Digital signature service architecture

Budapest University of Economic Sciences and Public Administration,
Department of Information Systems

Major results are achieved on the subject of legal recognition of the digital signature in Hungary at the dawn of the new millennium. A government decision and the draft bill show our efforts to join to the EC Directive and to the existing legal practice of the member states in this field. The main aim is to establish the pre-conditions for reliable and trusted electronic commerce services, that mean the implementation of the certified, secure but distributed network services in this country. To accomplish it, there are several other essential things to do not only by the state but also by other actors in addition to the creation of the legal framework.

Recently there are many Hungarian publications about the digital, to be more exact about the electronic signature, and how the public key cryptography works. However, the infrastructure in Hungary cannot compare to the infrastructure of the Western European countries. One can avoid or handle the pitfalls of the developments and investments connected with the proliferation of electronic signature usage only with the timeliness architecture planing. The planing for the architecture should take into account the requirements of each the actor being member of the supply chain between the system owner / service provider and between the end-user / subscriber. The architecture defines each component of the system and their relationships. The architecture, which is based on standards and recommendations, will clearly communicate the tasks to be carried out and their descriptions for everybody. The public-key infrastructure or PKI ensures the usage of the electronic signature. The elements of the architecture are the followings:

Certification Authorities,

Registration Authorities,

PKI repositories,

Certificate publication points,

Key and certificate management tools,

Key-enabled applications,

Hardware support, card manufacturer and card issuer,

Security - physical facility protection of the authorities, network security, etc.

It is well known that each consists of several sub-architectures with own elements.

It is important to enable the wide use of the standard directory services, which are one of the main services of the repositories. The users should be trained for it, and certificate policy and certificate practice statement (CPS) examples should be published. The structural and interconnection architecture of the certificate / cryptographic service providers (CSP) can have lots of variations. Various forms of private CPSs' can arise. However, at the same time the EC Directives promotes the application of electronic signatures in the transactions within public administrations.

The protection of customers rights and the protection of taxpayers money make it reasonable to standardise some elements of the architecture (mainly the smart card storing the certificates). The countries with developed infrastructure summarise the special requirements in their own national standards, besides the related ISO/IEC standards and IETF RFCs', and what is more, they issue the visual identification documents on smart cards containing the electronic signature in some cases.