Cryptography Reference
In-Depth Information
• each office has its own intranet, as well as access to a common company-
wide intranet connecting all the regional offices;
• the company provides many of its services through external suppliers;
• the company provides its own information security functionality (rather
than outsourcing).
You are the member of the IT support team with responsibility for security.
(a) By considering the overall activities of the company, which security services
are likely to be required on the various network links?
(b) Where would you choose to deploy symmetric and public-key cryptogra-
phy (if at all)?
(c) Design a simple key management system to support this business,
identifying the different keys required and how their lifecycle will be
supported.
19
. As well as electronic and advanced electronic signatures, the European Union
Directive on Electronic Signatures defines a third class of electronic signatures
known as
qualified electronic signatures
.
(a) Under what conditions does an advanced electronic signature become a
qualified electronic signature?
(b) Explain what is meant by a
qualified certificate
.
(c) Explain how a suitable public-key management system can provide these
necessary conditions.
(d) To what extent are advanced electronic signatures and qualified electronic
signatures legally 'equivalent' to handwritten signatures?
