Digital security signed, sealed, delivered.The handwritten hand·write tr.v. hand·wrote , hand·writ·ten , hand·writ·ing, hand·writes To write by hand. [Back-formation from handwritten.] Adj. 1. signature at the end of a letter or contract stands as a simple and reasonably reliable means of authenticating the document. But when a document exists only in electronic form, anyone can affix affix v. 1) to attach something to real estate in a permanent way, including planting trees and shrubs, constructing a building, or adding to existing improvements. an identifying string of electronic characters, or after the text itself, without leaving a trace of forgery. Over the last decade or so, computer scientists and cryptographers have developed a variety of ingenious schemes, known as digital signatures, to guarantee that an electronic document is genuine. Now the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. ) in Gaithersburg, Md., has issued a proposal for a digital signature standard, which allows recipients of electronically transmitted information to verify the sender's identity and the data's integrity. The announcement appears in the Aug. 30 FEDERAL REGISTER. "The fact that the government has finally come forth with a proposed standard is very important," says Stephen T. Walker, president of Trusted Information Systems Trusted Information Systems (TIS) was a computer security research and development organization during the 1980s and 1990s, performing computer security research for organizations such as NSA, DARPA, ARL, AFRL, SPAWAR, and others. , Inc., in Glenwood, Md. "It's too bad that it's taken so long. There's a whole lot of areas where digital signatures are crucial." The proposed standard specifies a particular mathematical procedure for creating and verifying a digital signature. Although it would apply only to unclassified un·clas·si·fied adj. 1. Not placed or included in a class or category: unclassified mail. 2. information in federal government computer systems, it would likely have a considerable influence on other computer users as well. Many companies, for example, have been reluctant to select a particular digital signature scheme for their electronic transmissions without some assurance that the chosen method will be widely used and that it harbors no weaknesses that could be exploited by an unscrupulous party bent on Adj. 1. bent on - fixed in your purpose; "bent on going to the theater"; "dead set against intervening"; "out to win every event" bent, dead set, out to fraud. "The existence of a standard should make vendors more willing to offer [a digital signature scheme] and people more willing to use it," says Joan Feigenbaum of AT&T Bell Laboratories in Murray Hill Murray Hill may refer to one of the following places:
But controversy surrounds NIST's choice of an unfamiliar mathematical algorithm as the federal standard for generating and verifying a digital signature. "If no one challenges what they've done, we'll be stuck with a weakened standard," says Jim Bidzos, president of RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. Data Security, Inc., in Redwood City Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif., which produces equipment and software based on a rival, proprietary digital signature and encryption method known as RSA. The proposed NIST algorithm, like most digital signature methods, relies on a concept known as public-key cryptography public-key cryptography - public-key encryption . Such schemes use two mathematically related "keys" -- one for encrypting a message as a scrambled string of bits, and a complementary key for unscrambling the encoded message. Because on key can't easily be derived from the other, a user can keep one key secret, using it to create a digital signature, and make public the other key so that anyone can verify -- but not forge -- that signature. The same procedure can be applied to a sample of bits from the text itself, which acts as a kind of fingerprint to allow detection of surreptitious SURREPTITIOUS. That which is done in a fraudulent stealthy manner. alterations in an electronically transmitted or stored document. The RSA method is the most widely used and best-known method for producing such keys for both encrypting messages and creating digital signatures. Its security depends on the computational difficulty of factoring a large number to find the two prime numbers that were multiplied together to generate the original number. It contrast, the proposed NIST method relies for its security on the difficulty of computing what are called discrete logarithms. At a congressional hearing in June, NIST Deputy Director Raymond G. Kammer described the criteria used to select the proposed standard. "Our efforts in this area have been slow, difficult and complex," he testified. "We evaluated a number of alternative digital signature techniques and considered a variety of factors in this review." Those factors included the degree of security provided, the ease of implementation in both hardware and software, the ease of export from the United States, the applicability of patents, and the level of efficiency for generating and verifying signatures. Guided by these criteria and assisted by representatives from the National Security Agency, NIST officials rejected the RSA method, which is protected by a number of patents in the United States, and developed an alternative approach that, according to government lawyers, isn't covered by existing patents. The future of the proposed standard now depends on how well it survives a concerted mathematical attack regarding its security, and on the resolution of any conflicting patent claims that may arise. "Should there be some kind of weakness, [NIST] is putting its method into the public record in order to enable people to try to uncover that weakness," says computer scientist Michael O. Rabin
|
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion