...Describing Digital Signatures By Chris LeDoux Digital signatures are electronic signatures used to authenticate the identity of the sender of a message or the signer of a document, and also possibly to insure that the original content of the message or document that has been sent is unchanged. Digital signatures are extremely convenient. They are easily transportable, cannot be imitated by an unwanted third party, and are often automatically time-stamped. The sender cannot easily deny the signature later due to the ability of digital signatures to insure that the original signed message arrived as sent. Digital signatures can be utilized with literally any type of message, whether it be encrypted or not, so the receiver can be sure of the sender's identity and that the message arrived n the same exact form as sent. Digital signatures are not to be confused with a digital certificate. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. If a person or company was going to send the draft of a contract to a lawyer in another town, that person would want to give that lawyer the assurance that the message was unchanged from the way it was sent and that it did indeed come from the company person allegedly sending it. The first step would be to copy-and-paste the contract, assuming it is not 100 pages long) into an e-mail note. By then utilizing unique software, the company would...
Words: 705 - Pages: 3
...Define one type of cryptography and describe the security features. Asymmetric Cryptography: Digital Signatures Most of the time when we mention cryptography, or put asymmetric in front of it we are met with just plain blank stares. In the following paragraphs I will attempt to explain what it is, and give examples on its use. First an explanation of Public Key Infrastructure, or PKI. A cryptographic system uses two keys, a public key known to everyone and a private key, the private key has full control to the key owner, and has to keep in secured environment. A unique feature to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to distinguish the private key if you know the public key. When employee A wants to send a secure message to employee B, you use the employee B’s public key to encrypt the message. Employee B, then uses their private key to decrypt it. Public Key cryptography, is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption). Next, for my example of a process that utilizes asymmetric cryptography, is Digital Signatures. I will be using employee’s A and B as my subjects to explain the digital signature process. First, from employee A’s point of view the signing process is simple. This is because few steps are enacted...
Words: 589 - Pages: 3
...Table of Contents Project Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23 Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers...
Words: 5336 - Pages: 22
...INFORMATION AND COMMUNICATION TECNNOLOGY ACT, 2006 Prepared for Md. Ziaul Haque Senior Lecturer, Dept. Of Business Administration East West University Prepared by Bus-361 Sec: 6 Name | ID | 1. Md.Musrukh Ruhaim | 2010-2-10-091 | 2. MD. Tajul Islam | 2011-2-10-240 | 3. MD. Naiem Bhuiyan | 2011-2-10-110 | 4. Sunjida Haque | 2010-2-10-355 | 5. Md.Mahfuzur Rahman | 2011-1-10-049 | 6. MD. Mahmudul Hasan | 2011-1-13-060 | Date of Submission: December-03, 2014 Acknowledgement We are very pleased to accomplish the assign task given by our honorable course instructor Md. Ziaul Haque on the subject “Legal Environment of Business”. We are very much obliged to those persons who gave their valuable time in the organization overview part, opinion and advice to complete this report. At first, our profound gratification goes to, Md. Ziaul Haque the honorable course instructor of Business Communication for his supervision to complete the assignment successfully. By providing us the opportunity of preparing this assignment, he has made us able to relate the academic knowledge of Business law with practical scenario. Not only this, he has also contributed much in this term paper by giving us proper guideline. We are acknowledging to all of those web sites from which we have taken necessary helps. Our gratitude also goes to some senior students for their guidance in various stages of completing the term paper and our...
Words: 12177 - Pages: 49
...Contents INTRODUCTION 4 SECURITY 4 Client Security 4 Server Security 5 Document Confidentiality 5 Risks and threats to E-commerce Sites 5 Hackers 5 Software/hardware failure 5 WHY SECURITY FAIL 6 Exposure of confidential data 6 Modification of Data 6 Errors in Software 6 Poor stipulation and testing 6 Repudiation 6 Solutions to E-commerce Security Risks 7 Encryption 7 Data Encryption Standard (DES) 7 RSA Public Key Algorithm 8 Digital signatures 8 Digital certificates 9 Security for Transactions 9 Secure sockets layer 10 Secure Electronic Transactions (SET) 10 Conclusions 11 INTRODUCTION Internet security is not fully understood by many. However, it is an integral part of Using the Internet safely, most of the security on the Internet is not seen nor its Existence known to the user. The importance of web security is to keep the user, the E- Commerce Merchants and Authorised third parties safe whilst carrying out normal Browsing and transactions online. SECURITY To examine web security we need to look at all the main components of a connection, which are the browser and the Server and then examine the connection between the two. The user, via their web Browser, connects to a remote web server and requests a document. The server then Returns the document, and the browser displays it. This seems a simple enough process, So what could go wrong? From the users point of...
Words: 2106 - Pages: 9
...between symmetric key cryptography and Asymmetric key cryptography. Ans: Symmetric key cryptography is older and only uses one key to encrypt and decrypt. Asymmetric key cryptography is newer than symmetric and uses two different keys to decrypt and decrypt, a public key and a private key. 2. How can public key cryptography be used for nonrepudation? Ans: The cryptography will be able to tell who it came from and what time it happened. Gives all the information needed. 3. How do digital signatures ensure the integrity of a message and verify who wrote it? Ans: Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file. 4. What is a Certificate authority? (CA) Ans: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital... Certificate_authority. 5. What are the fields and their purpose that make up distinguished name of an X.509 certificate? Ans: is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm. An X.509 certificate binds a name to a public key value. The role...
Words: 262 - Pages: 2
...I hereby certify that I am the author of this assignment. I understand that all coursework is governed by the University Academic Integrity Statement outlined in the DU catalog. I have not consulted or collaborated with anyone else outside of the Davenport University Online classroom environment. I understand that I may use reference material, but my submission should reflect my individual effort and any material utilized outside of the course textbook must be properly referenced and documented using APA format. Digital Signatures A digital signature is a way to ensure that an electronic document is authentic. Digital signatures rely on certain types of encryption to ensure authentication. There are several ways to authenticate a person or information on a computer: Digital certificates - To implement public key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust. It confirms that each computer is in fact who they say they are and then provides the public keys of each computer to the other. Private key encryption -Private key means that each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network...
Words: 647 - Pages: 3
...Smart Cards for Future Healthcare Systems Secure, efficient, reliable Card-based e-health networks: cutting costs and improving care All around the world, news paper headlines warn about the exploding costs of health care. Advanced medicines and technology are boosting life expectancy. As a result, people can now look forward to living past the age of 80 – twice as long as 100 years ago. This trend, however, has the side effect of driving up healthcare costs. As people get older, they need more frequent and more expensive care, causing the price of insurance to skyrocket. Clearly, something needs to be done to contain these costs. A number of countries have implemented conventional measures aimed at saving money. One of the most basic measures is the introduction of cardbased ehealth net works, which can help reduce costs remarkably. Card for physicians and phar macists, and a Card Application Management System (CAMS). Patient Data Card The Patient Data Card is a PINprotected smart card incor porating a microprocessor and protected by cryptographic functions. It contains adminis trative insurance information and entitles patients to seek medical treatment. In turn, the patients give their doctors access to their personal medical data, which is stored either on the card or in the ehealth network. The card can also hold information such as elec tronic prescriptions. How to cut healthcare costs 1. Reduce fraud 2. Streamline administration 3. Improve communication 4...
Words: 1254 - Pages: 6
...Survey Paper on Secure Electronic Transaction (SET) By Contents ABSTRACT: 3 INTRODUCTION: 3 BACKGROUND 6 DESIGN AND IMPLEMENTATION 7 CONCLUSION 15 REFERENCES 16 ABSTRACT: Security of electronic exchange over unstable communication channel is a testing task that incorporates numerous discriminating areas as secure communicating channel,strong encryption procedure and trusted outsider to keep up the electronic database. The traditional systems for encryption in Secure Electronic Transaction can just keep up the information security. The restricted data of client could be accessed by the unapproved client for pernicious reason. Accordingly, it is important to apply successful encryption techniques to upgrade data security and authentication of data communication. The numerous encryption methods gives sufficient security to electronic exchanges over remote system. In this survey paper the needs of various encryption procedure in Secure Electronic Transactions are proposed to upgrade the security of data confidentiality. This method builds the data security in such a way, to the point that unauthorized user cannot get to any piece of data over wireless network as web. INTRODUCTION: Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over compromised networks, particularly, the Internet. SET is a set of rules and regulations that empower clients to perform financial transactions through...
Words: 3019 - Pages: 13
...Prevention of hacking Like all of the other risks that are spoken about here, we have already covered them in detail earlier in the work. Hackingis a very serious risk, which with the right precautions can be easily dealt with. Always ensure you have a firewall in place, which will be spoken about in detail below this paragraph. On top of this, ensuring your ports are closed will completely negate security risks which can lead to hacking, as keeping them often will leave your business exposed. Viruses A computer virus is a malware program, which is something you should already know about. Viruses can be dealt with in several different ways, the most popular and effective way being installing Anti-Virus. Anti-virus protects your computer/business from a wide variety of threats, including viruses and other types of dangerous malware. Most anti-virus also includes firewall which basically deflects any dangerous files/data that is sent to your PC. Identity Theft Identity theft is a real big issue in the world at the moment, being at the forefront of problems faced by organisations and users alike around the world. One way to overcome this issue however is to simply strengthen passwords and PINs. A stronger password is usually one consisting of at least one of the following; Upper-case and Lower-case letters, numbers and other random symbols found on a keyboards. Identity theft can also occur through the implication of spyware or a key logger on to your PC; as a result simply...
Words: 3012 - Pages: 13
...Enhanced security student Self-service system Contents Chapter 1 Introduction to the study 3 1.1 Background of the project 3 1.1.1 Overview 3 1.1.2 Problem context 3 1.1.3 Rationale 4 1.1.4 Target Users 5 1.2 Scope and objectives 5 1.3 Project plan 6 1.3.1 System Functionality 6 1.3.2 Deliverables 7 1.3.3 Project Scheduling 8 1.3.4 Assumptions and Constraints 9 CHAPTER 2: LITERATURE REVIEW 10 2. Domain Research 10 2.1 Real Life Self-service system case studies 10 2.2 Protecting data in a self-service system 13 2.2.1 Data Encryption: 14 What is data encryption? 14 Types of Data encryption: 14 Types of data encryption methods: 15 2.2.2 Digital Signature 16 2.2.3 Firewalls 17 Network layer Firewall: 18 Application layer firewall: 18 Proxies: 19 2.24 Intrusion Detection System (IDS) 20 3. Technical Research 23 3.1 Language 23 JavaScript 23 PHP 24 VB.Net 24 3.2 Databases 25 MS Access 25 MS SQL Server 25 MySQL 26 Language and database justification: 26 3.3 System architecture 27 3.4 Methodology 29 Spiral Model 32 Methodology Justification 32 References: 34 Chapter 1 Introduction to the study 1.1 Background of the project 1.2.1 Overview The paper is based on the improvement of the service at the administration office through the implementation of a new system to replace the traditional way currently used to deliver such services to the student community. It focuses mainly...
Words: 6376 - Pages: 26
...Lecture 10 Slides 3- 15. The primary focus is on Digital Signatures and its constructions. Properties of a digital signature is then discussed. This is followed by some Digital Signature schemes. And finally Digital Signatures in practice are shown to conclude the notes. 1 Introduction Digital Signatures is a concept derived form a normal signature which is used to confirm the origin of a received document. Asymmetric cryptographic technique is been implemented to ensure whether the received document is authenticated or not. With some factors, a digital signature offers more security than a real-life signature. Because it is difficult to convert a digital signature for message m which can be used as a sign a new message m’ A digital signature for a document would be bits which are derived from: the document and the secret key of the signer.The public key is available freely to anyone who wants to verify the signature. Whereas the other key, which is a secret key, is only known to the one that is authorized to generate the signatures which are associated with that public key. 2 Properties of Digital Signature • Integrity: Recipients can be confident that the message has not been accidentally modified. 1 • Authentication: Recipients can be confident that a message is originated from the sender. • Publicly Verifiable: Along with the recipient, anyone who has a public key provided by the signer, can verify the signature validity. • Non-repudiation: The signer cannot deny...
Words: 1535 - Pages: 7
...Chapter 8 Security and Access Controls – A Conceptual Overview • Have an understanding of how users access accounting data and what access controls should be in place to protect this data from unauthorized access (i.e., be able to explain using two to four sentences how users can access accounting data and using two to four sentences to describe how to control this access, see the slide titled “Security and Access Controls – A Conceptual Overview”). Operating Systems Controls • What are the four operating systems control categories? (just list) • What does authentication do? (one sentence) • What are three types of log-on procedures? • What does authorization do? (one sentence) • What is an access token? (one sentence) • What is an access control list? (one sentence) o What is the relation between access tokens and access control lists? (one or two sentences) • What are the three audit procedures for antivirus software (just list)? • What are the five types of antivirus software? • What are antivirus scanners looking for? Network Controls • What are three network threat and what network security measures can be used to address these threats? (list pairs of threat and security measures) • What are firewalls? (two or three sentences) • What are network level firewalls and application level firewalls (two sentences), and what is the difference between them (one or two sentences)? o How does a dual-homed firewall work (describe this by explaining what each of the three firewall components...
Words: 2299 - Pages: 10
...Applying Security to Data Using Symmetric Encryption in MANET Amol Bhosle1, Yogadhar Pandey2 Department of Computer science & Engineering,SIRT Bhopal Abstract-- Mobile ad-hoc network is wireless network composed of different nodes communicate with each other without having to establish infrastructure. The security of such network is a major concern. To improve the security of such network, technique proposed here is securing routing protocol AODV through the use of Symmetric Encryption algorithm AES. This secures the data as well as preserves the confidentiality. Further future work to be carried as of node authentication using IP address and using the AODV routing protocol and digital signature scheme. Keywords-- Mobile ad-hoc, symmetric encryption algorithm, confidentiality, AODV, Digital signature, IP address The nodes involved in a MANET should collaborate amongst themselves and each node acts as a relay as needed, to implement functions e.g. security and routing. C] Multihop Routing: Basic types of ad hoc routing algorithms can be singlehop and multihop, based on different link layer attributes and routing protocols. Single-hop MANET is simpler than multihop in terms of structure and implementation, with the cost of lesser functionality and applicability. When delivering data packets from a source to its destination out of the direct wireless transmission range, the packets should be forwarded via one or more intermediate nodes D] Light –weight Terminal: In most cases...
Words: 2868 - Pages: 12
...Unit 2 Assignment – Data Encryption Security & Lab 3.10D and Lab 3.10E Oren Shedo Kaplan University Abstract Computer key encryption is becoming popular day by day because of hackers within the online world. Hackers are cracking into peoples systems left and right for their own personal gain and gaining information that can be used for identity theft. Identity theft is one of the biggest cybercrimes out there today. There are numerous security protocols and techniques out there to secure your computer though from hackers and curious people out there in the Internet. Security protocols such as secure socket layer and transport layer security are the most popular now for securing ecommerce websites. Secure socket layer is even popular for securing peoples email system as well as sender policy framework for filtering spam mail and not cluttering your inbox with junk. Another topic that is popular these days is what type of security key should we put on our networks. This report will go through why a WPA2 type security key is vital to a network for security. Part 1 - Lab 3.10D – Using the Windows Encrypting File System (EFS) 1. 2 to 6. 7. When a networked user tried to access the encrypted test3 folder, they were given an access denied error. 9. 11. When transferring test1.txt into the test3 folder, it turned into an encrypted file. 12. 13-14. for #13, the test5.txt stayed encrypted within the test folder. 16. Operation of exporting certificate was...
Words: 1801 - Pages: 8
