Technical and legal meaning of "sole control" - Towards verifiability in signing systems

Abstract

One of the fundamental ideas of the framework of electronic signatures defined in EU Directive 1999/93/WE is "sole control" over signature creation data. For a long time "sole control" has been understood as using black-box devices for which a certain third party has issued a certificate, whereas the signer was supposed to trust blindly the authorities and certification bodies. This has been claimed as the only feasible solution. Recent advances in technology and development of verifiable systems show that it is possible to provide systems such that the signer has much more control over the signing process and can really maintain control over the signature creation data. The main idea is that breaches in the system cannot be excluded but if they occur, then the signer can provide evidence of a fraud of a third party. © 2011 Springer-Verlag.