Dimitrios Lekkas and Costas Lambrinoudakis
Digital signatures are only enjoying a gradual and reluctant acceptance, despite the long existence of the relevant legal and technical frameworks. One of the major drawbacks of…
Abstract
Purpose
Digital signatures are only enjoying a gradual and reluctant acceptance, despite the long existence of the relevant legal and technical frameworks. One of the major drawbacks of client‐generated digital signatures is the requirement for effective and secure management of the signing keys and the complexity of the cryptographic operations that must be performed by the signer. Outsourcing digital signatures to a trusted third party would be an elegant solution to the key management burden. Aims to investigate whether this is legally and technically feasible.
Design/methodology/approach
In this paper's approach a relying party trusts a Signature Authority (SA) for the tokens it issues, rather than a Certification Authority for the certificates it creates in a traditional public key infrastructure scheme.
Findings
The paper argues that passing the control of signature creation to a SA rather than the signer herself, is not a stronger concession than the dependence on an identity certificate issued by a Certification Authority.
Originality/value
The paper proposes a framework for outsourced digital signatures.
Details
Keywords
Dimitrios Lekkas, Stefanos Gritzalis and Lilian Mitrou
The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation…
Abstract
Purpose
The objective of this paper is to investigate the legal and technical reasons why a declaration of will, denoted by a digital signature, can be cancelled and how this cancellation can be technically achieved.
Design/methodology/approach
Proposes a technical framework for establishing a signature revocation mechanism based on special data structures, the signature revocation tokens (SRT), and investigates the alternatives for disseminating the signature status information (SSI) to the relying parties.
Findings
A relying party has to take into consideration the possible existence of a signature revocation, in order to decide on the validity of a digital signature. A scheme based on a central public repository for the archival and distribution of signature revocation tokens exhibits significant advantages against other alternatives.
Originality/value
Identifies various intrinsic problems of the digital signature creation process that raise several questions on whether the signer performs a conscious and wilful act, although he/she is held liable for this action. The law faces the eventual right of the signer to claim a revocation of a previously made declaration of will, especially in cases of an error, fraud or duress.