www.brisa.org.br Security Requirements for Business Communication HENRIQUE DE CONTI Director — Membership and Information Services Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 Schedule www.brisa.org.br About BRISA Main Protections for e-business e-business protections — Technical Solutions Legal Issues Brazilian Legal Framework Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 About BRISA www.brisa.org.br BRISA is... 12 years old association whose mission is to support members in developping solutions in Telecommunications and Informatics Not for profit, private, open for any company, exempt, independent, accredited as a Public Utility Organization since 1992 Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 Members 5/16/01 www.brisa.org.br ACREFI ASSOCIAÇÃO NACIONAL Supremo Tribunal Federal Copyright BRISA 2001 Nacional ITU —Multimidia in the 21st Century Jun 5, 2001 www.brisa.org.br BRISA has... offices members 160 140 staff 120 100 80 60 80 40 70 20 60 0 50 1988 1991 1994 1997 2000 40 30 20 10 0 1989 Copyright BRISA 2001 ITU —Multimidia in the 21st Century 1991 1994 1997 2000 Jun 5, 2001 Consumer Online Spending Reaches $8.3 Billion in 2005 www.brisa.org.br (in billions) $10 $9 $8 $7 $6 $5 $4 $3 $2 $1 $0 100% $8,3 80% 60% $5,8 13% 18% $0,2 $0,5 1999 2000 21% 24% 27% $2,2 $3,7 31% 34% 20% $1,2 2001 40% 0% 2002 Total Online Spending 2003 2004 2005 Percent of Online Buying Source: Jupiter Internet Commerce Model, 02/00 Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 e-business — Main Protections (1) www.brisa.org.br Authentication of origin guarantee identity of the originator of a message or object implies non-repudiation of origin (independent CA) guarantees integrity against corruption of message or information object (accidental or malicious) not used as contractual binding Signature proof that the originator accepts all responsabilities for object or message validity validity of originator’s pair of keys offers all protections of Authentication of Origin tied to document formation (hash) exclusive use by owner (verification) (1) EEMA-SPLC Copyright BRISA 2001 Secure Inter-organisational Electronic Messaging Framework ITU —Multimidia in the 21st Century Jun 5, 2001 e-business — Main Protections (1) www.brisa.org.br Non-repudiation of content received provides guarantee that a recipient has received message or information object intact as sent recipient cannot deny its reception Notarisation irrevocable proof and guarantee that an information object was subject of Authentication of Origin or Signature authentication or signature occured no later than time and date appended by Notary validity exceeds that of pair of keys of originator information object can be archived offers all protections of Authentication of Origin of Signature applies only to objects (1) EEMA-SPLC Copyright BRISA 2001 Secure Inter-organisational Electronic Messaging Framework ITU —Multimidia in the 21st Century Jun 5, 2001 e-business protections Techical Solutions www.brisa.org.br Authentication of origin X.509 Certificate supported by main messaging products (Windows and Linux) Signature X.509 Certificate hash function supported by main messaging products (Windows and Linux) Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 e-business protections Techical Solutions www.brisa.org.br Non-repudiation of content received no internet protocol standard specification supported by X.400 protocol supported by main messaging products (proprietary solutions) need of a bilateral agreement (if not X.400) Notarisation X.509 Certificate (signed by a Notary) supported by main messaging products (Windows and Linux) Notary independent third party (usually) Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 Legal Issues www.brisa.org.br Validity of digital signatures accepted as agreement of proof of wish (not only proof of origin) essential for Government Validity of electronic documents same value than paper documents exceptions for specific situations (not validity for specific situations) Validity of digitalized documents obtained from paper documents same value than electronic documents exceptions for specific situations, if needed Security definition of crimes by computer (must be caracterized in Penal Laws) Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 Legal Framework — Brazil www.brisa.org.br Main acts, bills and decrees e-commerce/e-documents Bill 1483/99 (Dep. Dr. Hélio) electronic invoice Bill 1589/99 (Dep. Luciano Pizzato) e-commerce e-documents signatures notaries conditions to offer products and services by electronic means certification EC Comission Representatives House Joint Comission Bill 672/99 (Sen. Lúcio Alcântara) e-commerce e-messages signatures Copyright BRISA 2001 Approved Senate Representative House ITU —Multimidia in the 21st Century Jun 5, 2001 Legal Framework — Brazil www.brisa.org.br Main acts, bills and decrees e-commerce/e-documents Dec. 3585/00 validity government e-documents (some must be electronic) Dec. 3587 Government PKI asymmetric keys certification policy bypass lack of laws Instruction SRF 156/99 e-CPF (persons) & e-CNPJ (companies) electronic services CAs & RAs Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 Legal Framework — Brazil www.brisa.org.br Main acts, bills and decrees security Bill 84/99 (Dep. Luiz Piauhylino) crimes by computer all main crimes Law 9983/00 crimes against Social Security 2 crimes by computer • insertion of fraudulent data • non-authorized data modification no other crimes (hacking without modification or insertion, etc.) Dec. 3505/00 Information Security Policy for Federal Administration Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001 www.brisa.org.br HENRIQUE CÉSAR DE CONTI Director — Membership and Information Services [email protected] Tel. +55-61-328 8872 Fax +55-61-328 2593 Copyright BRISA 2001 ITU —Multimidia in the 21st Century Jun 5, 2001
© Copyright 2026 Paperzz