Authentication and Digital Signatures in E-Law and Security : A Guide for Legislators and Managers

Asian Development BankInter-American Development BankWorld Bank2014-09-172014-09-172004-12https://hdl.handle.net/10986/20214The concept of authentication has been around for a long time in many forms. For example due diligence in commerce has traditionally been formalized to determine whether the data presented in commercial propositions are accurate and comprehensive. With the emergence of e-commerce the concept of authentication has encompassed new realities that are a feature of the relatively narrow avenues for information and potentially high risks inherent in an online environment. This paper seeks to provide an understanding about the different ways of assuring authentication. These authentication rules and tools including for example public key infrastructure (PKI) are sometimes meant to set a legal and technological framework for trustworthy electronic transactions, promoting e-procurement, e-commerce, e-business, and e-government. The two considerations of business risk and legal validity are both intrinsic to the concept of authentication. This report explores the issues and solutions affecting the concept of authentication in terms of legislation, management and technology. This report finds that for online authentication things is not always what they may seem and that legislation and technology alone cannot build a trust environment and, if misunderstood, may produce a high risk illusion. It is crucial that the limitations and fallibility of the technology be explicit in its commercial applications and that business risks be managed accordingly.en-USCC BY 3.0 IGOACCESS CONTROLSACTION PLANAPPROPRIATE TECHNOLOGYASSIGNMENT OF LIABILITYASYMMETRIC ALGORITHMSASYMMETRIC CRYPTOGRAPHYASYMMETRIC ENCRYPTIONASYMMETRIC KEYAUTHENTICATIONAUTHENTICATION MECHANISMSAUTHENTICATION TECHNIQUESB2BB2CBACKBONEBIOMETRICSBROWSERSBUSINESS INTERACTIONSBUSINESS MODELBUSINESS MODELSBUSINESS RELATIONSHIPBUSINESS-TO-BUSINESSBUSINESS-TO-BUSINESS TRANSACTIONSBUSINESS-TO-GOVERNMENTBUSINESSESBUYERCAPABILITIESCAPABILITYCERTIFICATECERTIFICATE AUTHORITYCERTIFICATE REVOCATIONCERTIFICATION AUTHORITIESCERTIFICATION AUTHORITYCIPHERCIPHER-TEXTCOMMERCIAL ACTIVITIESCOMMERCIAL TRANSACTIONSCOMMUNICATIONS TECHNOLOGYCOMPUTER CRIMECONFIDENTIAL INFORMATIONCONFIDENTIALITYCONSUMER PROTECTIONCOPYRIGHTCREDIT CARDCREDIT CARD FEESCREDIT CARD HOLDERSCREDIT CARDSCRYPTOGRAPHIC ALGORITHMCRYPTOGRAPHIC KEYSCRYPTOGRAPHYCUSTOMCUSTOMSDECRYPTIONDECRYPTION KEYDEVELOPMENT OF ECOMMERCEDIGITAL CERTIFICATEDIGITAL CERTIFICATESDIGITAL DOCUMENTDIGITAL DOCUMENTSDIGITAL SIGNATUREDIGITAL SIGNATURESDISCLOSUREDOMAINDUE DILIGENCEE- PROCUREMENTE-BUSINESSE-COMMERCEE-COMMERCE DEVELOPMENTE-COMMERCE ENVIRONMENTE-COMMERCE LEGAL FRAMEWORKE-GOVERNMENTE-MAILE-PROCUREMENTE-SERVICEE-SERVICESE-SIGNATUREE-SIGNATURESE-TRANSACTIONSEBUSINESSECOMMERCEECOMMERCE LEGISLATIONELECTRONIC COMMERCEELECTRONIC COMMERCE TRANSACTIONSELECTRONIC DATAELECTRONIC DOCUMENTELECTRONIC DOCUMENTSELECTRONIC FORMELECTRONIC MAILELECTRONIC MEDIUMELECTRONIC MESSAGEELECTRONIC MESSAGESELECTRONIC SIGNATUREELECTRONIC SIGNATURE LAWELECTRONIC SIGNATURE LAWSELECTRONIC SIGNATURESELECTRONIC SOFTWAREELECTRONIC TRANSACTIONELECTRONIC TRANSACTIONSELECTRONIC TRANSFEREMAILSENCRYPTIONENCRYPTION KEYENCRYPTION TECHNOLOGYEQUIPMENTESIGNATUREFAXESFINGERPRINTFRONT-ENDGENERAL PUBLICGOVERNMENT CONTRACTHANDWRITTEN SIGNATUREHANDWRITTEN SIGNATURESHARD COPYHARDWAREHARMONIZATIONHASHHASH FUNCTIONHASH RESULTHASH RESULTSIDIMPLEMENTATIONSINFORMATION EXCHANGEINFORMATION SECURITYINTENDED RECIPIENTINTENDED RECIPIENTSINTERNATIONAL STANDARDSINTERNATIONAL TRADEINTEROPERABILITYKEY EXCHANGEKEY MANAGEMENTLAWS ON E-COMMERCELEGAL ENVIRONMENTLEGAL FRAMEWORKSLEGAL STATUSLEGAL SYSTEMLICENSESMANAGEMENT OF RISKMANAGEMENT PROTOCOLSMANAGEMENT SOFTWAREMANAGEMENT SYSTEMMANUFACTURINGMARKETINGMATERIALNETWORKSNEW TECHNOLOGYNON REPUDIATIONNON-REPUDIATIONNOTARIZATIONOBSTACLES TO E-COMMERCEONLINE ENVIRONMENTOPERATING SYSTEMSPASSWORDPASSWORDSPHYSICAL ACCESSPHYSICAL PRESENCEPHYSICAL STORESPKIPRIVACYPRIVACY PROTECTIONPRIVATE KEYPRIVATE KEYSPRIVATE SECTORPROCUREMENTPROTOCOLSPUBLIC ADMINISTRATIONPUBLIC KEYPUBLIC KEY CRYPTOGRAPHYPUBLIC KEY ENCRYPTIONPUBLIC KEY INFRASTRUCTUREPUBLIC KEYSREGISTRYREGULATORY ENVIRONMENTREGULATORY FRAMEWORKRELATIONSHIP MANAGEMENTRELIABILITYRESULTRESULTSRISK MANAGEMENTSALE OF GOODSSECRET KEYSECURITY LEVELSECURITY MANAGEMENTSECURITY OBJECTIVESSECURITY REQUIREMENTSSECURITY RISKSECURITY SECURITYSENSITIVITY OF INFORMATIONSERIAL NUMBERSERVERSERVICE PROVIDERSERVICE PROVIDERSSIGNATURE GENERATIONSMART CARDSSOFTWARE APPLICATIONSOFTWARE APPLICATIONSSYMMETRIC ENCRYPTIONSYMMETRIC KEYSYMMETRIC KEY CRYPTOGRAPHYSYMMETRIC KEY ENCRYPTIONSYMMETRIC KEYSSYSTEM WEAKNESSESTECHNICAL SUPPORTSTECHNOLOGICAL CAPABILITIESTELEPHONETIME STAMPTRADITIONAL BUSINESSTRANSACTIONTRANSMISSIONTRANSMISSION OF INFORMATIONTRANSMISSION SECURITYTRANSMISSIONSTRUST RELATIONSHIPSUNIQUE IDENTIFIERUSERUSER IDENTITIESUSERSUSESVERIFICATIONVIDEOWEBAuthentication and Digital Signatures in E-Law and Security : A Guide for Legislators and Managers10.1596/20214