Browse Prior Art Database

Applying the _ RSA Digital Signature to Electronic Mail Disclosure Number: IPCOM000131592D
Original Publication Date: 1983-Feb-01
Included in the Prior Art Database: 2005-Nov-11
Document File: 12 page(s) / 45K

Publishing Venue

Software Patent Institute

Related People

Donald W. Davies: AUTHOR [+3]


National Physical Laboratory, UK

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 8% of the total text.

Page 1 of 12


This record contains textual material that is copyright ©; 1983 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Contact the IEEE Computer Society (714-821-8380) for copies of the complete work that was the source of this textual material and for all use beyond that as a record from the SPI Database.

Applying the _ RSA Digital Signature to Electronic Mail

Donald W. Davies

National Physical Laboratory, UK

This concept of a standardized digital signature system includes the use of the Rivest-Shamir- Adleman cipher along with signature-checking rules, key registries, and a legal control structure.

Because of the increased cost-effectiveness of computer technology and its subsequent acceptance into the business world, computer-based message systems are likely to become the principal carriers of business correspondence. Unfortunately with the efficiency of these systems come new possibilities for crime based on interference with digital messages. But the same technology that poses the threat can be used to resist and perhaps entirely frustrate potential crimes.

For some messages, a degree of privacy or secrecy is needed, which is possible with encryption. However, predicting the extent encryption will be used in electronic mail is difficult, since much depends on the cost and convenience of its applications.

For nearly all messages, authenticity is a prime requirement. Authenticity implies that the message is genuine in two respects: its text has not changed since it left the sender and the identity of the sender is correctly represented in the text header or in the signature attached to the message. Neither of these authenticity indicators is sufficient by itself because an altered message from sender A is in no way different from a message appearing to come from A but in fact coming from an enemy. The technique of authentication, which is closely related to cryptography, normally uses the symmmetric type of cipher, typified by the Data Encryption Standard, or DES, algorithm.

This kind of authentication is seriously deficient because both the sender and receiver must know a secret key. The sender uses the key to generate an authenticator, and the receiver uses it to check the authenticator. With this key, the receiver can also generate authenticators and can therefore forge messages appearing to come from the sender. In other words, authentica tion can protect both sender and receiver against thirdparty enemies, but it cannot protect one against fraud committed by the other. If A sends a message to B. for example, B might fraudulently claim to have received a different message. Supposing B takes some action in response to a genuine received message, A can still claim that B in fact forged the message. For these reasons, authentication by the customary methods using symmetric ciphers can do nothing to resolve dis...