Digital signature usability l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 6

Digital Signature Usability PowerPoint PPT Presentation


  • 108 Views
  • Uploaded on
  • Presentation posted in: General

Digital Signature Usability. Ravi Sandhu George Mason University and TriCipher. Objectives. Emphasize usability not cryptography But they are interrelated All the same there are some purely usability issues on which we currently do a terrible job. Think outside the box.

Download Presentation

Digital Signature Usability

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Digital signature usability l.jpg

Digital Signature Usability

Ravi Sandhu

George Mason University

and TriCipher


Objectives l.jpg

Objectives

  • Emphasize usability not cryptography

    • But they are interrelated

    • All the same there are some purely usability issues on which we currently do a terrible job


Think outside the box l.jpg

Think outside the box

  • Cryptography alone cannot provide assurance of signatures.

    • It is necessary but not even close to being sufficient

    • Also need elements of “trusted computing”

      • founded on a strong hardware base for high assurance

  • The needs of transaction signatures are very different from those of document or email signatures

    • Transaction signatures rather than signed email may be the killer application

    • The biggest productivity gains are in volume of low-grade transactions not so much in automating really high end transactions

    • There is no such thing as an offline transaction

    • Transactions are typically verified by computers not by people


Questions signer oriented l.jpg

Questions (signer oriented)

  • Can users execute the signature procedure when appropriate?

  • Do they understand when it's appropriate?

  • Do they realize the consequences of their actions?

  • Can they recover if they accidentally make a mistake?

  • What clues are provided to guide them?

  • Do all signatures need to be of the same strength?

  • Who determines what the strength of a signature should be?


Questions verifier oriented l.jpg

Questions (verifier oriented)

  • Is the verifier a human or a computer

    • Signed email: human verifier

    • Signed transaction: computer verifier with possibly human audit and recourse forensics

  • How do we deal with the revocation problem?

    • Should the verifier even be responsible for this problem?

  • Do I have responsibility for ensuring that the signer signed what I intended for the signer to sign?

  • Is there a notion of a verification chain?


Pei models framework l.jpg

PEI Models Framework


  • Login