The verification of electronic signatures represents a key component of security-sensitive applications. Signature-verification tools need to meet several requirements regarding security, reliability, usability, and accessibility. A conducted survey revealed that existing signature-verification tools often meet only a subset of these requirements. In most cases, available tools support a limited set of document and signature formats only, or do not feature appropriate interfaces that allow both end users and third-party applications to access the tool’s functionality in a convenient way. This complicates the development of electronic signature based third-party applications and reduces the usability for end users. To solve this problem, we propose a new architecture for Web based signature-verification tools. The proposed architecture follows a plug-in based approach that eases the integration of new signature formats and interfaces. The practical applicability of the proposed architecture is demonstrated by means of a concrete implementation covering different use cases. This implementation demonstrates that the proposed architecture facilitates the realization of signature-verification tools that are able to meet all requirements of end users and third-party applications. This way, the proposed architecture and the implemented solution contribute to the security, usability, and efficiency of present and future electronic signature based applications.
[1]
Roy T. Fielding,et al.
Hypertext Transfer Protocol - HTTP/1.1
,
1997,
RFC.
[2]
Rhona K. M. Smith.
Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006
,
2015
.
[3]
Russ Housley,et al.
Cryptographic Message Syntax (CMS)
,
2002,
RFC.
[4]
A. Shamir,et al.
Pkcs #7: Cryptographic Message Syntax
,
1997
.
[5]
Reinhard Posch,et al.
Security architecture of the Austrian citizen card concept
,
2002,
18th Annual Computer Security Applications Conference, 2002. Proceedings..
[6]
Jean Jacques Moreau,et al.
SOAP Version 1. 2 Part 1: Messaging Framework
,
2003
.
[7]
C. M. Sperberg-McQueen,et al.
eXtensible Markup Language (XML) 1.0 (Second Edition)
,
2000
.
[8]
Reinhard Posch,et al.
Reconstruction of electronic signatures from eDocument printouts
,
2010,
Comput. Secur..
[9]
Reinhard Posch,et al.
Media-Break Resistant eSignatures in eGovernment: An Austrian Experience
,
2009,
SEC.
[10]
Sean Turner,et al.
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification
,
2019,
RFC.
[11]
Klaus Stranacher,et al.
Interoperable Electronic Documents
,
2012
.