1. Evaluating trusted electronic documents Petr Švéda Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

2. Reliable and authentic document … data/information can be trusted only in context content – information included in a document, signature may be considered also as a part of the content context – additional evidence data to support reliability and authenticity of a document (trust path, time stamp …) structure – physical and logical format of a document, integrity is important Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

3. Signature validation … also need of contextual and structural information (certificates, cert. policy, cert. practice statements, CRL, trust paths, trust verification records) initial – soon after signature creation usual – any time after initial verification, signature creation primitives are valid archival – verification against information that were valid in past but are not secure/valid yet Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

4. Evaluation concept

5. Summary lack of standards and lot of proprietary solutions wide spread combined file and data formats (e.g. MS Word) cannot be trusted => need of evaluation criteria proposed evaluation concept can be extended via + notation (level 1+ = some but not all level 2 req.) Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.

6. Questions? Thank you for your attention … xsveda@fi.muni.cz Security and Protection of Information ‘03 © 2003 Petr Švéda, FI MU.