What You See is What Gets Signed

Abstract

We describe a systems architecture that allows secure signing of arbitrary contracts between mutually authenticated principals. The architecture focuses particularly on the human /computer interface: People's digital signature will not be placed without their consent and only on the document they can see. Signature keys are managed such that their owners cannot divulge them accidentally, or be lured into doing so by a malicious expert; this helps to assure non-repudiation. The architecture is based mostly on known cryptographic techniques; it is new in that it has a user interface that can be used to conclude arbitrary contracts and that it is the first comprehensive architecture that brings together all the necessary techniques to assure authentication, privacy, and non-repudiation for signing contracts between mutually untrusting parties in a hostile computing environment. 1 Introduction For the longest time, computers were a plaything for nerds and an instrument of torture for ma..