Abstract
Electronic signature are an important concept and crucial tool for security-critical applications. Employing the full potential of electronic signatures requires the availability of appropriate signature-verification tools. Today, a plethora of different signature-verification tools exist that allow users to verify electronically signed files and documents. Unfortunately, most of these tools have been designed for a special use case and lack support for various fields of application. This renders the development of applications based on electronic signatures difficult and reduces usability for end users. To overcome this issue, we propose an improved architecture for signature-verification tools. This architecture ensures flexibility and an easy extensibility by following a plug-in-based approach. The applicability and practicability of the proposed architecture has been assessed by means of a concrete implementation. This implementation demonstrates the proposed architecture’s capability to meet requirements of various different application scenarios and use cases. This way, the proposed architecture and the developed implementation that relies on this architecture contribute to the security, usability, and efficiency of present and future electronic signature-based applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
These requirements basically cover the use of secure signature-creation devices (e.g. smart cards or similar secure elements) and reliance on qualified electronic signatures.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
Actually, the tool provides also a command line based user interface. However, this interface is not appropriate for an integration of the tool’s functionality into remote third-party applications either.
- 20.
We were forced to define an own schema, since existing schemata were not able to meet our requirements.
References
The European Parliament and the Council of the European Union: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (2000). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF
Leitold, H., Hollosi, A., Posch, R.: Security architecture of the Austrian Citizen card concept. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC’2002), Las Vegas, 9–13 December 2002, pp. 391–400 (2002). IEEE Computer Society, ISBN 0-7695-1828-1, ISSN 1063-9527 (2002)
Zefferer, T., Tauber, A., Zwattendorfer, B., Knall, T.: Secure and reliable online-verification of electronic signatures in the digital age. In: Proceedings of the IADIS International Conference WWW/INTERNET 2011, pp. 269–276 (2011)
World Wide Web Consortium: Web Content Accessibility Guidelines (WCAG) 2.0 (2008). http://www.w3.org/TR/WCAG/
RSA Laboratories: PKCS#7: Cryptographic Message Syntax Standard (1993). ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc
Housley, R.: Cryptographic Message Syntax (CMS) (2009). http://www.ietf.org/rfc/rfc5652.txt
Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification (2010). http://tools.ietf.org/html/rfc5751
World Wide Web Consortium: XML Signature Syntax and Processing, 2nd edn. (2008). http://www.w3.org/TR/xmldsig-core/
Adobe Corporation: Document management Portable document format Part 1: PDF 1.7 (2008)
ETSI TS 101 903: Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES) V1.4.2 (2010)
European Commission: European Commission Decision, Establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market, notified under document C (2011) 1081, 2011/130/EU (2011). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:053:0066:0072:EN:PDF
The European Parliament and the Council of the European Union: Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market (2006). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:en:PDF
Leitold, H., Posch, R., Rössler, T.: Media-break resistant eSignatures in eGovernment: an Austrian experience. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 109–118. Springer, Heidelberg (2009)
Leitold, H., Posch, R., Rössler, T.: Reconstruction of electronic signatures from eDocument printouts. Comput. Secur. 29, 523–532 (2010). Challenges for Security, Privacy and Trust
Stranacher, K., Kawecki, T.: Interoperable Electronic Documents. In: Scholl, Flak, Janssen, Macintosh, Moe, Sbø, Wimmer, (eds.) Electronic Government and Electronic Participation - Joint Proceedings of Ongoing Research and Projects of IFIP EGOV and IFIP ePart 2012. Informatik, Trauner, vol. 39, pp. 81–88 (2012)
OASIS: Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0 (2007). http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf
Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J.J., Nielsen, H.F.: Soap version 1.2 part 1: Messaging framework (2007). http://www.w3.org/TR/soap12-part1/
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol – http/1.1 (1999). http://www.ietf.org/rfc/rfc2616.txt
Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., Yergeau, F., Cowan, J.: Extensible Markup Language (XML) 1.1, 2nd edn. (2006). http://www.w3.org/TR/2006/REC-xml11-20060816/
Zefferer, T., Golser, F., Lenz, T.: Towards mobile government: verification of electronic signatures on smartphones. In: Technology-Enabled Innovation for Democracy, Government and Governance - Proceedings of the 2nd Joint International Conference on Electronic Government and the Information Systems Perspective and International Conference on Electronic Democracy, pp. 140–151 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lenz, T., Stranacher, K., Zefferer, T. (2014). Enhancing the Modularity and Applicability of Web-Based Signature-Verification Tools. In: Krempels, KH., Stocker, A. (eds) Web Information Systems and Technologies. WEBIST 2013. Lecture Notes in Business Information Processing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44300-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-44300-2_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44299-9
Online ISBN: 978-3-662-44300-2
eBook Packages: Computer ScienceComputer Science (R0)