1 / 6

Digital Signature Usability

Digital Signature Usability. Ravi Sandhu George Mason University and TriCipher. Objectives. Emphasize usability not cryptography But they are interrelated All the same there are some purely usability issues on which we currently do a terrible job. Think outside the box.

crobert
Download Presentation

Digital Signature Usability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Signature Usability Ravi Sandhu George Mason University and TriCipher

  2. Objectives • Emphasize usability not cryptography • But they are interrelated • All the same there are some purely usability issues on which we currently do a terrible job

  3. Think outside the box • Cryptography alone cannot provide assurance of signatures. • It is necessary but not even close to being sufficient • Also need elements of “trusted computing” • founded on a strong hardware base for high assurance • The needs of transaction signatures are very different from those of document or email signatures • Transaction signatures rather than signed email may be the killer application • The biggest productivity gains are in volume of low-grade transactions not so much in automating really high end transactions • There is no such thing as an offline transaction • Transactions are typically verified by computers not by people

  4. Questions (signer oriented) • Can users execute the signature procedure when appropriate? • Do they understand when it's appropriate? • Do they realize the consequences of their actions? • Can they recover if they accidentally make a mistake? • What clues are provided to guide them? • Do all signatures need to be of the same strength? • Who determines what the strength of a signature should be?

  5. Questions (verifier oriented) • Is the verifier a human or a computer • Signed email: human verifier • Signed transaction: computer verifier with possibly human audit and recourse forensics • How do we deal with the revocation problem? • Should the verifier even be responsible for this problem? • Do I have responsibility for ensuring that the signer signed what I intended for the signer to sign? • Is there a notion of a verification chain?

  6. PEI Models Framework

More Related