Konferenzbeitrag
Aspekte der Standardisierung bzgl. der Kommunikation zwischen Signatursoftware und Application-Server
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2003
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
This document discusses aspects of standardisation of the communication between a signing application and an application server. In this context, the term signing application should denote a software with two main functions: the software has a secure viewer, to show the user exactly all the information that he would sign (WYSIWYS1), and it offers a signing functionality. In an application workflow based on digital signatures, the signing application is one part of the security infrastructure and needs special security functions to avoid manipulation to the program code. Furthermore, the operating system, the browser and contingently a java virtual machine (JVM) also must be protected, because they are the basic environment of the signing application. The correct functionality of signing application can not be guaranteed, if one of these three parts is being manipulated. To facilitate an efficient risk management, the user's environment will be classified into categories with different security levels. To avoid that the user's PIN2 can be intercepted, the use of a card reader with a pinpad is required. Lots of different signing applications can be found on the market at the moment. Each signing application demands the implementation of a different interface from application server. This lack of standardization inhibits a widespread usage of digital signatures. For the success of digital signatures it is important that many different applications use the digital signatures. If a web side provider wants to use digital signatures, he must decide, which signing applications he wants to support. For each signing application he must implement additional code in the application. The signing applications currently on the market do not only differ in their interface to the application server, but also in the implementation of the secure viewer. Possible approaches to alleviate the security issues and the lack of standardisation are analysed.