In ordinary non-electronic commerce, it is quite common for people to add a handwritten condition above their signatures: conditions such as “subject to contract”, “delivery required within seven days”, “paid under protest”, or “without prejudice”. The legal force of some of these annotations may be questionable, but to the person who writes the comment that does not matter—what matters is that people want to add these conditions. In other cases, conditions may be crucial to a business negotiation.
In electronic commerce, there is typically no opportunity to specify conditions in this way, and so a decision has to be made as to whether to electronically sign without conditions or not to sign. A vendor may lose on-line sales because of a minor legal question which the potential purchaser did not feel able to resolve on-line; or a customer who does sign may be deterred from future purchases. Unhappy customers do not come back.
These examples are typical of business-to-consumer applications, but business-to-business applications have the same need. There have been press reports of a busy goods-inwards manager who was asked to sign what appeared to be a delivery note for a vending machine and who did not realize he was in fact signing a personal agreement to lease the vending machine for several years. When his company decided to change vending-machine supplier, the supplier approached the manager personally for him to fulfill the contract he signed. Regardless of whether an individual court would uphold the contract or find it invalid and unenforceable, it would have been better for the manager if he had been able to add a condition (preferably drafted by his company's legal advisers) saying that he was signing only to confirm delivery. This is not made possible by typical electronic commerce solutions.
Digital signatures can be used for the same purposes as handwritten signatures—to confirm the signer's acceptance of an agreement and to authenticate a document or message. Generally, a digital signature must be able to confirm the identity of the signer. The simple form of a digital signature for a message is to apply a cryptographic “hash” or “digest” function (using an algorithm such as the Message Digest algorithm MD5 or the Secure Hashing Algorithm SHA/1) to the message to produce a short digest representing the longer message. The digest or hash value is a fixed size string produced by applying the hash function to an input which may be of almost any length. The digest is then encrypted with the signer's private signature key to yield a signature block for the message (for example using the Digital Signature Algorithm, DSA). The message, the signature block, the algorithms used for hashing and encryption, and a way of obtaining the signer's public key are all sent to the recipient who can confirm the validity of the signature block by hashing the message, decrypting the signature block, and comparing the resulting short digests. The public key may be, for example, obtained from a digital certificate issued by a trusted third party.
A dual private/public key cryptographic system is disclosed in, for example, U.S. Pat. No. 5,157,726. U.S. Pat. No. 5,157,726 discloses such a system for authenticating a digital signature. A document is signed using the secret key and then the public key is used for checking authenticity. Processes for creating digital signatures are exemplified in U.S. Pat. Nos. 4,881,264, 4,309,569, 4,625,076 and U.S. Pat. No. 4,656,474 and in international standards ISO 9796 and CCITT X509).
Byoungcheon Lee and Kwangjo Kim, ‘Fair Exchange of Digital Signatures Using Conditional Signature’, Symposium on Cryptography and Information Security (SCIS) 2002, 29 Jan.-1 Feb. 2002, Shirahama, Japan, refers to ‘conditional signatures’. This allows signer-chosen conditions to be used as private negotiation statements in two-party communications, and focuses in particular on the achievement of a ‘fair exchange’ of unconditional signatures in response to verification of conditional signatures. The ‘conditional signatures’ of Lee et al are signatures on a message and condition together, and specifically a signature using a conventional signature scheme to sign a combination of the message and a function of the condition.
There remains a need in the art for solutions which address one or more of the problems which are unresolved by the above references, such as solutions which offer users some of the apparent increased flexibility of non-electronic solutions.