The proposal of protocol for electronic signature creation in public environment

Quantified Score

Visualization

Abstract

Electronic signatures are introduced by more and more countries as legally binding means for signing electronic documents with the primary hope of boosting e-commerce and e-government. The security of an electronic signature creation process is the crucial issue especially in distributed environment where the frameworks (forms) of finally signed documents are delivered by the entity other than the Signing Entity (SE). Usually, after the completion of such a form with the data specific for SE, the final acceptance is performed via the encryption of completed data hash value with SE's private key. It is important to ensure the conditions when the whole document, including the form (template) delivered by the Application Provider (AP), could be trusted. It is quite different situation than the case of standing alone Secure Signature Creation Device (SSCD) separated from telecommunication channels during the signing procedure. The trust assigned to various APs can be limited so the participation of the commonly accepted Trusted Party (TP) operating on-line can be the solution of that problem.The proposed cryptographic protocol is designed to fulfil the security requirements. It combines asymmetric and symmetric cryptographic means. SE after the completion of the form delivered by AP sends it back to AP for examination of formal correctness of the Data to Be Signed. The next steps of the protocol require the Signature Service Provider (SSP) confirmation of those data. That confirmation is transmitted directly to SE and after the mutual authentication of SSP and SE the secure channel is established and the secure electronic signature is created with the usage of the technical component (TC) being at SE's disposal. The final transfer of the signed document to AP depends on an individual SE's decision preceded by the verification of an obtained signature.