dual-use digital signature vulnerability
Rich Salz
rsalz at datapower.com
Wed Jul 21 14:48:46 EDT 2004
> attempt to address this area; rather than simple "i agree"/"disagree"
> buttons ... they put little checkmarks at places in scrolled form .... you
> have to at least scroll thru the document and click on one or more
> checkmarks .... before doing the "i agree" button. a digital signature has
> somewhat higher integrity than simple clicking on the "i agree" button ...
See US patent 5,995,625. The abstract:
A method of unwrapping wrapped digital data that is unusable
while wrapped, includes obtaining an acceptance phrase from a
user; deriving a cryptographic key from the acceptance phrase;
and unwrapping the package of digital data using the derived
cryptographic key. The acceptance phrase is a phrase entered
by a user in response to information provided to the user. The
information and the acceptance phrase can be in any appropriate
language. The digital data includes, alone or in combination, any
of: software, a cryptographic key, an identifying certificate,
an authorizing certificate, a data element or field of an
identifying or authorizing certificate, a data file representing
an images, data representing text, numbers, audio, and video.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list