Abstract
Electronic signatures are introduced by more and more countries as legally binding means for signing electronic documents with the primary hope of boosting e-commerce and e-government. The security of an electronic signature creation process is the crucial issue especially in distributed environment where the frameworks (forms) of finally signed documents are delivered by the entity other than the Signing Entity (SE). Usually, after the completion of such a form with the data specific for SE, the final acceptance is performed via the encryption of completed data hash value with SE’s private key. It is important to ensure the conditions when the whole document, including the form (template) delivered by the Application Provider (AP), could be trusted. It is quite different situation than the case of standing alone Secure Signature Creation Device (SSCD) separated from telecommunication channels during the signing procedure. The trust assigned to various APs can be limited so the participation of the commonly accepted Trusted Party (TP) operating on-line can be the solution of that problem.
The proposed cryptographic protocol is designed to fulfil the security requirements. It combines asymmetric and symmetric cryptographic means. SE after the completion of the form delivered by AP sends it back to AP for examination of formal correctness of the Data to Be Signed. The next steps of the protocol require the Signature Service Provider (SSP) confirmation of those data. That confirmation is transmitted directly to SE and after the mutual authentication of SSP and SE the secure channel is established and the secure electronic signature is created with the usage of the technical component (TC) being at SE’s disposal. The final transfer of the signed document to AP depends on an individual SE’s decision preceded by the verification of an obtained signature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CWA 14365 Guide on the use of Electronic Signatures, January 2003
CWA 14170 Security Requirements for Signature Creation Applications, July 2001
EU Directive 1999/93/EC of the European Parliament and the council of 13 December 1999 on a Community framework for electronic signatures
ETSITS 101 903 VI. 1.1 XML Advanced Electronic Signatures (XAdES).
W3C Recommendation XML-Encryption Syntax and Processing, 10 December 2002
A. Spalka, A.B. Cremers and H. Langweg Trojan Horse Attacks on Software for Electronic Signatures, Informatica 26 (2002) 191–203 pp. 191–204
A. Jøsang, D. Povey and A. Ho What You See is Not Always What You Sign, AUUG2002, Melbourne, 4–6 September 2002.
ETSI TR 102 203 Mobile Commerce (M-COMM)-Mobile Signatures-Business and Functional Requirements, VI. 1.1 (2003–05), Technical Report
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer Science+Business Media, Inc.
About this paper
Cite this paper
Chocianowicz, W., Pejaś, J., Ruciński, A. (2005). The Proposal of Protocol for Electronic Signature Creation in Public Environment. In: Pejaś, J., Piegat, A. (eds) Enhanced Methods in Computer Security, Biometric and Artificial Intelligence Systems. Springer, Boston, MA. https://doi.org/10.1007/0-387-23484-5_11
Download citation
DOI: https://doi.org/10.1007/0-387-23484-5_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-7776-0
Online ISBN: 978-0-387-23484-7
eBook Packages: Computer ScienceComputer Science (R0)