9,589 research outputs found
The concept of establishment of electronic archive in public administration
Cilj ove doktorske disertacije je izrada modela informacijskog sustava za dugotrajnu pohranu
elektroniĉki potpisanih dokumenata u podruĉju javne uprave. Za potrebe izrade modela
obraĊen je referentni teorijski model za dugotrajnu pohranu elektroniĉkih informacijskih
objekata – OAIS. Opisane su odgovornosti i sastavnice te funkcionalni entiteti navedenog
modela. ObraĊena su teorijska saznanja s podruĉju infrastrukture javnog kljuĉa (PKI) zbog
tehnologija i koncepata koji podrţavaju povjerenje u elektroniĉke zapise: digitalni certifikat,
elektroniĉki potpis, napredni elektroniĉki potpis, certifikacijski (CA) i registracijski autoritet
(RA), elektroniĉki vremenski ţig i dr. Uredbom eIDAS (Uredba (EU) br. 910/2014) je za
podruĉje Europske Unije stavljena van snage do tada vaţeća EU Direktiva 1999/93/EC o
okviru Zajednice za elektroniĉke potpise. Utjecaj Uredbe eIDAS je vrlo dalekoseţan za
pravno reguliranje elemenata za dugotrajno oĉuvanje elektroniĉki potpisanih zapisa.
Navedena uredba je propisala i koncept kvalificiranog pruţatelj usluga povjerenja (za
izdavanje certifikata, vremenskih ţigova i dr.). Posebno su detaljno obraĊeni formati
naprednog elektroniĉkog potpisa: XAdES, CAdES i PADES. Takvi formati potpisa
omogućavaju oĉuvanje u dugom roku pa su iz tog razloga posebno zanimljivi. Detaljno su
obraĊeni procesi izraĊivanja i validacije naprednog elektroniĉkog potpisa. Prepoznat je pojam
dokaza postojanja, tj. PoE (engl. Proof of Existence) elektroniĉkog potpisa kao kljuĉan za
ovaj rad. U prouĉavanju podruĉja dugoroĉnog oĉuvanja integriteta i autentiĉnosti
elektroniĉkih zapisa s elektroniĉkim potpisima obraĊene su ĉetiri strategije oĉuvanja:
uklanjanje elektroniĉkih potpisa, biljeţenje traga o elektroniĉkim potpisima u metapodacima,
biljeţenje valjanosti o elektroniĉkim potpisima u blokchainu te oĉuvanje elektroniĉkih
potpisa. Oĉuvanje elektroniĉkih potpisa je ĉesto implicitno definirano u zakonskim propisima
te je stoga bilo i izazov za ovaj istraţivaĉki rad.
Detaljno je obraĊena tematika elektroniĉke javne uprave (pojam, faze, mobilna javna uprava i
sektori). Da bi se bolje shvatila vaţnost arhiva u elektroniĉkoj javnoj upravi obraĊen je
kontekst elektroniĉke javne uprave u Europskoj Uniji i Republici Hrvatskoj. Sudjelovao sam
na InterPARES Trust istraţivaĉkom projektu na temu analize elektroniĉkih javnih usluga.
Analizirani su razliĉiti aspekti javnih e-usluga, a sa stanovišta ovog rada su posebno
zanimljivi rezultati s podruĉja dugoroĉnog oĉuvanja elektroniĉkih zapisa te su i izneseni u
ovom radu. Osim toga, istraţena je dostupnost servisa i komponenata temeljenih na
infrastrukturi javnog kljuĉa u RH koji se mogu uĉinkovito iskoristiti za izgradnju infrastrukture za potpisivanje i dugotrajnu pohranu elektroniĉki potpisanih dokumenata.
Konaĉno je dana i analiza uspješnosti elektroniĉkih javnih uprava po više metodologija.
Napravljena je detaljna analiza razliĉitih aspekata elektroniĉki potpisanih dokumenata
(interoperabilnost, pravna ureĊenost, rokovi ĉuvanja, norme za dugotrajnu pohranu). ObraĊen
je i pojam elektroniĉke isprave u smislu zamjene za papirnate sluţbene dokumente izdane od
javne uprave. Analizirani su hrvatski i strani zakoni s tog podruĉja. Kao priprema za izradu
modela dugotrajne pohrane elektroniĉki potpisanih dokumenata obavljena je analiza uspješnih
implementacija e-arhiva iz Hrvatske, Njemaĉke, Italije, Austrije, Litve i Estonije. ObraĊeni je
i jedan referentni model za dugotrajnu pohranu te su analizirani rezultati istraţivaĉkog EARK
projekta. S obzirom na saznanja iz analize uspješnih praksi i referentnih modela izradio
sam model informacijskog sustava za pohranu elektroniĉki potpisanih dokumenta. RazraĊeni
model se temelji na OAIS referentnom modelu. Vrlo bitan dio u izradi navedenog modela je
razrada pojma oĉuvanja dokaza postojanja. Predlaţe se korištenje standarda RFC 6283
(XMLERS) za zapis oĉuvanja dokaza postojanja. Osim toga, kljuĉno u izradi modela je
korištenje usluga kvalificiranih pruţatelja usluga povjerenja za certifikate i za vremenske
ţigove. Kvalificirani vremenski ţig poprima i znaĉenje arhivskog vremenskog ţiga. IzraĊeni
model podrazumijeva produţenje potpisa prije isteka prikladnosti korištenih algoritama.
Osnovna namjera produţenja potpisa jest osigurati provjerljivost cjelovitosti i autentiĉnosti
već potpisanih dokumenata. Osim toga i vremenski ţigovi s vremenom mogu izgubiti svoju
prikladnost pa se pravovremeno treba dohvaćati novi vremenski ţig. Predloţeno je rješenje i
za dugotrajno oĉuvanje elektroniĉke isprave na naĉin da tehnološka implementacija podrţi
pravni okvir. Predloţeni su i formati dokumenata za ovaj model te korištenje formata
naprednog elektroniĉkog potpisa. Predloţeni su formati iz AdES obitelji potpisa: XAdES,
CAdES i PAdES. Na kraju rada je dan prijedlog uspostave infrastrukture za dugotrajno
oĉuvanje potpisanih elektroniĉkih dokumenata u Republici Hrvatskoj.The aim of this PhD thesis is to develop a model of the information system for the long term
storage of electronically signed documents within public administration domain. For the
purpose of building the model, the referent theoretical model for the long term storage of
electronic information objects - OAIS is elaborated. The responsibilities, components and the
functional entities of the mentioned model are described. Theoretical findings in connection
with public key infrastructure (PKI) are covered because of the technologies and concepts that
support the confidence in electronic records: digital certificate, electronic signature, advanced
electronic signature, certificate authority (CA), registration authority (RA), electronic
timestamp etc.
The EU Directive 1999/93/EC on a Community framework for electronic signatures was
derrogated in the EU area by eIDAS regulation (EU Regulation no. 910/2014). The influence
of the eIDAS regulation is far-reaching for the legal regulation of the elements for the longterm
preservation of electronically signed records. The regulation laid out the concept of the
qualified trust server provider (for the certificate issuance, timestamps, etc.). Certain formats
of advanced electronic signature are thoroughly covered. Such signature formats enable longterm
preservation what makes these formats particularly interesting. The processes of
development and validation of advanced electronic signature are described in detail. The term
Proof of Existence (PoE) of electronic signature is recognized as key for this thesis. Studying
the area of the long-term integrity and authenticity preservation of electronic records with
electronic signatures four strategies of preservation are covered: the removal of electronic
signatures, keeping track of electronic signatures within the metadata, recording electronic
signature validity within the blokchain and the preservation of electronic signatures. The
preservation of electronic signatures was a challenge for this thesis because it is often
implicitly defined within legal regulations.
The concept of electronic public administration is thoroughly covered (the term, phases,
mobile public administration, sectors). To have a better understanding of the importance of
archives in the electronic public administration the context of electronic public administration
in the European Union and in the Republic of Croatia is described. The author took part at
InterPARES Trust research project that was based on the analysis of electronic public
services. Different aspects of public e-services are analyzed, form the point of this work the
results from the area of electronic records long-term preservation are especially interesting and as such are elaborated in this thesis. Furthermore, the availability of services and
components based on the public key infrastructure in the Republic of Croatia that can be
efficiently used for signing and long term-storage of electronically signed document
infrastructure development is investigated. Finally the analysis of efficacy of electronic public
administrations according to numerous methodologies is presented. A detailed analysis of
different aspects of electronically signed documents (interoperability, legal regulation,
preservation time period, long-term storage standards) is made. The term electronic document
as a substitute for official paper documents issued by public administration is elaborated.
Croatian and foreign legal regulations are analyzed. As a preparation for the long-term storage
of electronically signed documents model an analysis of successful e-archive implementations
from Croatia, Germany, Italy, Austria, Lithuania and Estonia is made. One referent model for
the long-term storage is elaborated and the results of the E-ARK research project are
analyzed.
Based on the findings from the analysis of successful practices and referent models the author
built a model of the information system for storage of electronically signed documents. The
developed model is based on OAIS reference model. An important part of the above
mentioned model development is the elaboration of preservation of the proof of existence
term. The use of RFC 6283 (XMLERS) standard for the Evidence Record Syntax is
recommended. On top of that the use of qualified trust service providers for certificates and
for timestamps is key for this model development. Qualified timestamp also takes the
meaning of an archive timestamp. The developed model implies signature renewal before an
expiration of the validity of the algorithms used. The main purpose of the signature renewal is
to insure the verification of completeness of already signed documents. Additionally,
timestamps can lose their validity as time passes so new timestamps must be acquired in time.
The solution for the electronic document long-term preservation is suggested so that
technological implementation supports legal regulation. Document formats for this model are
suggested as well as the usage of the advanced electronic signature format. The formats from
the AdES family of signatures are proposed: XAdES, CAdES, PAdES. At the end of this
thesis the suggestion to set up an infrastructure for the long-term storage of electronically
signed documents in the Republic of Croatia is given
Comparative analysis of copyright assignment and licence formalities for Open Source Contributor Agreements
This article discusses formal requirements in open source software contributor copyright assignment and licensing agreements. Contributor agreements are contracts by which software developers transfer or license their work on behalf of an open source project. This is done for convenience and enforcement purposes, and usually takes the form of a formal contract. This work conducts a comparative analysis of how several jurisdicitons regard those agreements. We specifically look at the formal requirements across those countries to ascertain whether formalities are constitutive or probative. We then look at the consequences of the lack of formalities for the validity of those contributor agreements
From Lord Coke to Internet Privacy: The Past, Present, and Future of Electronic Contracting
Contract law is applied countless times every day, in every manner of transaction large or small. Rarely are those transactions reflected in an agreement produced by a lawyer; quite the contrary, almost all contracts are concluded by persons with no legal training and often by persons who do not have a great deal of education. In recent years, moreover, technological advances have provided novel methods of creating contracts. Those facts present practitioners of contract law with an interesting conundrum: The law must be sensible and stable if parties are to have confidence in the security of their arrangements; but contract law also must be able to handle changing social and economic circumstances, changes that occur at an ever-increasing speed. Contract law, originally designed to handle agreements reached by persons familiar with one another, evolved over time to solve the problems posed by contract formation that was done at a distance — that is, contract law had developed to handle first paper, then telegraphic, and finally telephonic communications. It has handled those changes very well. In the 1990s, however, things began to change. The rise in computer use by individuals coupled with the advent of the World Wide Web gave rise to two parallel developments, both of which challenged the law of contract formation. Increased computer use created a demand for software programs designed for the consumer market, and those programs were commonly transferred to users by way of standard-form licenses that were packaged with the software and thus unavailable before the consumer paid for the software. Also, parties in large numbers began to use electronic means — the computer — to enter into bargained-for relationships. The turn of the millennium brought two electronic contracting statutes, the Electronic Signatures in Global and National Commerce Act (“E-Sign”) and the Uniform Electronic Transactions Act (“UETA”), which removed any doubts that contracts entered into electronically could satisfy the Statute of Frauds. Encouraged by the certainty given by those statutes, internet businesses started offering contract terms on their websites, asking customers to consent to terms by clicking an icon, or by not seeking express assent at all by presenting terms of use by hyperlink. The ease of presenting terms comprised of thousands of words by an internet hyperlink makes it easy for a vendor in its terms of use and terms of service to ask us to give up privacy rights and intellectual property rights. Modern communications technologies therefore make it easier for parties to engage in risky transactions. Nevertheless, we believe that, with few exceptions, the common law of contracts is sufficiently malleable to address the problems arising out of that behavior and where it is not, regulation of contract terms is appropriate. This Article examines those developments
Can smart cards reduce payments fraud and identity theft?
In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization before accepting the payment. Personal information, such as an account number, address, or telephone number, are often enough to initiate a payment. A serious weakness of this system is that criminals who obtain the correct personal information can impersonate an honest consumer and commit payments fraud. ; A key to improving security-and reducing payments fraud-might be payment smart cards. Payment smart cards have an embedded computer chip that encrypts messages to aid authorization. If properly configured, payment smart cards could provide direct benefits to consumers, merchants, banks, and others. These groups would be less vulnerable to the effects of fraud and the cost of fraud prevention would fall. Smart cards could also provide indirect benefits to society by allowing a more efficient payment system. Smart cards have already been adopted in other countries, allowing a more secure payments process and a more efficient payments system. ; Sullivan explores why smart cards have the potential to provide strong payment authorization and thus put a substantial dent into the problems of payments fraud and identity theft. But adopting smart cards in the United States faces some significant challenges. First, the industry must adopt payment smart cards and their new security standards. Second, card issuers and others in the payments industry must agree on the specific forms of security protocols used in smart cards. In both steps the industry must overcome market incentives that can impede the adoption of payment smart cards or limit the strength of their security.
- …