Abstract
Digital signatures are a core enabling technology for the automation and digitization of business and government processes. Despite the slow progress in their use for non-repudiation services, there is little doubt that in a few years digital signatures will be a key mechanism in digital business applications.
A fundamental intrinsic problem with digital signatures is that they are not linked to any event in the real world, even if enhanced with time stamps and other confirmation information. It is inherently impossible to determine when, where, how, and by whom a digital string was generated. A user takes the abstract risk to be liable for a signature generated without his consent, for instance because of a security problem in the system, a flaw or ambiguity in the user interface, a flaw in the cryptographic mechanism, fraud or errors in the certification process, or any other of many possible reasons.
The goals of this paper are to discuss the role and limitation of digital signatures and to propose digital declarations as a simple new concept for coping with these limitations. The user signs, in addition to the digital document, the recording of a conscious act related to the document, thereby confirming his consent. Some possible embodiments are the digital recording of the user’s voice, an image, or a video stream.
Like a conventional signature, a digital declaration assures that the signer is guaranteed to be aware of whether and what he agreed to and signed, which is essential to make a denial meaningful and thus possible. Digital declarations can also provide a substantial additional level of security. Moreover, they can improve user acceptance by lowering the psychological barrier for committing to a public key, allow illiterate people to participate in e-commerce, facilitate the adoption of signature legislation, and substantially reduce the technical security requirements and hence the overall systems cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Schneier, B.: Applied Cryptography, 2nd edn. Wiley, Chichester (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maurer, U. (2003). Intrinsic Limitations of Digital Signatures and How to Cope with Them. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_14
Download citation
DOI: https://doi.org/10.1007/10958513_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive