Normative analysis and implementation of advanced electronic signature.
What is following is directly taken from the thesis abstract which, like the previous one, is an experimental work. The project has been developed at the Consoft Sistemi S.p.A. company.
The subject I deal with is about the electronic signature, specifically the advanced electronic signature (abbreviated in AES or FEA – Firma Elettronica Avanzata – in the Italian translation), added on a document, principal and fundamental component in the context of digitalization and storage of the document in a printed form, that had an important development very quickly and only in the last few years we see it as a growing technology (or, better, as a new process) sustained by a normative system internationally recognized but subjected to many reviews and modifications.
Focused the main topic in the first chapter, the next one deals with the development of the Italian normative system about electronic signatures, analyzing various forms (simple signatures, advanced and qualified signatures, etc.) and various legal effects their use involves.
Then I suggest a reflection about the main area of applicability and the cryptographic techniques which serves as the basis for their operations; another important subject regards biometric technologies, that observe a growing popularity in all fields the signature process is a settled practice; the biometric signature let to the creation of more areas of applications (e.g. signing on a tablet instead of on a sheet of paper), keeping certain standards in terms of privacy.
The second part of my thesis deals with the analysis and implementation of a AES system; first, I give a general overview of the main software tools (SDK, Software Development Kit), exploited to realize a client desktop application, as well as the main signature devices the user can interact with; then the discussion will be focused on the analysis of the classes, methods and libraries used for implementation, as well as the description of the modules, interfaces and data structures.
To follow, the description of a real signing process, explaining a typical way of using the application by a user-signer: I illustrate the main steps through which he can add, on a document, a sign acquired from an external device, after having set some of the sign parameters.
Last chapter provides a series of final considerations about introduction of biometrics in some of real scenarios (biometric data exchange, protection of personal data, etc.), that could lead up to possible improvements of the solution here exposed.
You can download the thesis paper (80 pages, PDF/A format, Italian language):