Abstract
Issues and technology gaps exist in the realm of secure transmission of electronic documents. In this chapter, we propose a working solution (“eCert”) to the problems identified. This has been developed by exploring a case study of an electronic qualification (eCertificate) system, by developing a prototype system, and by testing it within several popular ePortfolio systems. From this work, the underlying protocol (the “eCert protocol”) has been abstracted and applied to a different domain, that of electronic identity documents. The resulting “Mobile eID” application has also been produced and tested, potentially enabling a person to carry their identity documents on a mobile phone, while ensuring that such documents can be verified as correct and tamper-free. A significant issue in this work is that the protocol developed is user-centric. Thus, the user retains ownership and control of their documents, yet is unable to tamper with the document contents, mirroring the current situation with corresponding paper equivalents.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
European Union. Opening doors to learning and working in Europe: Information On Europass Certificate Supplement. 2004; accessed on 28 January 2010; Available from: http://europass.cedefop.europa.eu/europass/home/hornav/Introduction.csp. All information about Europass was sourced from this website.
- 2.
CHESICC. The Certificate Information Verification services in China. 2005; accessed on 02 September 2008; Available from: http://www.chsi.com.cn/about_en/. All information about CHESICC was sourced from this website.
- 3.
Digitary. Secure Electronic Documents. 2008; accessed on 16 August 2008; Available from: http://www.digitary.net/aboutus.htm. All information about Digitary was sourced from this website.
- 4.
In 2009, the Department of Education, Employment and Workplace Relations of the Australian government established the Australian Flexible Learning Framework, and set up the eWork project to investigate existing learner information verification services and systems to identify the verification needs of third parties (Macnamara et al. 2010, 2011).
- 5.
Locked PDF and water marking are commonly used in protecting digital data from unauthorized access and copying. By embedding a cryptographic string, or water mark, a legitimate author can demonstrate the origin of the file (Pfleeger and Pfleeger 2007); However, simple locked PDF can be easily unlocked through password recovery software; and although these techniques could be used to protect unauthorized copying, accessing, and to indicate who the issuer is, for use in eCertificate case, it could not prove that the issuer was an authorized educational body and they don’t handle the withdraw process.
- 6.
eFolio: University of Southampton ePortfolio system. accessed on 2 March 2010; Available from: http://www.efolio.soton.ac.uk/
- 7.
Mahara: an open source ePortfolio system. accessed on 2 March 2010; Available from: http://mahara.org/
- 8.
The eCert project (http://ecert.ecs.soton.ac.uk/): A JISC funded research project, aim to address the issues of design for a suitable user-centric “eCertificate” system.
- 9.
http://www.denso-wave.com/qrcode/index-e.html, accessed 22 Mar 2011.
References
Abrami PC, Barrett H (2005) Directions for research and development on electronic portfolios. Can J Learn Technol 31(3):1–15
Chen-Wilson L (2010) The eCert project. 2010 [cited 2010; http://ecert.ecs.soton.ac.uk/]
CHESICC (2005) The certificate information verification services in China. http://www.chsi.com.cn/about_en/ Accessed 02 Sept 2008
Davis J (2009) Digital signatures application guidelines on digital signature practices for common criteria security, in MSDN Magazine
Digitary (2008) Secure electronic documents. http://www.digitary.net/aboutus.htm Accessed 12 Aug 2008
European Communities (2007) CERTIFICATE SUPPLEMENT: advanced certificate craft—electrical
European Communities (2008) InformationOn/EuropassCertificateSupplement/navigate.action. http://europass.cedefop.europa.eu/europass/home/vernav/Accessed 28 Jan 2008
Goldwasser S, Micali S, Rivest R (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308
Hartnell-Young E et al (2006) Joining up the episodes of lifelong learning: a regional transition project. British J Educ Technol 37(6):853–866
Higgs P et al (2010) Trust federation user consultation and use-case collation, University of Southern Queensland’s Link Affiliates
Kaliski B (2003) Raising the Standard for RSA Signatures: RSA-PSS (RSA Laboratories). http://www.rsa.com/rsalabs/node.asp?id=2005
Linstone HA, Turoff M (2002) The Delphi method: techniques and applications. Addison—Wesley, Reading, pp 618
Lysyanskaya A (2002) Signature schemes and applications to cryptographic protocol design, in electrical engineering and computer science. Massachusetts Institute of Technology (MIT), United States
Macnamara D, Drury C, Ward N (2010) Verifying VET learner attainment data—an investigation of learner verification services and third party verification needs, 2010, University of South Queensland Link Affiliates (Where is Report No or Journal or URL)
Macnamara D, Nicholas N, Miller A (2011) Accessing VET learner attainment data: an investigation to enable learner-facilitated electronic access to their VET learner attainment data. The Tertiary Education Research Database—education for work and beyond, 68
Mao W (2004) Modern cryptography: theory & practice. Prentice Hall, New Jersey, p. 308 (Professional Technical Reference)
Naedele M (2003) Standards for XML and Web services security. Computer 36(4):96–98
Network Working Group (2008) Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC5280
Papazoglou M (2003) Service-orientated computing: concepts, characteristics and directions. In: IEEE International Conference on web information systems engineering, Rome
Pfleeger CP, Pfleeger SL (2007) Security in computing, 4th edn. Prentice Hall, Englewood Cliffs
Pronichkin ARTEM OR DIMITRY? (2012) Certificate revocation list (CRL) verification—an application choice. 2012 12; Jan 2013; 29 Jul 2012: Available from: http://social.technet.microsoft.com/wiki/contents/articles/964.certificate-revocation-list-crl-verification-an-application-choice.aspx
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):12–126
Rowe G, Wright G (2001) Expert opinions in forecasting: the Role of the Delphi technique. In: Armstrong J (ed) Principles of forecasting. Kluwer Academy Publishers, Norwellpp, pp 125–144
Royce P et al (2008) Report on on-line authentication of qualification records, 2008, MSc Computer Science Group Development Project, University of Southampton
Sadd G (2010) What do you think I am: trusted relationship management. In: London learning forum. London, UK
Saunders M, Lewis P, Thornhill A (2009) Research methods for business students, 5th edn. Pearson Education, Trans-Atlantic Publications Inc, UK
Selkirk A (2001) Using XML security mechanisms. BT Technol Jurnal 19(3):35–43
Sturcke J (2007) Government offers reward in hunt for lost data, in Guardian
W3C recommendation (2002) XML signature syntax and processing
Wills G et al (2006) FREMA: e-learning framework reference model for assessment. FREMA Project J. Available from http://www.frema.ecs.soton.ac.uk/projectJournal/
Zenise M, Vitaletti A, Argles D (2011a) A user-centric approach to eCertificate for electronic identities (eIDs) management in mobile environment. In: IEEE world congress on internet security (WorldCIS), 2011, London, UK
Zenise M et al (2011b) eIDeCert: a user-centric solution for mobile identification. Int J Infon 4(3/4):527–536
Zimmermann PR (1995) The official PGP user’s guide. MIT Press, Cambridge
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2014 The Author(s)
About this chapter
Cite this chapter
Chen-Wilson, L., Argles, D., di Zenise, M.S., Wills, G. (2014). “eCert” Improving the Security and Controllability of Digitally Signed Documents. In: Electronic Identity. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-6449-4_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-6449-4_2
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-6448-7
Online ISBN: 978-1-4471-6449-4
eBook Packages: Computer ScienceComputer Science (R0)