Verifying digital signing

Abstract

With the rise of electronic commerce on the Internet and the World Wide Web, the positive identification of the parties involved, the integrity of the messages exchange between the parties and the creation of legal document digitally is more significant than every. In such perspective, digital signatures are frequently thought as the technology that solves all problems with automation of business processes as well as an enabler of new processes. Digital Signature are cryptologic schemes that provide a similar function for digital messages as handwritten signatures do for messages on paper: They guarantee the authenticity of a message to its recipient, and the recipient can prove this authenticity to third parties, such as courts, afterwards. More is that digital signature can verify integrity of message and non-repudiation of the message content. As with any evolving technology, PKI-based digital signatures are going though growing pains. In the PKI-based digital signature world, the signature is a series of bytes that is derived from the original electronic data and the signer’s private key. The signature is tied mathematically to the signer’s key (not the signer himself) and the actual data. If keys are not stored properly, then someone may simply be able to use the private key and sign data on behalf of you. And receiver of the signed data will not know the different. Unlike paper-based signature that signer act a write on paper, signing data digitally is simply by clicking one or two buttons. A more common case happening everyday is that the general computer user has carelessly committed a digital sign on some data and borne unaware legal liability. This is unconscious act of digital signing may lead to many future controversies in the court, particularly on the issue of non-repudiation. In this project, we aim to strengthen the evidence of digital signing and try to tie the digital signature with the signer. We devised a security protocol in which signer’s voice are incorporated during the generation process of digital signature, and the entire signing process are supervised by notary. We also formulated basic system security requirements for the act of signing.