Browse Prior Art Database

Digital Signature Transmission over SSL

IP.com Disclosure Number: IPCOM000014909D
Original Publication Date: 2001-Sep-01
Included in the Prior Art Database: 2003-Jun-20
Document File: 1 page(s) / 54K

Publishing Venue

IBM

Abstract

Disclosed is a method for transmitting digital signature over SSL. With the method, one can securely transmit ditigal sinatature over the Internet, where "securely" means that it is secure against replay attack.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 89% of the total text.

Page 1 of 1

Digital Signature Transmission over SSL

   Disclosed is a method for transmitting digital signature over SSL. With the method, one can securely transmit ditigal sinatature over the Internet, where "securely" means that it is secure against replay attack.

Replay attack is an attack that a malicious user get a digital signature sent from some party A to some party B in some way and re-send it to B. The malicious user may be able to make the party B accept the message as a valid message signed by A.

In order to prevent this replay attack, it is useful to append nonces such as time stamp and sequece number to messages to be signed. Since a nonce is guaranteed to be unique in application context, replay attack can be prevented. However, this makes application developement complicated. In particular, the receiving party need to check the uniqueness of the appended nonce.

Our method proposes to use SSL to solve this problem. Specifically, our method uses the master secret shared by the SSL protocol as a nonce. Alternatively, a value generated by some function of the master secret may be used as a nonce. Since the master secret is randomly generated, the probability that the uniquenes is not satisfied is negligible. Therefore, the receiving party do not need to check the uniqueness. This simplifies the application development.

The following figure shows the protocol overview of the method:

    Sending party A Receiving party B A wants to send a message M

Open an SSL connection...