digital signature by ssl europa
DESCRIPTION
Tips to help you select the best digital signature solution.TRANSCRIPT
SSL Europa - 8 chemin des escargots - 18200 Orval - France T: +33 (0)9 88 99 54 09
White paper
Electronic signature today and tomorrow
Date : Friday, 28th June 2013
Edition : V01
2
Summary 1. New challenges ................................................................................................................................ 3
2. Encoding messages .......................................................................................................................... 3
3. Asymmetric cryptography (for experts) .......................................................................................... 3
4. Electronic signature (for experts) .................................................................................................... 4
5. What’s about the law ? ................................................................................................................... 4
6. Example of implementation of the electronic signature ................................................................ 4
7. Examples of use ............................................................................................................................... 7
Signing emails ...................................................................................................................................... 7
Signing of contracts ............................................................................................................................. 7
Signature of business proposals sent to clients .................................................................................. 7
Multiples signing contracts on a website ............................................................................................ 7
3
1. New challenges All the rules of trust are disrupted by the digital world. Through the History we established trusting relationships, signed contracts, affixed seals, used trust third party such as notaries, witnesses, deliver official documents, implemented issuance process, a face-to-face, used confidential documents sealed, etc. New rules were established in the digital world. Major risks remain. Major opportunities also appear.
2. Encoding messages Since ancient times, men have encoded messages so that they cannot be intercepted. Literature and cinema are filled with military, espionage or love stories about encrypted messages. The most famous code is the Cesar code. The principle known cryptographic (from the Greek: Crypto, hidden and Graphos, drawing) is to apply a combination to a text in order to no one can read it, then to the person who received this text to apply the “reverse” combination in order to decrypt it. Cesar used this technic to communicate with the different parts of his army on the battlefield.
3. Asymmetric cryptography (for experts) In 1975, Wilfried Diffie and Martin Hellman developed a mathematical algorithm that can be different to encrypt and decrypt a document. There was a key allowing to encrypt and a different one, allowing to decrypt the document. Someway, a key allows to close a locked safe and another one to open it. This technic was named asymmetric cryptography, as opposed to the symmetric cryptography.
With symmetric cryptography, it was possible to deduct the decryption process thanks to the encryption method. This is not the case with the asymmetric cryptography. This discovery had a significant impact.
The symmetric cryptography included major problems. It was necessary to give the encryption combination with the person who had to make the decryption. It was a different key to communicate with each party confidentially. It required an important list of keys. This technic was not efficient in the digital world. The asymmetric cryptography was the new solution because each person has his private key that nobody else knows and a public key that everybody knows and that can be freely exchanged.
If we encrypt a message with the public key, only the person with the corresponding private key can decrypt the message. It is no longer necessary for each person to keep confidential a set of symmetric keys for each partner with whom we want to communicate with an encrypted way.
4
4. Electronic signature (for experts) But this technology also enabled a new application! If a person sends me an encrypted document with his private key and that his corresponding public key succeed to decrypt, it means that the message comes from the person who have encrypted the document. Indeed, only the public key corresponding to the private key allows to decrypt the document. Electronic signature was born with its many applications and uses.
5. What’s about the law? The law n°2000-230 of 13rd March 2000 adapting the law of evidence in information technology and on the electronic signature says:
“Art. 1316. – The documentary evidence or written evidence, is the result of a succession of letters, characters, numbers or any other signs or symbols with an intelligible meaning, whatever their support and transmission modalities.”
“Art. 1316-1. - The writing in electronic form is admissible as evidence as well as the written word on paper, provided that can be duly identified the person from whom it emanates and it is established and maintained under conditions that ensure the integrity.”
“Art. 1316-2. - - Where the law does not set any other principles, and in the absence of valid agreement between the parties, the judge rules conflicts documentary evidence as determined by all means the most likely way, regardless of the support.”
6. Example of implementation of the electronic signature You can order with a Trusted Third Party organization, a signing cryptographic USB key. The Trusted Third Party is an organization which is authorized by the government to deliver electronic certificates after having realized an Audit. The Trusted Third Party has also developed agreements with software editors such as Microsoft or Adobe, so that their certificates are recognized trust.
The Trusted Third Party will check your identity in asking, asking you for an ID card, will find you in the directory, then call you in order to check it is really you. Then, they will give you this cryptographic USB key and a secret PIN.
For signing your documents and emails, you insert your cryptographic key in your computer, sign from the menu of your document or emails editor, must enter your PIN and your documents will be signed. You can choose to make the signature apparent via a picture or not. By clicking on this picture you can see the information on the signature. Adobe Acrobat is an example of tool to sign documents. Adobe Acrobat also allows to add signature fields that can be signed via Adobe Reader which is a free software widely available.
Note 1: Attention to what is commonly accepted. A PDF document can be editable with an adapted text editor such as Adobe Acrobat. Only a PDF document electronically signed cannot be edited without losing the signature.
5
Note 2: The screenshot of a handwritten signature added to an electronic document has no legal value.
PDF Signature
6
Outlook electronic signature.
7
7. Examples of use Signing emails
It is easy to create an email appearing to be from another person. For example, a research office uses cryptographic USB keys to sign and encrypt its documents and emails. So, the source is guaranteed. Neither the email nor the documents also joint could not be altered. Nobody was able to intercept the information exchanged. The risk is reduced to 99,99%.
Signing of contracts A call center works with offshore companies and uses the electronic signature in order to sign contracts. The contracts signed by both parties cannot be changed anymore. 15 days are gained on each exchange of contract.
Signature of business proposals sent to clients A bank send business proposals for new services to all its customers. These documents are electronically signed with an automatic signature tool. They can be read with Acrobat Reader which is a free software. The customers are reassured about the provenance of the document.
20% increase in sales proposals considered.
Multiples signing contracts on a website An insurance company offers new contracts. The clients can sign the contracts online. A SMS code is sent to them. The IP address, the phone number and the date of the server timestamp at the moment of the electronic signature on the fly on the web site are archived. This contract has a probative value. Clients feel engaged. The conversion rate of prospect accessing the website in increased by 17%.
Thereby, the use of the electronic signature corresponds to a real need in the digital world. There is no doubt that this technology will become more widespread and is destined for a great future.