SOLVING THEE-SIGNATURE NON-REPUDIATION PROBLEM

Abstract

Signature Creation Devices such as smart cards or tokens that comply with the European E-Signature Directive are vulnerable to Trojan Horses attacks through which an attacker can fraudulently create digital signatures utilizing the user's signature creation device when it is used on an infected computer. The current antivirus technologies cannot fully protect from polymorphic Trojan Horses that change their shapes frequently with time. Hence non-repudiation cannot be satisfied because the signor cannot ultimately protect himself

Existing solutions in the prior art have vanous limitations, including device size, suitability for un-trusted computers such as Internet cafe computers and scalability with regards to the size of the data that can be reviewed and signed.

The solution presented is an adaptation to smart cards and smart tokens. It enables tlte user to detect any malicious activity, whether software-based or firmware-based, so that only what the user wants to sign gets signed. Additionally, the same adaptation components realize secure biometric authentication.

Also, a method for enteting secrets securely to the smart card or smart token ts presented.