With the current state of the art, carrying out monetary operations (or operations of any other type), remotely, has the drawback of being susceptible to unwanted and fraudulent replacement of identities. Therefore, it is necessary to develop devices that make it possible to authenticate the identity of the person concerned in a safe and secure way. One method that has been extensively used up to the present time is the name of the user and a secret password that the user has to show at the other end before the operation begins. This information is sent in coded form in such a way that nobody other than the addressee or recipient can obtain the access code. The problem with this authentication system lies in the fact that as the same access key is always used it is relatively easy to attack. Another more reliable way of authenticating involves the use of an electronic signature. The incorporation of the electronic signature into electronic commerce operations amounts to a major improvement in security, in view of the fact that one single authentication code is not used for any document, because a different signature is generated for each one of them. This signature is a function of the person who gives the order (of the signature code that this person possesses) and of the document itself. This means that although an attacker might manage to intercept a document together with its signature, the attacker will not be able to generate the signature on it for another different document. There are two types of signature, depending on the type of coding that is used: symmetrical or asymmetrical.
As far as the symmetrical coding is concerned, the same code is used to sign and to verify the signature. This means that not only the person who signs the data but also the person who has to verify the data must share the signature code. Therefore, only they will be able to sign or verify the documents. The use of this type of signature is currently widespread, but problems can arise if at a particular moment it is necessary for another person to verify the signature, because this would mean having to make the signature/verification code known to somebody else.
Where the asymmetrical coding is concerned, two supplementary codes are used, one for signing purpose and the other for verification purposes, in such a way that what one signs with one code can be verified with the other code. The fact that two codes are available enables the users to keep one of them secret (the signature code) and make the other code known (the verification code). Furthermore, if the user wishes to make an authentication to somebody, he can sign a block of data with his signature code in such a way that anybody can verify it, using the verification code.
However, these systems are only as secure as the code management is good, that is to say, as long as the signature codes are kept out of reach of any attacker and the mechanism that is used for publishing the verification codes guarantees their integrity. If the signature codes are kept in files that are stored in the computers, there is a risk that someone might illicitly access this information and copy it without the authorised user's knowledge, whether this is done locally or remotely by means of a virus.
Smart cards manage to overcome this problem by isolating the signature codes in a device that is external to the computer, in such a way that the codes can never be extracted from these cards, all that can be done is to pass on items of data so that the smart card can sign them. This amounts to a major breakthrough, because it ensures that nobody can ever steal the signature code.
However, even smart cards can be attacked, albeit in a much more sophisticated way. Such attacks consist of using a virus or a Trojan Horse virus to order the smart card to carry out operations while it is activated without the user observing that anything unusual is going on.
It can be concluded from all of the aforementioned that it is not possible to trust computers to carry out an electronic signature signing process, whether directly while in possession of the signature codes on the hard disk or through the use of smart cards. Therefore, if the signature system is to be made safe and secure, it is necessary to use hardware that cannot be reprogrammed and that is reliable, with the user having the option of being able to display the data that has to be signed and that requires the interaction of the user to carry out the signing operations.