247
Views
5
CrossRef citations to date
0
Altmetric
Original Articles

Identification, trust and privacy: How biometrics can aid certification of digital signatures

Pages 133-141 | Published online: 02 Mar 2010
 

Abstract

Public key infrastructure (PKI) enables the secure and private exchange of data using an unsecure public network, such as the Internet. The use of paired private and public keys, issued by a trusted third-party authority, enables documents to be transferred securely and for the sender to be authenticated. The use of biometrics offers the potential to enhance considerably the PKI model in restricting the use of your private key for encryption and decryption. The use of a fingerprint, for example, can provide a higher level of confidence than the traditional password/PIN model. This provides the additional level of individual or personal authentification should a group of people have access to one key. The authentification of data, or a document, is often physically remote from the owner, especially for Internet-based communications. Conversely, traditional biometric usage has been to identity the physical presence of a person, for example for secure entry, or the receipt of information, or the receipt of goods. Within the EU, the European Electronic Signature Standardisation Initiative (EESSI) has led to a plethora of standards covering PKI, electronic signature algorithms, electronic signature formats, time stamping, the provision of certification services, information security and the preservation of evidence. This paper illustrates how a legally compliant and secure framework for the verification and non-repudiation of digital technology can be established using PKI and biometric technologies. In particular, the legal requirements for digital signatures and their certification must be defined, especially with reference to biometric methods for certificate protection and access.

Acknowledgements

The author would like to thank Professor John Huntley for his input into earlier drafts of this paper and Laura Reid, the KTP associate at Serendipity Interactive Ltd.

Notes

From the Greek words ‘chrysos’, gold and ‘boula’ a mark or seal, probably derived from the Latin ‘bulla’ meaning mark or seal; although it is interesting to note that the word may also stem from the Greek ‘boulo’, to will something. The chrysobull, or golden bull, or gold seal was used also in imitation by the western ‘holy roman emperors’ and, of course in the authentication of Papal bulls.

The document seeks support from the Pope for the Scots in their struggle for independence from the English crown. The original copy of the document, sent to Pope Boniface in Rome has disappeared, or at least cannot be traced in the Vatican archives.

The Declaration was of course a declaration of independence and therefore a very public document. Sealing the document did not mean here closing or securing it so that breach of the seal would indicate breach of security.

Sokratis K. Katsikas, Stefanos Gritzalis and Javier Lopez, eds., Public Key Infrastructures (Heidelberg: Springer, 2004), 274–86.

Invented by Ron Rivest for the 1978 article presenting the RSA cryptosystem. R. L. Rivest, A. Shamir and L. Adleman, ‘A Method for Obtaining Digital Signatures and Public-key Cryptosystems, Communications of the ACM 21, no. 2 (1978): 120–26.

The risks of two factor authentification are described by B. Schneier, ‘Two-Factor Authentication: Too Little, Too Late’, Communications of the ACM 48, no. 4 (2005): 136. See also: http://www.schneier.com/blog/archives/2005/03/the_failure_of.html

Bruce Schneier, ‘Biometrics: Truths and Fictions’, Crypto-Gram Newsletter, 15 August 1998, available at: www.counterpane.com/crypto-gram-9808.html

K.J. Pawan and M.Y. Siyal, ‘Novel Biometric Digital Signatures for Internet Based Applications’, Information Management & Computer Security 9, no. 5 (2001): 205–12.

Knowledge Transfer Partnerships are collaborations between universities and the private sector, they are Funded by UK Government organisations led by the Technology Strategy Board, available at http://www.ktponline.org.uk/academics/default.aspx

The Electronic Communications Act 2000 and the Electronic Communications Regulations 2002.

The UNCITRAL Model Law on International Trade Law (UNCILTRAL) Model Law on Electronic Signatures, various ISO standards, the EU Signatures Directive 1999/93/EC, and the documentation emanating from the European Telecommunications Standards Institute (ETSI) and the European Committee for Standardization (CEN).

See J. Ness, ‘Back to the Future’, Journal of the Law Society of Scotland 50 (2006); and S. Brynner and R. Mckay, ‘ARTL - Now and then?’ Journal of the Law Society of Scotland 52 (2007).

M. Wang, ‘The Impact of Information Technology Development on the Legal Concept – A Particular Examination on the Legal concept of “Signatures”’, International Journal of Law and Information Technology 15, no. 3 (2007):253–74.

L. Brazell, Electronic Signature Law and Regulation, 1st ed. (London: Sweet & Maxwell, 2004).

Log in via your institution

Log in to Taylor & Francis Online

PDF download + Online access

  • 48 hours access to article PDF & online version
  • Article PDF can be downloaded
  • Article PDF can be printed
USD 53.00 Add to cart

Issue Purchase

  • 30 days online access to complete issue
  • Article PDFs can be downloaded
  • Article PDFs can be printed
USD 878.00 Add to cart

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.