Advertisement

Maintaining the Validity of Digital Signatures in B2B Applications

  • Jianying Zhou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)

Abstract

Electronic transactions with commercial values between two business parties may want to be legally bound. Digital signature is an important security mechanism to provide evidence regarding the status of a transaction. However, evidence solely based on digital signatures may not enforce strong non-repudiation. Additional mechanisms are required to make digital signatures as valid non-repudiation evidence in the settlement of possible disputes. The conventional approach is to invoke a time-stamping service from a trusted third party. But it may become hard to deploy B2B applications in which no on-line third party is involved. In this paper, we present an efficient mechanism for maintaining the validity of digital signatures in direct B2B applications without the involvement of a trusted third party.

Keywords

Digital Signature Dispute Resolution Check Point Certification Authority Signed Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Admas01]
    C. Admas, P. Cain, D. Pinkas, and R. Zuccherato. “Internet X.509 public key infrastructure time-stamp protocol (TSP)”. RFC 3161, August, 2001.Google Scholar
  2. [Bellare99]
    M. Bellare and S. Miner. “A forward-secure digital signature scheme”. Lecture Notes in Computer Science 1666, Advances in Cryptology: Proceedings of Crypto’99, pages 431–438, Santa Barbara, California, August 1999.Google Scholar
  3. [Ford97]
    W. Ford and M. Baum. “Secure electronic commerce-Building the infrastructure for digital signatures and encryption”. New Jersey: Prentice Hall, 1997.Google Scholar
  4. [Housley99]
    R. Housley, W. Ford, W. Polk, and D. Solo. “Internet X.509 public key infrastructure certificate and CRLprofile”. RFC 2459, January 1999.Google Scholar
  5. [ISO13888-1]
    ISO/IEC 13888-1. “Information technology-Security techniques-Non-repudiation-Part 1: General”. ISO/IEC, 1997.Google Scholar
  6. [ISO13888-3]
    ISO/IEC 13888-3. “Information technology-Security techniques-Non-repudiation-Part 3: Mechanisms using asymmetric techniques”. ISO/IEC, 1997.Google Scholar
  7. [ISO9796]
    ISO/IEC 9796. “Information technology — Security techniques-Digital signature scheme giving message recovery”. ISO/IEC, 1991.Google Scholar
  8. [X509]
    ITU-T. “Information technology-Open systems interconnection-The directory: Public-key and attribute certificate frameworks”. ITU-T Recommendation X.509(V4), 2000.Google Scholar
  9. [Krawczyk00]
    H. Krawczyk. “Simple forward-secure signatures from any signature scheme”. Proceedings of 7th ACM Conference on Computer and Communications Security, pages 108–115, Athens, Greece, November 2000.Google Scholar
  10. [DSS]
    NIST FIPS PUB 186. “Digital signature standard”. National Institute of Standards and Technology, May 1994.Google Scholar
  11. [Schneier96]
    B. Schneier. “Applied cryptography-Protocols, algorithms, and source code in ”. New York: John Wiley & Sons, 1996 (second edition).zbMATHGoogle Scholar
  12. [Zhou99]
    J. Zhou and K. Y. Lam. “Securing digital signatures for non-repudiation”. Computer Communications, 22(8):710–716, Elsevier, May 1999.Google Scholar
  13. [Zhou00]
    J. Zhou and R. H. Deng. “On the validity of digital signatures”. Computer Communication Review, 30(2):29–34, ACM Press, April 2000.Google Scholar
  14. [Zhou01]
    J. Zhou. “Non-repudiation in electronic commerce”. Computer Security Series, Artech House, August 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jianying Zhou
    • 1
  1. 1.Labs for Information TechnologySingapore

Personalised recommendations