Authentication and Digital Signatures in E-Law and Security : A Guide for Legislators and Managers

The concept of authentication has been around for a long time in many forms. For example due diligence in commerce has traditionally been formalized to determine whether the data presented in commercial propositions are accurate and comprehensive. With the emergence of e-commerce the concept of authentication has encompassed new realities that are a feature of the relatively narrow avenues for information and potentially high risks inherent in an online environment. This paper seeks to provide an understanding about the different ways of assuring authentication. These authentication rules and tools including for example public key infrastructure (PKI) are sometimes meant to set a legal and technological framework for trustworthy electronic transactions, promoting e-procurement, e-commerce, e-business, and e-government. The two considerations of business risk and legal validity are both intrinsic to the concept of authentication. This report explores the issues and solutions affecting the concept of authentication in terms of legislation, management and technology. This report finds that for online authentication things is not always what they may seem and that legislation and technology alone cannot build a trust environment and, if misunderstood, may produce a high risk illusion. It is crucial that the limitations and fallibility of the technology be explicit in its commercial applications and that business risks be managed accordingly.

Bibliographic Details

Main Authors:	Asian Development Bank, Inter-American Development Bank, World Bank
Language:	English en_US
Published:	World Bank, Washington, DC 2004-12
Subjects:	ACCESS CONTROLS, ACTION PLAN, APPROPRIATE TECHNOLOGY, ASSIGNMENT OF LIABILITY, ASYMMETRIC ALGORITHMS, ASYMMETRIC CRYPTOGRAPHY, ASYMMETRIC ENCRYPTION, ASYMMETRIC KEY, AUTHENTICATION, AUTHENTICATION MECHANISMS, AUTHENTICATION TECHNIQUES, B2B, B2C, BACKBONE, BIOMETRICS, BROWSERS, BUSINESS INTERACTIONS, BUSINESS MODEL, BUSINESS MODELS, BUSINESS RELATIONSHIP, BUSINESS-TO-BUSINESS, BUSINESS-TO-BUSINESS TRANSACTIONS, BUSINESS-TO-GOVERNMENT, BUSINESSES, BUYER, CAPABILITIES, CAPABILITY, CERTIFICATE, CERTIFICATE AUTHORITY, CERTIFICATE REVOCATION, CERTIFICATION AUTHORITIES, CERTIFICATION AUTHORITY, CIPHER, CIPHER-TEXT, COMMERCIAL ACTIVITIES, COMMERCIAL TRANSACTIONS, COMMUNICATIONS TECHNOLOGY, COMPUTER CRIME, CONFIDENTIAL INFORMATION, CONFIDENTIALITY, CONSUMER PROTECTION, COPYRIGHT, CREDIT CARD, CREDIT CARD FEES, CREDIT CARD HOLDERS, CREDIT CARDS, CRYPTOGRAPHIC ALGORITHM, CRYPTOGRAPHIC KEYS, CRYPTOGRAPHY, CUSTOM, CUSTOMS, DECRYPTION, DECRYPTION KEY, DEVELOPMENT OF ECOMMERCE, DIGITAL CERTIFICATE, DIGITAL CERTIFICATES, DIGITAL DOCUMENT, DIGITAL DOCUMENTS, DIGITAL SIGNATURE, DIGITAL SIGNATURES, DISCLOSURE, DOMAIN, DUE DILIGENCE, E- PROCUREMENT, E-BUSINESS, E-COMMERCE, E-COMMERCE DEVELOPMENT, E-COMMERCE ENVIRONMENT, E-COMMERCE LEGAL FRAMEWORK, E-GOVERNMENT, E-MAIL, E-PROCUREMENT, E-SERVICE, E-SERVICES, E-SIGNATURE, E-SIGNATURES, E-TRANSACTIONS, EBUSINESS, ECOMMERCE, ECOMMERCE LEGISLATION, ELECTRONIC COMMERCE, ELECTRONIC COMMERCE TRANSACTIONS, ELECTRONIC DATA, ELECTRONIC DOCUMENT, ELECTRONIC DOCUMENTS, ELECTRONIC FORM, ELECTRONIC MAIL, ELECTRONIC MEDIUM, ELECTRONIC MESSAGE, ELECTRONIC MESSAGES, ELECTRONIC SIGNATURE, ELECTRONIC SIGNATURE LAW, ELECTRONIC SIGNATURE LAWS, ELECTRONIC SIGNATURES, ELECTRONIC SOFTWARE, ELECTRONIC TRANSACTION, ELECTRONIC TRANSACTIONS, ELECTRONIC TRANSFER, EMAILS, ENCRYPTION, ENCRYPTION KEY, ENCRYPTION TECHNOLOGY, EQUIPMENT, ESIGNATURE, FAXES, FINGERPRINT, FRONT-END, GENERAL PUBLIC, GOVERNMENT CONTRACT, HANDWRITTEN SIGNATURE, HANDWRITTEN SIGNATURES, HARD COPY, HARDWARE, HARMONIZATION, HASH, HASH FUNCTION, HASH RESULT, HASH RESULTS, ID, IMPLEMENTATIONS, INFORMATION EXCHANGE, INFORMATION SECURITY, INTENDED RECIPIENT, INTENDED RECIPIENTS, INTERNATIONAL STANDARDS, INTERNATIONAL TRADE, INTEROPERABILITY, KEY EXCHANGE, KEY MANAGEMENT, LAWS ON E-COMMERCE, LEGAL ENVIRONMENT, LEGAL FRAMEWORKS, LEGAL STATUS, LEGAL SYSTEM, LICENSES, MANAGEMENT OF RISK, MANAGEMENT PROTOCOLS, MANAGEMENT SOFTWARE, MANAGEMENT SYSTEM, MANUFACTURING, MARKETING, MATERIAL, NETWORKS, NEW TECHNOLOGY, NON REPUDIATION, NON-REPUDIATION, NOTARIZATION, OBSTACLES TO E-COMMERCE, ONLINE ENVIRONMENT, OPERATING SYSTEMS, PASSWORD, PASSWORDS, PHYSICAL ACCESS, PHYSICAL PRESENCE, PHYSICAL STORES, PKI, PRIVACY, PRIVACY PROTECTION, PRIVATE KEY, PRIVATE KEYS, PRIVATE SECTOR, PROCUREMENT, PROTOCOLS, PUBLIC ADMINISTRATION, PUBLIC KEY, PUBLIC KEY CRYPTOGRAPHY, PUBLIC KEY ENCRYPTION, PUBLIC KEY INFRASTRUCTURE, PUBLIC KEYS, REGISTRY, REGULATORY ENVIRONMENT, REGULATORY FRAMEWORK, RELATIONSHIP MANAGEMENT, RELIABILITY, RESULT, RESULTS, RISK MANAGEMENT, SALE OF GOODS, SECRET KEY, SECURITY LEVEL, SECURITY MANAGEMENT, SECURITY OBJECTIVES, SECURITY REQUIREMENTS, SECURITY RISK, SECURITY SECURITY, SENSITIVITY OF INFORMATION, SERIAL NUMBER, SERVER, SERVICE PROVIDER, SERVICE PROVIDERS, SIGNATURE GENERATION, SMART CARDS, SOFTWARE APPLICATION, SOFTWARE APPLICATIONS, SYMMETRIC ENCRYPTION, SYMMETRIC KEY, SYMMETRIC KEY CRYPTOGRAPHY, SYMMETRIC KEY ENCRYPTION, SYMMETRIC KEYS, SYSTEM WEAKNESSES, TECHNICAL SUPPORTS, TECHNOLOGICAL CAPABILITIES, TELEPHONE, TIME STAMP, TRADITIONAL BUSINESS, TRANSACTION, TRANSMISSION, TRANSMISSION OF INFORMATION, TRANSMISSION SECURITY, TRANSMISSIONS, TRUST RELATIONSHIPS, UNIQUE IDENTIFIER, USER, USER IDENTITIES, USERS, USES, VERIFICATION, VIDEO, WEB,
Online Access:	http://documents.worldbank.org/curated/en/2004/12/20165808/authentication-digital-signatures-e-law-security-guide-legislators-managers https://hdl.handle.net/10986/20214
Tags:	Add Tag No Tags, Be the first to tag this record!