Digital signature management

The Digital Signature Project (ELU-project) is coordinated by the STUZZA, a subsidiary of the leading Austrian business banks. The aim of the project is to establish an infrastructure for applying smart card-based digital sig natures in banking and electronic commerce applications. One important requ irement is to conform to all relevant international standards to ensure int eroperability in case of a later connection to an international certificati on infrastructure. One part of the infrastructure is a public directory in the form of an LDAP-server from which the X.509v3 certificates of the publi c signature keys can be retrieved. To provide for integrity strong data aut henticity and non-repudiation of all directory information it was important to apply some security features that have not been standardized for LDAP y et. In this way the user can be sure that he is talking to the trusted dire ctory when retrieving certificates and certificate-related information. In this paper we give an overview of the project and some insights into some o f the interesting parts of the system specification and design.