|
|
Chapter 14
Section 4 – Glossary of Electronic Signature Terms
Authentication: Provide assurance of identity. (see Security Elements) Authorization: Assurance that the party is sanctioned for a particular function. (see Security Elements) Biometric signatures: These are a form of physical measurements uniquely associated with an individual that binds the individual to an electronic document. Biometric techniques include signature dynamics, voice prints, retinal scans, and fingerprints. Certificate (or Digital Certificate): An attachment to an electronic message used for security purposes. The most common use of certificates is to verify that a user sending a message is who he or she claims to be. Certification Authority (CA): An internal entity or a trusted third-party organization that issues digital certificates used to create digital signatures and public-private key pairs. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be. They issue, sign, revoke and manage digital certificates. Clickwrap Signature: A button that states “I accept” (or something to that effect), which a user is required to click on before proceeding. Clickwraps are frequently found on software license agreements and some types of Web access agreements. Confidentiality: Provide privacy. (see Security Elements) Credit Cards/Debit Cards/Electronic Checks: These items may provide the needed electronic signature and payment verification to complete a transaction. Digital Certificates: Provide a registered identity to users to insure that other parties with whom they communicate are “safe.” Safe communication occurs when identities are proven trustworthy since the Certificate Authority (the agent of trust in the PKI) signs the digital certificates before issuing them. That signature’s validity is verified with each usage of the certificate. Digital Signature: An electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature. Digital signatures are one type of electronic signatures. Electronic Signature: As defined in SD ch. 53-12: an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. E-Mail (with Certificates of Authority (CA)): Electronic mail software packages can provide the strengthened feature of exchanging e-mail with digital certificates and enlisting the services of Certificate Authorities. E-Physical Signature: A digitized image of a handwritten signature that is attached to an electronic document. Encryption: The processes of turning readable text into unreadable cipher text. FAX: Sending a facsimile of a document that contains a signature is considered a form of electronic signature. Integrity (data integrity) : proof that the object has not been altered (see Security Elements) Interactive Voice Response (IVR): Computer technology that turns the telephone into a communications channel between a caller and a computer database. By touching the keys on a touch-tone phone, a caller can trigger a recorded response for information, gain access to information or carry out a payment transaction. An interface converts the phone'’ pulses into data that the computer can understand. Logon/Password: Passwords are a way to authenticate a document signer. Using passwords generally requires a pre-existing contractual relationship. Non-repudiation: protection against someone denying they originated a communication or data. (see Security Elements) Public Key Infrastructure (PKI): provide the basis for managing the various public keys that are used to provide network security through encryption and digital signatures. Secure/MIME (S/MIME): a protocol that supports encryption of e-mail messages in MIME format. S/MIME offers security in the form of authentication (using digital signatures) and privacy (using encryption). Security: Keeping something safe. “Something” may be an object, such as a secret, a message, an application, a file, a system, or an interactive communication. “Safe” means protected from unauthorized access, usage or alteration. Security Elements (Basic Requirements): The basic requirements for security must be provided reliably. They relate to the following concerns:
Smart Card: Similar in size to a credit card, the smart card has an embedded microchip, which can hold the equivalent of one million alphanumeric characters. Smart cards have the ability to store and secure information and process commands required by the user’s specific needs.
|
|
|