Relationship with Advanced Electronic Signatures

Before closing our discussion of digital signature schemes, it is worth returning to the definition of advanced electronic signature and noting the extent to which digital signatures comply with this notion. The four particular properties of an advanced electronic signature were:

• Uniquely linked to the signatory: We discussed this issue under uniqueness to individuals. A well-designed digital signature scheme should have signature keys uniquely linked to signatories.

• Capable of identifying the signatory: A signatory can be ‘identified’ by verifying a digital signature they created. This capability is primarily realized by providing a secure infrastructure that provides verifiers with confidence in the correct ownership of verification keys. This infrastructure is provided by a public-key management system and is the subject of the chapter ‘Public-Key Management.’

• Created using means under the sole control of the signatory: This is probably the most difficult of these properties to establish. Confidence that the designated signatory could only produce a digital signature is provided through many different factors in combination. It requires confidence in the supporting public-key management system, particularly the processes surrounding the generation of signature keys. It also requires confidence in the ongoing management of the signature key and the secure operation of the computing device used to compute the digital signature. Weaknesses in any of these could lead to the formulation of a case for arguing that a digital signature might have been created without the signatory being aware of what was happening. Most of these are key management issues.

• Linked to data to which it relates in such a way that subsequent changes in the data are detectable: Digital signatures provide this property by definition since they provide data origin authentication.