1. Field of the Invention
The present invention relates to an electronic signature, and more particularly to an electronic signature created by a secret key infrastructure (SKI) system.
2. Description of Prior Art
In the present digital era, most people are living in an environment with various different convenient electronic products. As the development of the Internet advances, our electronic life is promoted to a higher level.
Electronic products definitely give tremendous convenience to users, particularly when we use these electronic products together with the Internet, and these products allow us to do many things that have never been accomplished. “Knowing things in the whole wide world without stepping out your house” is no longer a dream anymore. In recent years, we can do things involving personal confidential data such as an electronic transaction and an electronic signature by going through registration, logon, and identity authentication procedures, in addition to the function of obtaining information on the Internet. In the past, we had to go out and handle these affairs in person, but we can do many of these matters via the Internet, and thus the Internet has reached its peak of utilization.
Although network applications including electronic transactions and electronic signatures are very convenient and popular, their practical use is closely related to personal confidential data. Thus, there are concerns on how to maintain the information security and verify a user's identity. At present, many applications of the Internet require a user to enter a password to confirm the user's identity, but unauthorized uses of a fixed password occur very often, or a password with a very low security is cracked by unauthorized persons easily. Therefore, the verification method based on the user's password is inappropriate and insufficient for electronic signatures. Obviously, an application capable of withstanding offline attacks is needed.
To overcome the aforementioned drawback, some designers and manufacturers proposed the famous public key infrastructure (PKI) system. The PKI system uses a pair of asymmetric matched public key and private key as the keys for encryption and decryption. All public keys submitted for an application are safe kept by a trusted third party, namely a certificate authority (CA). Any person who requires a verification document can submit an application to the CA to inquire a public key. After a first user encrypts a document by the user's private key, and a second user receives the document, the second user can file an application to request the CA for the safe kept public key of the first user in order to decrypt the document. If the decryption is successfully, then it shows that the document is encrypted by the first user. If the second user uses a public key of the first user kept by the CA to encrypt the document, and the first user is the only receiver of the document, then the only private key known by the first user can be used for the decryption.
The PKI system has the features of confidentiality and non-repudiation that catch the attention of the manufacturers in the industry, and thus the PKI system is applicable for electronic signatures. However, the systems of this sort require a high cost, such that a company without sufficient budget has to bear a risk and select a verification method with a relatively lower level of confidentiality and a cheaper cost. In view of the aforementioned shortcomings of the prior art, the present invention provides an electronic signature verification method with a relatively lower cost to improve the security greatly.