Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.2: A study on PKI and biometrics
Summary and Conclusions
This chapter on public-key infrastructure (PKI) and electronic signatures has covered a basic explanation of the technical infrastructure and the functional principals of cryptographic algorithms used for electronic signing. Basic standards, definitions and terms including those introduced by the European Directive 1999/93/EC have been described in light of their importance in the on-going development of PKIs.
In chapter cryptographic signature schemes for various areas of application have been described. In this chapter solutions to meet security requirements and the implementation of additional functionality such as non-deniability (undeniable signature scheme), forgery proof (fail-stop signature scheme) or included encryption (signcryption scheme) are explained.
Security and privacy aspects of PKI and electronic signatures are discussed in chapter . Security problems arise mainly from the use of general purpose machines for signing (secrecy of the private key may be compromised), the concept of trust in hierarchical systems (who trusts whom for what?) and interoperability and compatibility aspects (such as certificate revocation, adoption of the X.509v3 standard for the internet and name schemes in cyberspace). In addition the limited validity of key pairs raises a number of problems with e.g. the resigning of longer valid contracts or digital archives. The solution to those problems requires some technical effort and raises the costs of the infrastructure required for electronic signatures.
From the privacy perspective the linkability of a certificate with the holder making her or him highly traceable when signing documents or transactions is the main problem of current PKI implementations. The concept of pseudonymous certificates was not very well adopted by the EU member states. Alternatively today’s pseudonymous signature digital credentials have been suggested as an improvement of pseudonymity for certificates used within PKI.
Chapter introduces the types of electronic signatures defined in the Directive 1999/93/EC. The legal requirements, legal effects and the probative values for these signatures have been described. Legal provisions on a European level on the use of pseudonyms for electronic signatures have also been discussed. The intent of the European legislator towards pseudonymous electronic signatures is concluded. Essentially, the European legislator wanted to ensure, that the member states would not prevent certification service providers from indicating pseudonyms in certificates while at the same time leaving them the choice to give legal effect to pseudonymous signatures. Certificate providers should be obliged to communicate their conditions to the signatory; they could indicate limitations in a qualified certificate which have to be recognisable to third parties.
The requirements of a service provider which offers pseudonymous certificates have also been concluded. Notably, they are liable for the damage resulting from any inaccuracy and incompleteness of the information contained in the certificates.
Using the established economic model of diffusion of technologies into a market, the following chapter compares currently available electronic signatures with five key factors of success in the market defined for technological products and solutions. While a good performance towards compatibility and complexity with today’s PKI is observed, the relative advantage against investigated substituting solutions, triability and observability need substantial improvements, at least in some European member states. This matches with the observed diffusion of electronic signatures in the investigated European markets. From the economic perspective, the diffusion of PKI in the European market has been notably less successful than expected. This chapter suggests six concrete measures to improve the diffusion into the market:
To shift costs in order to achieve a fair distribution
Measures to reach the critical mass of users
Increasing awareness and knowledge about this technology
To especially target the user group called ‘early adopters’
To increase triability e.g. by trial versions of electronic signatures
To further reduce complexity of the private infrastructure required
Chapter presents a case study on mobile signatures using the high market penetration of mobile phones. Two approaches are presented: (1) a server based approach that is independent from the client and (2) a client based approach using an improved SIM-card. Technical aspects, basic designs and typical processes needed for mobile signing are presented and discussed. This chapter concludes with a number of possible applications including multilateral secure financial transactions and integration in a user controlled digital identity management system.
Denis Royer | 15 / 40 |