Citation
(2007), "Outstanding Paper Award", Information Management & Computer Security, Vol. 15 No. 4. https://doi.org/10.1108/imcs.2007.04615daa.001
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited
Outstanding Paper Award
The Donn B. Parker Award – This award is named after Donn B. Parker, who, in the early 1970s, through his research and many publications introduced business management to the concept of computer security. His coining of the term “computer abuse” helped to draw attention to this important business function. Donn Parker is now heavily involved in the International Information Integrity Institute, the so-called I4 Research group at SRI International.
Information Management & Computer Security
“Outsourcing digital signatures: a solution to key management burden”
Dimitrios LekkasDepartment of Product and Systems Design Engineering, University of the Aegean, Syros, Greece and
Costas LambrinoudakisDepartment of Information and Communication Systems Engineering, University of the Aegean,Samos, Greece
Purpose – Digital signatures are only enjoying a gradual and reluctant acceptance, despite the long existence of the relevant legal and technical frameworks. One of the major drawbacks of client- generated digital signatures is the requirement for effective and secure management of the signing keys and the complexity of the cryptographic operations that must be performed by the signer. Outsourcing digital signatures to a trusted third party would be an elegant solution to the key management burden. This paper aims to investigate whether this is legally and technically feasible.Design/methodology/approach – In this paper's approach, a relying party trusts a signature authority (SA) for the tokens it issues, rather than a certification authority for the certificates it creates in a traditional public key infrastructure scheme. Findings – The paper argues that passing the control of signature creation to an SA rather than the signer herself is not a stronger concession than the dependence on an identity certificate issued by a certification authority. Practical implications – All the temperature measurement methods discussed have their limitations and these are described for each method listed. Originality/value – The paper proposes a framework for outsourced digital signatures.Keywords Communication technologies Data security, Digital signatures, Information systemswww.emeraldinsight.com/10.1108/09685220610707449The paper originally appeared in Vol. 14 No. 5, 2006, pp. 436-49, of Information Management & Computer SecurityEditor: Kevin Fitzgerald
Highly Commended Papers
An information privacy taxonomy for collaborative environmentsGeoff Skinner, Song Han and Elizabeth ChangVol. 14 No. 4 2006Towards an insider threat prediction specification languageG.B. Magklaras, S.M. Furnell and P.J. BrookeVol. 14 No. 4 2006Security information management as an outsourced serviceHervé Debar and Jouni ViinikkaVol. 14 No. 5 2006