IIT Home Page CNR Home Page

Signed Web Forms

As more and more Web applications are available on the Internet, they are becoming a standard way also for many organizations and institutions to offer their services and/or improve the efficiency of office procedures. Some of these applications require the user to input some information, typically by filling out a form, and submit the data. In many cases the user is required to digitally sign the data submitted. The problem of the digital signature has been solved with appropriate algorithms based on the use of two different keys: the private key and the public key. The private key must be known only to its legitimate owner, certified by a Certification Authority, and must be protected from unauthorized access. This problem has been solved by means of smart-cards and USB-tokens. However when the user decides to sign a document displayed on the screen, the software actually uses his private key to sign an internal representation of the document. Thus, another problem arises: the user must be sure that the document actually signed is the same document he has been shown. Since few years the WYSIWYS (What You See Is What You Sign) technology has been suggested, so that users know exactly what they sign. We propose an architecture based on this technology. The signing module is embedded in a Web Service that must be invoked to obtain the digital signature of a given document.


Autori: Marchetti A., Tesconi M., Minutoli S.
Autori IIT:

Tipo: Rapporti tecnici, manuali, carte geologiche e tematiche e prodotti multimediali
Area di disciplina: Information Technology and Communication Systems
Technical Report IIT TR-17/2005