Logo des Repositoriums
 
Konferenzbeitrag

Aspekte der Standardisierung bzgl. der Kommunikation zwischen Signatursoftware und Application-Server

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2003

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

This document discusses aspects of standardisation of the communication between a signing application and an application server. In this context, the term signing application should denote a software with two main functions: the software has a secure viewer, to show the user exactly all the information that he would sign (WYSIWYS1), and it offers a signing functionality. In an application workflow based on digital signatures, the signing application is one part of the security infrastructure and needs special security functions to avoid manipulation to the program code. Furthermore, the operating system, the browser and contingently a java virtual machine (JVM) also must be protected, because they are the basic environment of the signing application. The correct functionality of signing application can not be guaranteed, if one of these three parts is being manipulated. To facilitate an efficient risk management, the user's environment will be classified into categories with different security levels. To avoid that the user's PIN2 can be intercepted, the use of a card reader with a pinpad is required. Lots of different signing applications can be found on the market at the moment. Each signing application demands the implementation of a different interface from application server. This lack of standardization inhibits a widespread usage of digital signatures. For the success of digital signatures it is important that many different applications use the digital signatures. If a web side provider wants to use digital signatures, he must decide, which signing applications he wants to support. For each signing application he must implement additional code in the application. The signing applications currently on the market do not only differ in their interface to the application server, but also in the implementation of the secure viewer. Possible approaches to alleviate the security issues and the lack of standardisation are analysed.

Beschreibung

Teichmann, Till (2003): Aspekte der Standardisierung bzgl. der Kommunikation zwischen Signatursoftware und Application-Server. BIOSIG 2003 – Biometrics and electronic signatures. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 3-88579-360-1. pp. 39-48. Regular Research Papers. Darmstadt. 24 July 2003

Schlagwörter

Zitierform

DOI

Tags