ARGENTINE

RESOLUTION Secretaría de la Función Pública (Secretariat for Civil Service) NATIONAL PUBLIC ADMINISTRATION

Resolution 45/97

The digital signature technology is hereby incorporated to the information processes of the public sector.

Bs. As. 3/17/97

IN VIEW OF Decree Nº 660 dated June 24 1996, Decree Nº 998 dated August 30 1996, the Record dated December 30 1996 from the SUBCOMITÉ DE CRIPTOGRAFÍA Y FIRMA DIGITAL (CRYPTOGRAPHY AND DIGITAL SIGNATURE SUBCOMMITTEE), integrating the COMITÉ DE USUARIOS DE PROCESAMIENTO DE IMÁGENES (IMAGE PROCESSING USERS COMMITTEE (C.U.P.I.)) and

CONSIDERING:

That the tasks assigned to the SECRETARÍA DE LA FUNCIÓN PÚBLICA (SECRETARIAT FOR CIVIL SERVICE) reporting to the JEFATURA DE GABINETE DE MINISTROS (CABINET CHIEF) comprise those of promoting the study and review of the legal value of electronic documents and the systems aimed at safeguarding the security and non-disclosure of the information contained in electronic means, as well as those of proposing actions and setting standards that will promote improvement of the organization and the adequate operation of the National Public Administration.

That by virtue of the competence granted by Decree Nº 660/96 amended by Section 2 of Decree Nº 998/96, the Dirección Nacional de Coordinación e Integración Tecnológica (National Technological Coordination and Integration Department) of the SECRETARÍA DE LA FUNCIÓN PÚBLICA (SECRETARIAT FOR CIVIL SERVICE) reporting to the JEFATURA DE GABINETE DE MINISTROS (CABINET CHIEF) has taken part in the Subcomité de Criptografía y Firma Digital (Cryptography and Digital Signature Subcommittee), created in July 1996 and made up of officials from different National Public Administration bodies, whose purpose has been to examine and propose rules regarding the incorporation of digital signature technology into the public sector information processes, and the related legal matters.

That as a result of such examination, a paper was worked out, under which the conclusions on the technical guidelines to be taken into account for a digital signature standard were approved, which is attached to the Annex hereto, that shall be used as the fundamental grounds for a useful and efficient standard for disseminating the use of the digital signature in the public sector.

That the National Public Administration can remain alien to technological developments and the use of the new means provided by the market, especially when these contribute to increasing the productivity of their bodies, to optimizing information management and reducing the costs of storage and transfer of paper.

That the technology necessary to safeguard digital papers and digital information exchange is currently available, having reached a reasonable degree of reliability and security.

That it is desirable to grant a regulatory framework which favors the use and dissemination of the technologies which lie within the scope of the National Public Administration.

That it is the duty of the SECRETARÍA DE LA FUNCIÓN PÚBLICA (SECRETARIAT FOR CIVIL SERVICE) reporting to the JEFATURA DE GABINETE DE MINISTROS (CABINET CHIEF) to dictate the regulatory framework for setting the technology policies relating to associated computer science, teleinformatics, multimedia technologies, equipment and communications, and other electronic means and systems, pursuant to the provisions in Annex II of Decree Nº 660/96, as amended by Section 2 of Decree Nº 998/96.

 

Thus,

THE SECRETARÍA DE LA FUNCIÓN PÚBLICA (SECRETARIAT FOR CIVIL SERVICE) REPORTING TO THE JEFATURA DE GABINETE DE MINISTROS (CABINET CHIEF) DECIDES THE FOLLOWING:

Article 1 - Conform to and adopt the conclusions approved by means of the Record dated December 30 1996 by the SUBCOMITÉ DE CRIPTOGRAFÍA Y FIRMA DIGITAL (CRYPTOGRAPHY AND DIGITAL SIGNATURE SUBCOMMITTEE) OF THE COMITÉ DE USUARIOS DE PROCESAMIENTO DE IMÁGENES (IMAGE PROCESSING USERS COMMITTEE (C.U.P.I.)), which, in the form of Annex, is integral part hereto.

Article 2 - Authorize the use, within the scope of the National Public Administration, of the technology stated in the above-mentioned Annex, for the promotion and dissemination of the digital document and signature, under the terms and within the scope therein defined.

Article 3 - Be it notified, published, together with its corresponding Annex, referred to the Dirección Nacional del Registro Oficial (National Board for Official Registration) and registered.- Claudia E. Bello.

 

 

 

ANNEX

 

CONCLUSIONS OF THE SUBCOMITÉ DE CRIPTOGRAFÍA Y FIRMA DIGITAL (CRYPTOGRAPHY AND DIGITAL SIGNATURE SUBCOMMITTEE) ON THE TECHNICAL GUIDELINES REGARDING DIGITAL SIGNATURE STANDARDS, DATED DECEMBER 30 1996

 

RECORD

The members of the Subcomité de Criptografía y Firma Digital (Cryptography and Digital Signature Subcommittee) met in Buenos Aires, on December 30 1996, in the Salón de Comisiones (Commissions Room) of the Banco Central de la República Argentina (Argentine Central Bank), with the purpose of approving the conclusions on the technical guidelines which should be taken into account in relation to the digital signature standards. After an exchange of opinions, the paper attached as Annex was approved.

The said conclusions will be referred to the Comité de Usuarios de Procesamiento de Imágenes (Image Processing Users Committee (C.U.P.I.)) for their dissemination.

The above-said is agreed to by the undersigned, in the place and on the date stated in the headings, at 14:00 hs.

 

Viviana ALMADA

Armando CARRATALA

Beatriz GARCIA

Andrés HAL

María P. PRANDINI

Alejando ROMAN

Raúl P. SARDU

Hugo SCOLNIK

Julio A. TULIAN

Alejandro G. VAL

Luis YANUZZIO

 

 

STANDARDS ON DIGITAL SIGNATURE

 

GOALS

1. Rule the matching of the digital signature to the holographic signature to allow removal of paperwork and digitalization of the State's administrative circuits.

2. Create the necessary conditions for the reliable use of the digital document digitally subscribed within the scope of the Public Sector.

3. Reduce the risk of fraud in the use of digital documents by digitally subscribing them.

 

INTRODUCTION

The need to increase productivity in the State, by simplifying its administrative and management systems and improving its transparency, fosters the introduction of computer mechanisms to that end. These computer mechanisms, such as electronic mail and workflow management, use the digital document (computer message, registration or file) as its main tool for information storage and transportation.

Certain administrative procedures manage documents containing information which can not be objected by third parties. When subjecting those procedures to computer science, it is stated that no third party can object any digital documents produced thereafter. This can only be achieved through the use of digital signature sustained by an appropriate regulatory framework matching the digital signature to the holographic signature.

 

STANDARDS REQUIREMENTS

As regards digital documents which can not be objected by third parties

The presence of digital documents which can not be objected by third parties simultaneously requires the author's identification and guarantee of their content's integrity, which can only be achieved through digital signature and appropriate mechanisms.

Consequence of the omission, in the standard, of the requirement to use digital signature through appropriate mechanisms: The lack of this accuracy would be accompanied by the lack of complete author identification and integrity of the document content, and thus, using other mechanisms which do not offer the same guarantee would make it impracticable for documents not to be objectionable by third parties.

 

As regards matching of the digital signature to the holographic signature

This point is critical to the standards, by allowing those choosing to use digital documents digitally subscribed, to obtain legal guarantees similar to the ones offered by the holographic signature on paper.

Holographic signature allows the simultaneous identification of its author and ascription of the authorship of the text preceding it. Therefore, the digital signature mechanism to be used shall comply with these basic requirements of simultaneously identifying the author and insuring content integrity.

Consequences of lack of matching of the digital signature to the holographic signature: without this matching in the standards, third parties could object the digital document digitally subscribed, thus preventing the initiatives of technological upgrading, computer science and removal of paperwork in the State.

 

As regards the option of choosing asymmetric cryptography as the means to implement digital signature

Asymmetric cryptography (also known as public key) is the only method currently capable of implementing digital signature, since it complies with the critical features of the holographic signature, i.e., it allows simultaneous accurate identification of the author and verification that the message has not been altered from the moment it was signed (integrity), provided that all the necessary precautions for a good implementation have been taken.

The mechanism of public key is the only one not requiring disclosure of the private key (confidential) used by the signer to subscribe or verify a document's digital signature, what makes it the only system capable of allowing a digital signature which, within the framework of adequate standards, can not be objectionable by third parties.

Consequences of omission of the public key cryptography requirement from the standards: Currently, no other mechanism allows, in relation to digital documents, the simultaneous accurate identification of the author and verification that the message has not been altered from the moment it was signed (integrity). Thus, were the methodology of public key cryptography (asymmetric) be omitted from the regulatory standards, matching of the digital signature to the holographic signature and the presence of digital documents which could be objected by third parties would be impracticable.

 

As regards authorities who certify public keys and public key certificates

Authorities certifying public keys certify correspondence between a public key and the body corporate or individual who owns it, by issuing a public key certificate. This certificate allows the accurate identification of the signer of the digital document, thus avoiding any potential repudiation.

Consequences of omission of the requirement regarding authorities certifying public keys and public key certificates: When a public key can not be associated to its owner, it is impracticable to accurately identify the signer of a digital document, what would render the document liable to repudiation and the system devoid of reliability.

 

Matters to be taken into account when developing the standards:

 

As regards certifying authorities:

• State the qualifications an entity shall have to act as certifying authority.
• State the causes of cancellation or suspension of the license owned by a certifying authority.
• State, in all circumstances, disclosure of its procedures for these to be known by third parties.
• Establish the monitoring basis through audits, in order to evaluate performance of certifying authorities.
• Determine the scope of liability by performance of the parties involved (certifying authorities, owners of pairs of keys and comptroller bodies).

 

As regards public key certificates:

• Sate the standardization requirements according to international standards.
• Determine the terms under which public key certificates are to be in effect (issuance, acceptance, cancellation, suspension and expiration).
• Establish the rights and liabilities of both the subscriber and the issuing certifying authority.
• Establish the requirements related to the issuance of certificates and the lists of canceled or suspended certificates.

 

Justification of stating, in the standards, only one mechanism for digital signature:

The goal of a standard of this type should be that of taking into account minimum technological standards which insure determination of the digital signature authorship and the impossibility of altering the content of the digital document in that way subscribed.

 

The proposal of using public key cryptography is not restrictive for the following reasons:

• Although other mechanisms may be developed in the future for the implementation of digital signature, the future standards implementing them do not necessarily have to invalidate that of public key, in the same way as the proposed standards will not invalidate the use of the holographic signature.
• A standard of this scope shall not make reference to any particular technology. The public key mechanism is not a technology, but a family of mathematical methods (algorithms) admitting different hardware and software applications. In the same way, application of the holographic signature is not related to the type of paper used.
• The public key requirement is not restrictive, since it specifies a family of cryptographic algorithms and not an individual one, thus allowing the subsequent use of new more efficient algorithms as these are discovered and tested.
• By their nature, the symmetrical cryptographic mechanisms require the same private key to be used both to encrypt and to decrypt a document. By necessarily having to share the private key, this key ceases to be private, what makes any digital document digitally "signed" by means of a symmetrical cryptographic mechanism liable to repudiation. In fact, there is no logical possibility of implementing digital signature in symmetrical cryptographic mechanisms. As a result, in order to avoid the problem of repudiation, in 1977 asymmetrical cryptographic mechanisms were created (also known as "public key"), which used TWO (2) different keys, but closely related: the private key, which remains confidential, is never disclosed and is used to sign digital documents, and the public key, which is disclosed and is used to verify the signatures based on the corresponding private key.
• In its standard on digital signature, the Information Security Committee, Science & Technology Section of the American Bar Association recommends the use of the public key mechanism as the only alternative to give the digital signature the treatment of holographic signature. The said Committee is made up of representatives from the following Governmental bodies:
  • Canada Department of Justice
  • Commonwealth of Massachusetts
  • Georgia Secretary of State Office
  • Government of Quebec
  • Los Angeles County
  • NASA North American Space Administration
  • NSA National Security Agency
  • State of the Utah
  • U.S. Department of State
  • U.S. Postal Inspection Service
  • U.S. Social Security Administration
  • Utah Attorney General's Office

and the following institutions:

• American Society of Notaries Public
• Chambres des Notaries du Quebec
• Fedération Nationale des Chambres de Commerce et d' Industrie de Belgique
• International Law Institute
• International Union of Latin Notaries - Italy
• National Notary Association
• Notaries Society of England
• Society of Public Notaries of London
• U.S. Council for International Business
• Université de Montréal
• University of Miami Law School
• Multiple international standards on digital signature require the public key requirement.
• The public key requirement is broadly disseminated and does not relate to any particular provider or country.

 

CONCLUSIONS

The standards on digital signature will allow:

• The digitalization of any information circuit,
• the generalization of the use of digital signature through the adoption of uniform guidelines that will allow verification of the authenticity and integrity of the digital documents requiring signature for their validation, and
• a lesser risk of fraud in the digital documents digitally subscribed.

 

Source : Poder Ejecutivo Nacional - Jefatura de Gabinete de Ministros - Subsecretaría de la Gestión Pública