A Conceptual Model for Claim Validation Based on Cryptographically Signed Data

Abstract

In this paper, we propose a conceptual model for claim validation based on signed data while clarifying the gap between validation and verification. As various activities are conducted via the Internet and the Web, verifying information and its originators is essential for countermeasures against threats, such as spoofing or falsifying an achievement. These discussions utilize cryptographically signed data, which includes a digital signature that allows a recipient can confirm the authenticity of the source using cryptographic techniques. In applications that utilize signed data to represent a claim, the recipient judges whether the claim is valid to avoid misidentification of the claim. However, the standards for digital certificates, such as Verifiable Credentials, do not cover the validation of the claim represented by the certificate, including the truth or falsity of the claim. Considering that verifying a signature does not directly indicate the validity of the claim, the gap between verification and validation should be clarified to cover the validation of the claim. We then hypothesize that the gap is the presence or absence of the validator's criteria, and review the definitions in two standard documents to confirm our hypothesis. We then propose a conceptual model for claim validation that utilizes signed data. In our model, a validator, who is a recipient of the claim, defines a validation policy to represent the validator's criteria. We also discuss a communication model between the claimant, who is a originator of the claim, and the validator. For claims that the validator cannot directly validate, we introduce an additional model that involves a certifier that the validator trusts. We analyze the applicability of our model through three use cases, and conclude that our models are applicable. Based on our model, we anticipate exploring several scenarios to validate diverse claims using signed data.