Several European countries are adopting digital signatures. But the legal frameworks are not compatible and not yet internationally accepted.
Rainer Mauth
Electronic commerce on the Internet has already changed the competitive setting in many business sectors in Europe. Retail and distribution companies, as well as tourism and banking organizations, have adapted business processes that enable them to search for new customers and to trade products over the Net. In addition, insurance companies and financial inst
itutions have launched new services to exploit the opportunities of the digital economy. Market analysts at International Data Corp. (IDC) say that commercial transactions over the Net in western Europe will reach $15 billion by the year 2000.
The pace and the extent to which Europe will benefit from electronic commerce greatly depend on the development of the backbone infrastructure as well as on the security and confidentiality of the transactions involved. "In order for electronic commerce to take off, we need a trusted environment and secure transactions," says Andrew Walden, a senior manager at Barclay Bank in the U.K. "Consumers and businesses alike must be confident that their transactions will not be intercepted or modified."
Legally Binding
In addition, business and consumers will have more confidence in using electronic transactions if they're not just secure but also binding in a legal sense. Several European countries are currently working o
n digital-signature legislation in an effort to provide a legal framework for electronic transactions. In August 1997, Germany became the first country to enact a digital-signature law as part of an overall multimedia law. (A corresponding ordinance that completed jurisdiction came into force three months later.) As this article went to press, there were legislative drafts of digital-signature laws in Belgium, Denmark, and Italy as well.
Digital signatures confirm the identity of a message's sender as well as the authenticity and integrity of electronic documents. Unique to the sender and to the message being sent, digital signatures are verifiable and nonrepudiable. Another important benefit is that the exchange of digital certificates between computers helps to ensure that the parties are who they claim to be (see "Who Goes There?," June 1997 BYTE).
Like a Fingerprint
In contrast to hand-written signatures, digital signatures not only identify the sender of an electronic message but can
also ensure that the message's content has not been altered -- obviously a critical part of electronic commerce. Digital certificates also help to assess whether goods or services delivered over the Net are genuine.
Typically, digital-signature systems use public-key cryptography, although there are other concepts that can provide the same level of security. For instance, public-key coding systems, such as Pretty Good Privacy (PGP), do not require a secure channel for distributing a secret key to other users. Thus, they are ideally suited for communications over the open Net.
In a public-key coding system, each user generates a pair of keys, known as the
public key
and the
private key
(see the figure
"How Digital Signatures Work"
). Only the public key can decrypt the message encrypted with its corresponding private key. To "sign" an electronic document, the sender runs the document through one of several standard algorithms, which are known as
hash functions
. A hash function produces a number, called a
message digest
, that can be thought of as a fingerprint of the message. Any change made to the message causes the hash function to produce a completely different message digest.
The sender then encrypts the message digest with the private key. The encrypted message digest forms the actual digital signature for the message. Finally, the sender transmits both the digital signature and the original message to the recipient. Note that the message can be encrypted with the recipient's public key, although this isn't necessary for the message to be signed.
Identity Checks
Upon receipt of a message, the recipient's software does two separate operations to verify the sender's identity and determine that the message has not been altered in transit. To verify the sender's identity, the system takes the digital signature and the sender's public key to decrypt the digital signature, which produces the message digest. If this i
s successful, the recipient knows for sure that the stated origin of the message is correct.
To ensure that the message has not been altered, the recipient runs the message through the same hash function that the sender used. By comparing both message digests, the recipient ensures that a third party has not modified the content of the message.
Nothing explained thus far rules out the possibility of a con artist generating a pair of public keys and posting the public key on the Net, claiming it belongs to someone else. Thus, parties relying on digital signatures must be confident that the public key purported to belong to someone is in fact owned by that person.
Certification Authorities
Certification authorities (CAs) handle this function by issuing a digital certificate that identifies the subscriber as well as the corresponding CA. The digital certificate contains the subscriber's public key and is signed with the CA's private key.
To get a digital certificate, a person pre
sents a CA with a copy of the public key along with sufficient proof of his or her identity. In addition to the steps described above, the recipient's computer checks with the CA identified in the digital certificate to verify that the sender is who he or she purports to be and that the certificate has not expired or been revoked.
Asymmetric encryption and digital signatures have been in use for several years in closed user groups, such as financial institutions and medical organizations. CAs such as Belsign in Belgium, COST in Sweden, and Deutsche Telekom's Telesec product center in Germany have offered on-line certificate-management services based on the X.509 standard for years. These services are for corporations and often operate on a national level.
Technology and the Law
The goal of digital-signature legislation is to regulate the technical steps involved in certificate generation and distribution so that a digital signature is acceptable as evidence in court. "Uncertainty about di
gital signatures' evidence constitutes the most important impediment to their use," says Simone van der Hof, a jurist at the Center for Law, Public Administration, and Informatization at Tilburg University in the Netherlands.
Today the general treatment and acceptance of digital signatures in Europe depend on a country's legal system. There are two distinct types of legal systems in Europe. In most European countries, including Germany, the Netherlands, and the U.K., judges are allowed to accept any means of evidence. (This is sometimes referred to as a
free system of evidence
.) However, in some countries -- Belgium and France, for example -- the law defines the means of evidence that judges can accept. Courts in these countries do not accept digital signatures as valid signatures in the legal sense unless a law allows them to do so.
In all European countries, however, regardless of the system of evidence used, many legal provisions, such as administrative or judicial
procedures, explicitly require paper forms and hand-written signatures. Even after the enactment of the digital-signature law in Germany, there are about 3800 provisions that still require hand-written signatures.
Approaches to enact legislation to improve digital signatures' acceptance in court varies widely in Europe (see the table
"Comparison of Digital-Signature Legislation in Europe"
). Differences occur, for example, in the establishment of a person's identity by a CA, the duties of a CA's subscriber, the licensing of CAs, and their liability to subscribers.
Some proposals, such as that from the British Department of Trade and Industry (DTI), even mix regulations on digital signatures with the provision of key escrow. The general consensus, however, is that digital-signature legislation must provide identification of the signatory, evidence of the signatory's adoption of the document, and the integrity of the signed document.
German Law
Germany set up a le
gal framework for digital signatures, based on a system of licensed CAs, last year. Denmark and Belgium are about to initiate similar legislation processes. But these frameworks won't be obligatory except for certain procedures in the public sector, and they won't make digital signatures generally legally binding.
However, digital signatures that conform to the rules of these legal frameworks should be accepted in court. According to Jos Dumortier, a professor at the Center for Law and Information Technology at the University of Leuven, Belgium, "A digital signature can always be contested. But in normal circumstances where there isn't a case of fraud, a judge will accept such a signature."
For example, the German digital-signature law doesn't explicitly deal with the legal validity of digital signatures. But it provides a secure infrastructure for their use. Says Wendelin Bieser of the German Ministry of the Interior, who is widely considered the brain behind the German digital-signature law, "If
you can verify in court that a digital signature complies with the requirements of the law, judges have to accept it."
In Germany today, digital signatures do not carry the same clout as hand-written signatures. But Bieser believes that early in the next legislature period (starting in fall 1998) the parliament might consider a modification of the code of civil law to give digital and hand-written signatures equal legal weight.
Licensing CAs
At the core of the German digital-signature law is a hierarchical infrastructure topped by a CA that's hosted by a state supervising authority. This authority licenses and controls the CAs that give out certificates to end users and corporations. Although the law does not establish a key-management system based on the X.509 standards, it recommends the use of X.509-compliant systems.
CAs must prove the "necessary" reliability and knowledge of their staff, as well as a security concept that's compliant with the Information Technology Security Ev
aluation Criteria (ITSEC). For the generation of keys -- which, according to the law, can be performed only by CAs (as well as the signing of documents with a user's private key, stored secretly on a smartcard) -- the law demands compliance with the ITSECE4 criteria. E4, the strongest of the ITSEC criteria, requires that all involved software components be generated according to a strict security model.
For the user, the law prescribes a document-signing system based on smartcards or other hardware components. It prescribes the use of personal identification numbers (PINs), passwords, or biometric characteristics to secure access to the smartcard.
CA services and signature modules compliant with the law might become commercially available early this summer from companies such as Telesec (Netphen), Debis (Leinfelden-Echterdingen), Utimaco (Oberursel), and the German Technical Inspection Organization TÜV, as well as many banks. But developers still have a difficult road to c
limb because the E4 criteria for key generation and key storage on a smartcard are hard to meet.
"It's not enough to have single E4-certified components; the law requires E4 certification of complete systems, and that's especially difficult to meet," explains Wolfgang Schneider, a project manager at the German National Research Institute for Information Technology (GMD) in Darmstadt.
See What You Sign
The first smartcards to be ready for a "legally binding" digital signature in Germany might be based on Telesec's TCOS chip card OS. TCOS has a file system, supports different levels of access rights, and offers cryptographic security mechanisms for every file stored on it. Because of Telesec's recent teaming up with Microsoft, TCOS may eventually support Microsoft Information Security Framework (MISF).
Utimaco is planning to support TCOS as well as other systems in its upcoming Sign&Crypt signature components, which will include plug-ins for Word, Excel, and Exchange. Sign&Cry
pt modules extract all hidden document information and create a file-format-independent view of a document (comparable to a printout) before a user can sign it. This way, the user can be sure to adopt only the visible elements of a document. As Utimaco's Kurt Schmid puts it, "What you see is what you sign." Also commercially available early this summer will be legally compliant Sign&Crypt components that integrate with additional mail clients and office applications, as well as a corresponding Software Development Kit (SDK).
Incompatible Schemes
Because the German signature law defines such a strong and hierarchical security infrastructure, it has been the subject of much criticism. "The German digital signature law is very inflexible," says Christopher Kuner, a lawyer in Frankfurt. "Many commercial transactions over the Internet will be based on other digital-signature protocols, which may not meet the criteria of the German law. It simply ignores a significant amount of tomorrow's electro
nic transactions."
"The German approach is very centralized," adds Jos Dumortier, who, in a recent report for the European Commission (EC), compared several proposals and jurisdictions on digital signatures. "But the Belgians, for example, favor a less hierarchical system." In fact, the Belgian proposal considers a system of licensed CAs that can cross-certify each other, without having a single CA at the top.
Another argument is that the German law does not treat digital and hand-written signatures equally. "The German law regulates only the infrastructure," says Tomas Koenigsfeldt, Head of Section in the IT policy division in the Danish Ministry of Research and Technology. "In Denmark, we want to go one step further and recognize a digital signature legally."
Two crucial questions remain unanswered: Considering the differences between the laws in Germany, Belgium, and Denmark (and still-different proposals in other countries), how can these schemes ever work across national boarders? And w
ill signatures certified by foreign CAs ever gain acceptance?
The German law says that signatures from foreign CAs have to provide "an equivalent level of security." But other European countries might not want to accept the German standards. The problem is, of course, not limited to Europe; it also includes international transactions.
Nineteen of the states in the U.S. have some kind of digital-signature legislation, but they are not compatible. Says Andrew Leventhal, head of international development for VeriSign in the U.S., "It's good to have laws, but in electronic commerce you have to think globally."
Another question to consider: How do you install digital-signature legislation internationally?
EU to the Rescue
The European Union (EU) might eventually address the problem of incompatible legislation. In a document published last October, the EC said it would propose a directive for a common framework in digital signatures. This is intended to lead to a common European pol
icy by the year 2000. Ultimately, then, if a signature fulfills the requirements of the EU directive, it will have to be recognized in every member state. The document also asks member states to separate the use of cryptography for confidentiality and the use of cryptography for authentication.
Several initiatives, such as the World Wide Web Consortium (W3C), the World Trade Organization (WTO), the Organization for Economic Cooperation and Development (OECD), and the UN, are working on international standards for digital-signature schemes. Just don't expect results for a few years.
Where to Find
Baltimore Technologies
Dublin, Ireland
Phone: +353 1 605 4399
Fax: +353 1 605 4388
E-mail: info@baltimore.ie
Internet: http://www.baltimore.ie
GMD/SECUDE
Informationssysteme
Darmstadt, Germany
Internet: http://www.secude.com
Telesec
Netphen, Germany
Phone: +49 271 708 1621
Phone: +49 271 708 1625
Internet: http://www.telesec.de
Utimaco Safeware
Oberursel, Germany
Phone: +49 6171 9170
Fax: +49 6171 917112
Internet: http://www.utimaco.de
VeriSign
Mountain View, CA, U.S.A.
Phone: +1 650 961 7500
Fax: +1 650 961 7300
Internet: http://www.verisign.com
| Comparison of Digital-Signature Legislation in Europe
|
|---|
| | Ev
idential value of digital signature
| Licensing of CAs
|
|---|
| Country
| Law/proposal
| Compliance with specified technical requirements
| Receivable by court
| ID of sender presumed
| Integrity of contents presumed
| Licensing of CA compulsory
| Cross-
certification from another CA
| Liability of CAs
|
|---|
| Belgium
| Government proposal
| Yes
| N/A
| N/A
| N/A
| N/A
| Yes
| N/A
|
| Denmark
| Draft DS law
| Yes
| N/A
| Yes
| Yes
| Yes
| Yes
| N/A
|
| Germany
| DS Law
| Yes
| No
| No
| No
| Yes
| No
| No
|
| Italy
| Government proposal
| Yes
| N/A
| N/A
| N/A
| N/A
| Yes
| N/A
|
| U.K.
| DTI proposal
| Yes
| Yes*
| N/A
| N/A
| Yes
| Yes
| Yes
|
| * = according to Civil Evidence Act of 1995; N/A = data not available because of draft stage.
|
| Source: Interdisciplinary Center for Law and Information Technology, Univer
sity of Leuven
|
illustration_link (25 Kbytes)
Rainer Mauth is a BYTE senior editor based in Frankfurt, Germany. You can contact him by sending e-mail to
rmauth@byte.com
.
Digital Signatures to Power E-Commerce
