- From: Alan Kotok <kotok@w3.org>
- Date: Wed, 21 Apr 1999 14:42:20 -0400
- To: "John Boyer" <jboyer@uwi.com>
- Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
At 01:24 PM 4/21/99 , John Boyer wrote: >... >The pen people's biometric tokens are encrypted blobs containing biometric >measures of the act of signing as well as a sha-1 or md5 hash of the >document being signed. The biometrics identify the signer, the act of >signing implies authorization (same as paper), the hash authenticates the >document content, and the encryption binds the two together. The pen people >claim that this signing technology offers an electronic solution that is at >least as secure or substantially more secure than the paper signatures that >we currently accept. There seems to be general agreement that whatever we develop should be able to accomodate multiple signature technologies. There also seems to be agreement that it is not the work of this group to judge the strength or merit of any particular technology. But it does seem necessary to understand the requirements posed by known signature technologies on the specifications we develop. Therefore, I would assume we need to understand how signing using biometrics relates to the process we are more familiar with: that of encrypting the hash of a signature block using the private key of a public keypair. Maybe I'm a bit dense, but I can't figure out the explanation provided above. What "encryption" binds the identifying information unique to the signer and the description of what is being signed? Could you take us through that operation in more detail? Thanks. Alan ___________________________________________________________________________ Alan Kotok, Associate Chairman mailto:kotok@w3.org World Wide Web Consortium http://www.w3.org MIT Laboratory for Computer Science, 545 Technology Square, Room NE43-409 Cambridge, MA 02139, USA Voice: +1-617-258-5728 Fax: +1-617-258-5999
Received on Wednesday, 21 April 1999 14:42:27 UTC