Achieving non-repudiation of Web based transactions

In this paper, we describe our approach to achieve non-repudiation for Worl d Wide Web (WWW) based transactions. We designed and implemented protocols for preparing digital signatures on the server as well as the client machin e. In our design, we use the popular Pretty Good Privacy (PGP) software for preparing and verifying digital signatures. The key-contribution is the de ployment of a special purpose HTTP server, called signing server, on the cl ient machine to communicate with the WWW browser. A signing server is speci alized to handle digital signatures. This paper discusses the design and im plementation of the signing server protocol to achieve non-repudiation tran sactions in a WWW based employee information system. The technique of deplo ying special purpose HTTP servers on the client machine has many applicatio ns beyond this. It inter-operates with all types of browsers and is an attr active alternative to browser dependent plug-ins. (C) 1999 Elsevier Science Inc. All rights reserved.