 |
Indiana Administrative Code (Last Updated: December 20, 2016) |
 |
Title 20. STATE BOARD OF ACCOUNTS |
|
Article 20IAC3. DIGITAL SIGNATURES |
|
Rule 20IAC3-2. General Provisions |
Section 20IAC3-2-2. Criteria for acceptable digital signature technology
-
A digital signature on a message received by or filed with the state shall be effective if the digital signature technology used to create the digital signature enables it to meet the following criteria:
(1) It is unique to the person using it, including the following:
(A) The private key used to create the signature on the message is only required to be known by the signer.
(B) The digital signature is created when the signer runs a message through a one-way function, creating a message digest, then encrypting the resulting message digest using an asymmetrical cryptosystem and the signer's private key.
(C) The signer has been issued a certificate by a certification authority on the approved list of certification authorities to certify that he or she controls the private key used to create the signature.
(D) It is computationally infeasible to derive the private key from knowledge of the public key.
(2) It is capable of verification. The acceptor of the digitally signed message can verify:
(A) by using the signer's public key, that the message was digitally signed by using the signer's private key;
(B) that the certificate was valid at the time of the transaction; and
(C) either through a certification practice statement or through the content of the certificate itself, the proof of identification the certification authority required of the signer prior to issuing the certificate.
(3) It is under the sole control of the person using it. The person who holds the private key, as identified in the certificate, assumes a duty to retain control of the private key and prevent its disclosure to any person not authorized to create the subscriber's digital signature.
(4) It is linked to data in such a manner that if the data are changed, the digital signature is invalidated.
(State Board of Accounts; 20 IAC 3-2-2; filed Jun 1, 1998, 3:33 p.m.: 21 IR 3639; readopted filed Nov 21, 2005, 9:15 a.m.: 29 IR 1381; readopted filed Nov 22, 2011, 2:19 p.m.: 20111221-IR-020110584RFA) NOTE: Expiration postponed by Executive Order #04-31, December 29, 2004.