ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Extended electronic signature policies
Full text PdfPdf (404 KB)
Source
International Conference on Security of Information and Networks archive
Proceedings of the 2nd international conference on Security of information and networks table of contents
Famagusta, North Cyprus
SESSION: AC.3 AC: access control and security assurance table of contents
Pages 268-277  
Year of Publication: 2009
ISBN:978-1-60558-412-6
Authors
Jorge L. Hernandez-Ardieta  University Carlos III of Madrid, Madrid, Spain
Ana I. Gonzalez-Tablas  University Carlos III of Madrid, Madrid, Spain
Benjamin Ramos  University Carlos III of Madrid, Madrid, Spain
Arturo Ribagorda  University Carlos III of Madrid, Madrid, Spain
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 22,   Downloads (12 Months): 24,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1626195.1626261
What is a DOI?

ABSTRACT

A signature policy collects the rules to create and validate electronic signatures under which they become binding in a particular transactional context. These policies have been widely adopted to enforce the binding property of signatures in business scenarios. However, current standards only cover the definition of the requirements to be fulfilled by a single signature. As a consequence, business models where more than one signature is required in order to make the transaction effective cannot adhere to the benefits of signature policies. This paper is the first to propose a solution where the dependences and relationships among the signatures generated in the same transaction can be established. In particular, the ASN.1 definition of an extended signature policy is presented along with the procedures to be followed by the transacting parties. This work will be submitted to the IETF PKIX Work Group to be considered as an Experimental Request For Comments document (RFC).


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Electronic Signatures in Global and National Commerce Act, Federal Trade Commission, Department of Commerce, United States of America, 2000.
 
2
European Directive 1999/93/CE of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
 
3
UNCITRAL Model Law on Electronic Signatures with Guide to Enactment, United Nations, 2001.
 
4
ISO/IEC 13888-3 Information technology--Security techniques--Non repudiation--Part 3: Mechanisms Using Asymmetric Techniques. International Organization for Standardization, 1997.
 
5
ETSI TR 102 038--TC Security--Electronic Signatures and Infrastructures (ESI). XML format for signature policies v1.1.1. European Telecommunications Standards Institute (ETSI), April 2002.
 
6
ETSI TR 102 041--Signature Policies Report v1.1.1. European Telecommunications Standards Institute (ETSI), February 2002.
 
7
ITU-T Recommendation X.680. Information technology--Abstract Syntax Notation One (ASN.1): Specification of basic notation. ITU-T, 2002.
 
8
ETSI TR 102 045--Electronic Signatures and Infrastructures (ESI); Signature policy for extended business model v1.1.1. European Telecommunications Standards Institute (ETSI), March 2003.
 
9
ETSI TR 102 272--Electronic Signatures and Infrastructures (ESI); ASN.1 format for signature policies v1.1.1. European Telecommunications Standards Institute (ETSI), December 2003.
 
10
ETSI TS 101 903--XML Advanced Electronic Signatures (XAdES) v1.3.2. European Telecommunications Standards Institute (ETSI), March 2006.
 
11
ETSI TS 101 733--Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES) v1.7.4. European Telecommunications Standards Institute (ETSI), July 2008.
 
12
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. RFC 5280--Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force (IETF), 2008.
 
13
J. C. Cruellas, G. Karlinger, D. Pinkas, and J. Ross. XML Advanced Electronic Signatures (XAdES). World Wide Web Consortium (W3C), 2003.
 
14
J. L. Hernandez-Ardieta, A. I. Gonzalez-Tablas, B. R. Alvarez. An Optimistic Fair Exchange Protocol based on Signature Policies. Computers & Security, 27(7-8):309--322, December 2008.
 
15
S. Kremer, O. Markowitch, and J. Zhou. An intensive survey of fair non-repudiation protocols. Computer Communications, 25:1601--1621, April 2002.
 
16
D. Pinkas, N. Pope, and J. Ross. RFC 5126--CMS Advanced Electronic Signatures (CAdES). Internet Engineering Task Force (IETF), 2008.
 
17
I. Ray and I. Ray. Fair exchange in e-commerce. ACM SIGecom Exchange, 3(2):9--17, May 2002.
 
18
J. Ross, D. Pinkas, and N. Pope. RFC 3125--Electronic Signature Policies. Internet Engineering Task Force (IETF), 2001.

INDEX TERMS

Primary Classification:
  I. Computing Methodologies
  I.6 SIMULATION AND MODELING
      I.6.5 Model Development

Additional Classification:
  E. Data
  E.1 DATA STRUCTURES
      Subjects: Trees

  H. Information Systems
  H.m MISCELLANEOUS


General Terms:
Security, Standardization


Keywords:
ASN.1, e-commerce, electronic signature, extended business model, public key infrastructure, signature policy


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player