Long-term Preservation of Validity of Electronically Signed Records

The authors explain the context in which electronic records are being preserved. They explain the concept of authentic electronic records and proceed with the analysis of the technologies supporting trust in electronic records. They start by explaining the Public Key Infrastructure as the requirement for electronic signatures, digital certificates, the concept of non-repudiation, trusted archive service, timestamps and trusted digital timestamping. Further, they analyse formats of electronic signatures – XMLDSig, XAdES, CAdES, PAdES – and their possible influence on the long-term preservation of validity of electronically signed records. The authors conclude that although strict requirements of certain types of electronic signatures can ensure authenticity, integrity and non-repudiation of preserved records, they will still require preservation action on the level of medium and files

The Emperor\u27s New Clothes: The Shocking Truth About Digital Signatures and Internet Commerce

This Article critiques a specific set of assumptions about specific application of digital signature technology: that contracts will be formed over the Internet among parties with no prior relationships through reliance on digital signature certificates issued by trusted third parties to establish the identity of the parties. This application for digital signature technology was once seen as both its most ambitious and most promising application because, for parties with no prior knowledge of each other, there is not yet a reliable system of online identities in Internet commerce. Parties with an ongoing commercial relationship can absorb the cost of offline communications such as faxes, telephone calls or face-to-face meetings to negotiate and execute an agreement governing the setting up of a reliable system for online authentication of parties to wholly electronic transactions. Parties that want to rely exclusively on online communications to create the framework for contracting as well as to enter into contracts, however, face a problem of infinite regress: how can the online communications that set up the system for confirming online identities itself be authenticated with nothing more to rely on than online communications? Many supporters of digital signatures believed legislation was essential to cut through this Gordian Knot. Legislation could authorize parties unable to use a prior relationship or offline communications to confirm the validity of online identities to rely on digital signature certificates instead. Much legislation regulating the use of digital signatures is based on an unstated premise: liabilities must be imposed by law because private agreements will not be adequate to the task of regulating this technology. This Article will summarize the original consensus regarding the role of digital signatures in electronic commerce, explain why that consensus was mistaken on many points, describe commercial applications of digital signatures that are gaining market share today and contrast them with the original consensus, and consider the implications of a major misperception of market trends for the future of electronic commerce legislation. A brief description of digital signatures and public key infrastructure is included in the appendix to this article

Signing Your Next Deal With Your Twitter @Username: The Legal Uses of Identity-Based Cryptography

This article will look at the legal framework for electronic signatures under Canadian law and through the UNCITRAL Model Law on Electronic Signatures and evaluate the potential use of identity-based cryptography as a type of electronic signature. While most jurisdictions permit electronic signatures to replace their handwritten predecessors, the criteria of validity for an electronic signature range from liberal to restrictive. Public key infrastructure (PKI) cryptography schemes are considered to meet the juridical conditions of a legal signature under more rigorous legislation that requires an electronic signature to possess certain security attributes. In common law jurisdictions, digital signature schemes such as PKI have not been widely adopted in the private sector for use as secure electronic signatures. This may be due to the fact that they are difficult and awkward for the general public to use, rather than because of doubts surrounding certification authorities. This is not entirely the case in Europe and Latin America, where PKI digital signature schemes have been adopted by various governments programs. Case examples of PKI schemes include electronic identity cards issued by European governments such as Belgium’s eID. Though used by the government, the European private sector has widely neglected PKI electronic signature products. This is partly due to a lack of customer demand

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents

Covid-19: Digital Signature Impact on Higher Education Motivation Performance

At present, the process of validating documents for certain purposes cannot be done face-to-face because of the Covid-19 pandemic. Therefore, this research aims to maximize the existence of smart digital signature technology that guarantees its safety and validity without having to meet face to face. Encrypted digital signatures with RSA-SHA256 with cloud storage features that can share documents. The waterfall method for building systems, the collection of data generated for analysis by observation, and online questionnaires using Google Form.  Based on the characteristics of the system, the satisfaction factor analysis of the system with the Slovin formula processed by the SUS score resulted in a score of 95 > 70. The final result of this study is that the digital signature system has a significant impact on increasing motivation to facilitate authorization and secure documents