1. Field of Invention
Exemplary embodiments relate to digital signatures, and particularly to mechanisms for including the intended meaning of digital signatures.
2. Description of Background
Standard digital signatures schemes (based on asymmetric cryptography) are defined by two algorithms: a signing algorithm and a verification algorithm. The signing algorithm produces a signature s when given as input a message m and a secret key SK. The verification algorithm takes as input a message m′, a signature s, and a verifying key PK and yields an accept or reject decision v. FIG. 1 illustrates a typical digital signature utilizing a secret key to sign the message and a public key to validate the signature based on the received message.
Such schemes on their own do not adequately capture the rich semantics of real world signatures, where there is usually an intended meaning associated to a signature (e.g., “I agree with the document”, “I have verified the content of the document”, “I have checked for compliance”, etc). Hence, cryptographic signatures are used within a specific framework; in these frameworks, the meaning of a digital signature is typically split between the type of key and the content of the thing signed. Regarding the type of key, the categories are ad hoc, not well specified and very coarse scale. For example, there is a class of keys for (executable) code signing but this does not specify if the signer is the author, a security reviewer, the legal owner, etc. In the case of the meaning being included in the content of the thing signed, the semantics are simply implied, communicated by out-of-bound conventions or expressed in a natural language (e.g., a human-readable description) and thus are not machine processable and generally not well specified.
Automatic processing is becoming increasingly necessary, for example, in the compliance space, where complex rules need to be applied to large numbers of documents, making it nearly impossible to manually check if the rules are being followed. Such automatic processing is made difficult by the fact that the intended meaning of digital signatures is defined only implicitly (e.g., by human reading of the document).
A need exists for providing digital signatures that explicitly incorporate the meaning of the digital signature in a way that enables efficient, automatic processing by computational means.