Electronic signature : towards a seamless integration of legislation and technology

Abstract

For more than a decade, the separate fields of legislation and cryptography have contributed to the development of electronic signatures from divergent perspectives. Research on legislation establishes the legal requirements for electronic signatures, which have been stipulated in legislative frameworks. Research on cryptography mainly focuses on the development of algorithms to enhance the security and efficiency of the methods adopted to generate electronic signatures, for instance, cryptographic signature schemes. This research draws together the knowledge from both of these fields and takes an integrated approach to assess whether a signature scheme is capable of generating electronic signatures satisfying the legal requirements.

This research first identifies and consolidates the legal requirements for electronic signatures in three commonly used legislative frameworks. Based on these requirements, an assessment mechanism called LCD assessment is formalized to evaluate the eligibility of signature schemes in generating legally recognized electronic signatures. Results show that when the LCD assessment is applied to several provably secure signature schemes, one of these schemes does not adequately satisfy the assessment. This significant finding suggests that even a provably secure signature scheme is not necessarily capable of generating legally recognized electronic signatures.

Furthermore, electronic signature legislation has been promulgated in many countries. Due to variations in legislation, countries enforce different regulations and divergent standards for electronic signatures. Such enforcement will prevent an electronic signature from being used across the border if the signature cannot simultaneously fulfill multiple regulatory requirements and standards. This issue creates the interoperability problem of public key infrastructure (PKI). Several major countries have attempted to address this problem through adopting different interoperability models. These models are analyzed in this study and the results suggest that the models can only achieve PKI interoperability at a regional level. A new unified PKI framework is proposed with a vision to enhance the PKI interoperability through harmonizing the practices and standards at an international level. Such a framework not only addresses the technical issues for electronic signatures, but also eliminates the legal uncertainties of the use of signature schemes through incorporating the LCD assessment.

The outcomes of this research are therefore twofold. First, the LCD assessment provides a mechanism to assess the eligibility of signature schemes from a legal perspective. Second, the new unified PKI framework begins to resolve the issues in cross-border use of electronic signatures through a multi-discipline approach. In addressing the interaction between legislation and technology for electronic signatures, the wider use of electronic signatures in global electronic commerce is envisaged.