Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Proctor & Gamble outsources security to IBM, but keeping security staff
Updated management appliance corrals Apple iPhone
Critics question Comcast broadband caps
Privacy feature in IE8 leaks private data
Wireless LANs face huge scaling challenges
Banks mining cash from their computer gear
Industry mourns slain Cisco exec
IBM flash memory breaks 1 million IOPS barrier
Microsoft virtualization tools reinforce user's data center plans
Novell revenue up, net income loss at $15 million
Watch Out! Firing IT Workers Can Cost You
Microsoft buys European comparison shopping site for $486M
Steve Jobs' death greatly exaggerated; obit a mistake
Sprint brings more partners aboard for WiMAX rollout
Samsung stained by ink cartridge suit


Enterprise Networks / Product tests/info /
Send to a friend Feedback

E-signatures with USB crypto-tokens

Related linksToday's breaking news
Send to a friendFeedback

By Paul Blomgren
Network World, 02/12/01

The recently enacted Electronic Signatures in Global and National Commerce Act grants electronic signatures and contracts the same legal weight as handwritten signatures on printed documents and will have a significant impact on the way business-to-business and business-to-consumer transactions are performed.

While the new law will almost certainly accelerate the use of digital signatures for all sorts of e-commerce transactions, the law does not specify a single de facto standard technology used to generate digital signatures.

One option is the use of a Universal Serial Bus (USB) cryptographic token to generate digital signatures. USB cryptographic tokens offer an easy and secure way to generate, store and deploy digital identities for a host of e-commerce applications and transactions.

These tokens also have the unique ability to plug the security gap found in many digital signature schemes.

How it works

Subscribe to the Tech Update newsletter
  Here is a weekly newsletter to help you stay abreast of new networking standards and technologies by providing down-to-earth explanations of how they work.

Two-part creation

At the heart of each digital signature lies the individual user's digital identity. A digital ID is, essentially, a two-part credential with a private key used by the owner to create a digital signature, and a public key embedded within a digital certificate that anyone can use to verify the digital signature. Private keys and public keys are mathematically matched encryption keys - whatever one key encrypts, the other key decrypts.

Digital certificates are signed documents from a trusted third party known as a certificate authority. Certificate authorities are responsible for verifying the physical identity of an individual and issuing a digital certificate to the individual, as well as verifying the state of the individual's digital certificate. Certificate authorities provide a centralized method to create and deploy digital identities, as well as revoke and reissue digital identities as necessary.

The creation of a digital signature involves two steps. First, a message digest is created against the original message via the hash-function method. A hash function is a mathematical calculation that reduces an original message to a unique 160-bit string of characters - the message digest. No two messages will have the same message digest unless they are absolutely identical. The hash function is a one-way process; a message cannot be recreated from a message digest.

The second step is the creation of the digital signature. This step is accomplished by encrypting the message digest with the owner's private key. At this point, the digital signature and the owner's digital certificate are appended to the original message; the result is a signed document.

Added security

Digital signatures using public-key cryptography provide strong assurance that documents, messages and transactions have not been altered since they were signed. They also provide the ability to prove the signing operation was performed using the private key that corresponds to the attached digital certificate. But this is where public-key cryptography has its one security hole - it is only as strong as the integrity or security of each individual's private key. If security of a private key is compromised, (that is, someone other than the owner has a copy of the private key and knows its personal identification number or pass phrase) public-key cryptography falls apart.

USB cryptographic tokens used in conjunction with public-key cryptography remove this security issue. USB cryptographic tokens provide a secure means of generating and storing public and private key pairs, as well as performing the actual signing operations. So private keys are never exposed to attack by hackers, viruses or even by users trying to subvert security issues.

Related Links

Blomgren is group manager and product manager of the iKey product line at iVEA Technologies, a Rainbow Technologies company. He can be reached at mailto:pblomgren@rainbow.com

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.