRequest
Certificate Revocation List (CRL)
A list of Certificates that have been revoked and declared invalid
Public Key Infrastructure & the IT Act 2000
Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates
CCA’s roleLicensing Certifying Authorities (CAs) under section 21 of the IT Act and exercising supervision over their activities. Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature CertificatesCertifying the public keys of the CAs, as Public Key Certificates (PKCs). Laying down the standards to be maintained by the CAs, Addressing the issues related to the licensing process including:
• Approving the Certification Practice Statement(CPS); • Auditing the physical and technical infrastructure of the
applicants through a panel of auditors maintained by the CCA.
Audit Process
Adequacy of security policies and their implementation;Existence of adequate physical security;Evaluation of functionalities in technology as it supports CA operations;Compliance to the adopted Certification Practice Statement (CPS);Adequacy of contracts/agreements for all outsourced CA operations;Adherence to Information Technology Act 2000, the Rules, Regulations and Guidelines issued by the Controller from time-to-time.
CCA’s technical Infrastructure
The CCA operates the following :-Root Certifying Authority (RCAI) under section 18(b) of the IT Act, and National Repository of Digital Signature Certificates (NRDC) under section 20 of the IT Act.
Internet
Directory Client
CA
CA
CA
LAN
Cert/CRL
Cert/CRL
Cert/CRL
RCAI
CCA
NRDC
RelyingParty
SubscriberSubscriber Subscriber
CA Public Keys Certified by RCAI CA’s Revoked Keys
CCA : Certificates of Public Keys of CAs National Repository of Certificates
CCA
TCSCA NICCASafescrypt
India PKI
IDRBTCAiCert(CBEC)
(n)CodeMTNLTrustline
PKI enabled Applications
eProcurementIFFCODGS&DONGCGAILAir-IndiaRailways
OthersMCA21Income Tax e-filingIRCTCDGFTRBI Applications (SFMS)
Challenges ahead
InteroperabilityUniformity in certificate contentsValidation methods - Certificate Revocation Lists,..International alliances
End User AdoptionApplication interoperability.Digital Signature Certificate interoperability.Trusted Verification Authority.Storage medium
Challenges ahead ..contd
Awareness• Understanding of digital signature concepts• Knowledge about legal rights, duties and
liability of owning digital certificate
Controller ofCertifying Authorities
http://cca.gov.in
Thank you