What is the US federal government standard for digital signatures?
Show
This article introduces the most relevant digital signature standards for global players, governments and banks. The push to develop standards to enhance trust when conducting both national and cross-border transactions prompted concerns for enhanced security methods that would to ensure that digital signatures are both authentic and easy to use. Because of these concerns, countries and groups such as the United States, Switzerland and the European Union implemented strict standards and requirements for compliance regarding the use of digital signatures. Digital signatures following these standards have the same legal implication as traditional hand-written signatures. Given the strict compliance and security requirements (described below) by the standarizing bodies, digital signatures provide a higher level of security and protection against malicious attacks and fraud than simple generic electronic signatures. Digital Signature StandardThe Digital Signature Standard (DSS) was developed by the United States National Security Agency (NSA) and put into use by the National Institute of Standards and Technology (NIST) in 1994. Since 2013, the Federal Information Processing Standard (FIPS) 186 requires all departments and agencies of the United States government to use DSS to protect sensitive unclassified information. DSS makes use of the digital signature algorithm (DSA) to generate digital signatures that are assigned both private and public keys. Only the message sender has knowledge of their private key, while the message recipient can use the public key to verify the integrity of the sender’s digital signature. eIDAS RegulationRegulation (EU) No. 910/2014, referred to as the eIDAS Regulation was enacted by the European Parliament in July 2014 and fully adopted by the European Commission by September 8, 2015 as an expansion of Directive 1999/93/EC. The intent of this regulation was to enable seamless and secure electronic interactions between citizens, businesses and governments to promote trust that would help build economic and social development through Digital Single Market. This standard provided a foundation to enable users the ability to safely access services and conduct both online and cross-border transactions with “one click.” Included in eIDAS is the:
These services were assured to work cross borders and be legally considered the same as paper documentation. Armed with these assurances, eIDAS promoted the use of digital interactions for citizens and businesses. Maintaining compliance of eIDASUnder the EU’s Commission Implementing Decision 2015/296, members of the EU are required to cooperate to achieve interoperability and the necessary security for electronic identification schemes. The Cooperation Network was created to assist in this endeavor. Member States are required to rate their eID systems against the benchmark set by the Commission Implementing Regulation. This rating signifies that level of compatibility and interoperability for each individual member in regards to cross-border interaction. The Commission Implementing Decision (EU) 2015/1506 provides specifications for using advanced electronic signatures and seals in the government sector. The purpose of this is to facilitate transactions across borders. Read more on eIDAS. Federal Act on Electronic Signatures, Electronic Signatures ActEnacted by the Federal Assembly of the Swiss Confederation in December 2003, the Federal Act on Electronic Signatures (ZertES) addresses the requirements for the authenticity of electronic signatures. These requirements state that an electronic signature must:
The international perspectiveThe NIST and eIDAS standards cover the world's biggest domestic markets. The Swiss Federal Act adds an important region with respect to banking and finance. The Middle East and the Gulf Countries adopt the eIDAS regulation. Also, many South East Asian countries apply eIDAS to formalize their electronic signatures. Read more on digital signatures...
References and further reading
Image: Nguyen Hung Vu, Flickr Which standard is used for digital signature?Digital Signature Standards (DSS) are specific algorithms used by applications that require a digital signature. They're a set of rules and parameters that allow tracking of the signature to verify the identity of the signer. For a digital signature to be authentic, it must adhere to all DSS regulations.
Is used as the US government standard for digital signatures quizlet?The U.S. federal government requires the use of DSA, RSA or Elliptic Curve DSA and SHA for digital signatures. DSA is slower than RSA and only provides digital signatures. RSA provides digital signatures, encryption, and secure symmetric key distribution.
What is digital signature and its requirements?Digital signatures work by proving that a digital message or document was not modified—intentionally or unintentionally—from the time it was signed. Digital signatures do this by generating a unique hash of the message or document and encrypting it using the sender's private key.
|