Upcoming SlideShare
×

# Digital Comprator

6,093 views
5,910 views

Published on

1 Like
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

Views
Total views
6,093
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
92
0
Likes
1
Embeds 0
No embeds

No notes for slide

### Digital Comprator

1. 1. D Digital Comparators Navigation Page: 8 of 8 Reset Digital Comparators Another common and very useful combinational logic circuit is that of the Digital Comparator circuit. Digital or Binary Comparators are made up from standard AND, NOR and NOT gates that compare the digital signals at their input terminals and produces an output depending upon the condition of the inputs. For example, whether input A is greater than, smaller than or equal to input B etc. Digital Comparators can compare a variable or unknown number for example A (A1, A2, A3, .... An, etc) against that of a constant or known value such as B (B1, B2, B3, .... Bn, etc) and produce an output depending upon the result. For example, a comparator of 1-bit, (A and B) would produce the following three output conditions. This is useful if we want to compare two values and produce an output when the condition is achieved. For example, produce an output from a counter when a certain count number is reached. Consider the simple 1- bit comparator below. 1-bit Comparator Then the operation of a 1-bit digital comparator is given in the following Truth Table. Truth Table Inputs Outputs B A A > B A = B A < B 0 0 0 1 0
2. 2. 0 1 1 0 0 1 0 0 0 1 1 1 0 1 0 You may notice two distinct features about the comparator from the above truth table. Firstly, the circuit does not distinguish between either two "0" or two "1"'s as an output A = B is produced when they are both equal, either A = B = "0" or A = B = "1". Secondly, the output condition for A = B resembles that of a commonly available logic gate, the Exclusive-NOR or Ex-NOR gate giving Q = A ⊕ B Digital comparators actually use Exclusive-NOR gates within their design for comparing the respective pairs of bits in each of the two words with single bit comparators cascaded together to produce Multi-bit comparators so that larger words can be compared. Magnitude Comparators As well as comparing individual bits, multi-bit comparators can be constructed to compare whole binary or BCD words to produce an output if one word is larger, equal to or less than the other. A very good example of this is the 4-bit Magnitude Comparator. Here, two 4-bit words ("nibbles") are compared to produce the relevant output with one word connected to inputs A and the other to be compared against connected to input B as shown below. 4-bit Magnitude Comparator Some commercially available Magnitude Comparators such as the 7485 have additional input terminals that allow more individual comparators to be "cascaded" together to compare words larger than 4-bits with magnitude comparators of "n"-bits being produced. These cascading inputs are connected directly to the corresponding outputs of the previous comparator as shown to compare 8, 16 or even 32-bit words. 8-bit Word Comparator
6. 6. Display Decoders A Decoder IC, is a device which converts one digital format into another and the most commonly used device for doing this is the BCD (Binary Coded Decimal) to 7-Segment Display Decoder. 7-segment LED (Light Emitting Diode) or LCD (Liquid Crystal) Displays, provide a very convenient way of displaying information or digital data in the form of Numbers, Letters or even Alpha-numerical characters and they consist of 7 individual LEDs (the segments), within one single display package. In order to produce the required numbers or characters from 0 to 9 and A to F respectively, on the display the correct combination of LED segments need to be illuminated and Display Decoders do just that. A standard 7-segment LED or LCD display generally has 8 input connections, one for each LED segment and one that acts as a common terminal or connection for all the internal segments. Some single displays have an additional input pin for the decimal point in their lower right or left hand corner. There are two important types of 7-segment LED digital display. • The Common Cathode Display (CCD) - In the common cathode display, all the cathode connections of the LEDs are joined together to logic "0" and the individual segments are illuminated by application of a "HIGH", logic "1" signal to the individual Anode terminals. • • The Common Anode Display (CAD) - In the common anode display, all the anode connections of the LEDs are joined together to logic "1" and the individual segments are illuminated by connecting the individual Cathode terminals to a "LOW", logic "0" signal. 7-Segment Display Format Truth Table for a 7-segment display Individual Segments Display a b c d e f g × × × × × × 0 × × 1 × × × × × 2 × × × × × 3 × × × × 4 × × × × × 5 × × × × × × 6 × × × 7 Individual Segments Display a b c d e f g × × × × × × × 8 × × × × × 9 × × × × × × A × × × × × b × × × × C × × × × × d × × × × × E × × × × F
7. 7. 7-Segment Display Elements for all Numbers. It can be seen that to display any single digit number from 0 to 9 or letter from A to F, we would need 7 separate segment connections plus one additional connection for the LED's "common" connection. Also as the segments are basically a standard light emitting diode, the driving circuit would need to produce up to 20mA of current to illuminate each individual segment and to display the number 8, all 7 segments would need to be lit resulting a total current of nearly 140mA, (8 x 20mA). Obviously, the use of so many connections and power consumption is impractical for some electronic or microprocessor based circuits and so in order to reduce the number of signal lines required to drive just one single display, display decoders such as the BCD to 7-Segment Display Decoder and Driver IC's are used instead. Binary Coded Decimal Binary Coded Decimal (BCD or "8421" BCD) numbers are made up using just 4 data bits (a nibble or half a byte) similar to the Hexadecimal numbers we saw in the binary tutorial, but unlike hexadecimal numbers that range in full from 0 through to F, BCD numbers only range from 0 to 9, with the binary number patterns of 1010 through to 1111 (A to F) being invalid inputs for this type of display and so are not used as shown below. Decimal Binary Pattern BCD 8 4 2 1 0 0 0 0 0 0 1 0 0 0 1 1 2 0 0 1 0 2 3 0 0 1 1 3 4 0 1 0 0 4 5 0 1 0 1 5 6 0 1 1 0 6 7 0 1 1 1 7 Decimal Binary Pattern BCD 8 4 2 1 8 1 0 0 0 8 9 1 0 0 1 9 10 1 0 1 0 Invalid 11 1 0 1 1 Invalid 12 1 1 0 0 Invalid 13 1 1 0 1 Invalid 14 1 1 1 0 Invalid 15 1 1 1 1 Invalid BCD to 7-Segment Display Decoders A binary coded decimal (BCD) to 7-segment display decoder such as the TTL 74LS47 or 74LS48, have 4 BCD inputs and 7 output lines, one for each LED segment. This allows a smaller 4-bit binary number (half a byte) to be used to display all the denary numbers from 0 to 9 and by adding two displays together, a full range of numbers from 00 to 99 can be displayed with just a single byte of 8 data bits. BCD to 7-Segment Decoder
8. 8. The use of packed BCD allows two BCD digits to be stored within a single byte (8-bits) of data, allowing a single data byte to hold a BCD number in the range of 00 to 99. An example of the 4-bit BCD input (0100) representing the number 4 is given below. Example No1 In practice current limiting resistors of about 150Ω to 220Ω would be connected in series between the decoder/driver chip and each LED display segment to limit the maximum current flow. Different display decoders or drivers are available for the different types of display available, e.g. 74LS48 for common- cathode LED types, 74LS47 for common-anode LED types, or the CMOS CD4543 for liquid crystal display (LCD) types. Liquid crystal displays (LCD´s) have one major advantage over similar LED types in that they consume much less power and nowadays, both LCD and LED displays are combined together to form larger Dot- Matrix Alphanumeric type displays which can show letters and characters as well as numbers in standard Red or Tri-colour outputs.
9. 9. Binary Decoders Navigation page: 5 of 8 Reset Binary Decoders A Decoder is the exact opposite to that of an "Encoder" we looked at in the last tutorial. It is basically, a combinational type logic circuit that converts the binary code data at its input into one of a number of different output lines, one at a time producing an equivalent decimal code at its output. Binary Decoders have inputs of 2-bit, 3-bit or 4-bit codes depending upon the number of data input lines, and a "n-bit" decoder has 2n output lines. Typical combinations of decoders include, 2-to-4, 3-to-8 and 4-to-16 line configurations. Binary Decoders are available to "decode" either a Binary or BCD input pattern to typically a Decimal output code. A 2-to-4 Binary Decoders. In this simple example of a 2-to-4 line binary decoder, the binary inputs A and B determine which output line from D0 to D3 is "HIGH" at logic level "1" while the remaining outputs are held "LOW" at logic "0". Therefore, whichever output line is "HIGH" identifies the binary code present at the input, in other words it "de-codes" the binary input and these types of binary decoders are commonly used as Address Decoders in microprocessor memory applications. Memory Address Decoder.
11. 11. De-multiplexers Navigation Page: 3 of 8 Reset The De-multiplexer De-multiplexers or "De-muxes", are the exact opposite of the Multiplexers we saw in the previous tutorial in that they have one single input data line and then switch it to any one of their individual multiple output lines one at a time. The De-multiplexer converts the serial data signal at the input to a parallel data at its output lines as shown below. 1-to-4 Channel De-multiplexer Addressing Output Selectedb a 0 0 A 0 1 B 1 0 C 1 1 D The Boolean expression for this De-multiplexer is given as: F = ab A + abB + abC + abD The function of the De-multiplexer is to switch one common data input line to any one of the 4 output data lines A to D in our example above. As with the multiplexer the individual solid state switches are selected by the binary input address code on the output select pins "a" and "b" and by adding more address line inputs it is possible to switch more outputs giving a 1-to-2n data lines output. Some standard De-multiplexer IC´s also have an "enable output" input pin which disables or prevents the input from being passed to the selected output. Also some have latches built into their outputs to maintain the output logic level after the address inputs have been changed. However, in standard decoder type circuits the address input will determine which single data output will have the same value as the data input with all other data outputs having the value of logic "0".
12. 12. Standard De-multiplexer IC packages available are the TTL 74LS138 1 to 8-output De-multiplexer, theTTL 74LS139 Dual 1 to 4-output De-multiplexer or the CMOS CD4514 1 to 16-output De-multiplexer. Another type of De-multiplexer is the 24-pin, 74LS154 which is a 4-bit to 16-line De-multiplexer/decoder. Here the output positions are selected using the 4-bit binary coded input. Multiplexers Navigation Page: 2 of 8 Reset The Multiplexer Multiplexers which sometimes are simply called "Mux" or "Muxes", are devices that act like a very fast acting rotary switch. They connect multiple input lines 2, 4, 8, 16 etc one at a time to a common output line and are used as one method of reducing the number of logic gates required in a circuit. Multiplexers are individual Analogue Switches as opposed to the "mechanical" types such as normal conventional switches and relays. They are usually made from MOSFETs devices encased in a single package and are controlled using standard logic gates. An example of a Multiplexer is shown below. 4-to-1 Channel Multiplexer Addressing Input Selectedb a 0 0 A 0 1 B 1 0 C 1 1 D The Boolean expression for this 4 to 1 Multiplexer is given as:
13. 13. Q = abA + abB + abC + abD In this example at any instant in time only one of the four analogue switches is closed, connecting only one of the input lines A to D to the single output at Q. As to which switch is closed depends upon the addressing input code on lines "a" and "b", so for this example to select input B to the output at Q, the binary input address would need to be "a" = logic "0" and "b" = logic "1". Adding more control address lines will allow the multiplexer to control more inputs. Multiplexers can be used to switch either analogue, digital or video signals, with the switching current in analogue circuits limited to below 10mA to 20mA per channel to reduce heat dissipation. Multiplexers are not limited to just switching a number of different input lines or channels to one common single output. There are also types that can switch their inputs to multiple outputs and have arrangements or 4 to 2, 8 to 3 or even 16 to 4 etc configurations and an example of a simple Dual channel 4 input multiplexer (4 to 2) is given below: 4-to-2 Channel Multiplexer Here in this example the 4 input channels are switched to 2 individual output lines but larger arrangements are also possible. This simple 4 to 2 configuration could be used for example, to switch audio signals for stereo pre-amplifiers or mixers. Adjustable Amplifier Gain As well as sending parallel data in a serial format down a single transmission line or connection, another possible use of multi-channel multiplexers is in digital audio applications as mixers or were the gain of an analogue amplifier can be controlled digitally, for example. Digitally Adjustable Amplifier Gain
14. 14. Here, the voltage gain of the inverting amplifier is dependant upon the ratio between the input resistor, Rin and its feedback resistor, Rf as determined in the Op-amp tutorials. A single 4-channel (Quad) SPST switch configured as a 4-to-1 channel multiplexer is connected in series with the resistors to select any feedback resistor combination from a single value of Rf to all the resistors connected together in parallel. The combination of these resistors will determine the overall gain of the amplifier, (Av). Then the gain of the amplifier and can be adjusted digitally by simply selecting the appropriate resistor combination. Digital multiplexers are sometimes also referred to as "Data Selectors" as they select the data to be sent to the output line and are commonly used in communications or high speed network switching circuits such as LAN´s and Ethernet applications. Some multiplexer IC´s have a single inverting buffer (NOT Gate) connected to the output to give a positive logic output (logic "1", HIGH) on one terminal and a complimentary negative logic output (logic "0", LOW) on another different terminal. It is possible to make simple multiplexer circuits from standard AND and OR gates but commonly multiplexers/data selectors are available as standard i.c. packages such as the common TTL 74LS151 8- input to 1 line multiplexer or the TTL 74LS153 Dual 4-input to 1 line multiplexer. A Combination Logic Navigation Page: 1 of 8 Reset
15. 15. Combination Logic Unlike Sequential Logic circuits whose outputs are dependant on both the present input and their previous output state giving them some form of Memory, the outputs of Combinational Logic circuits are only determined by their current input state as they have no feedback, and any changes to the signals being applied to their inputs will immediately have an effect at the output. In other words, in a Combination Logic circuit, if the input condition changes state so too does the output as combinational circuits have No Memory. Combination Logic circuits are made up from basic logic AND, OR or NOT gates that are "combined" or connected together to produce more complicated switching circuits. As combination logic circuits are made up from individual logic gates they can also be considered as "decision making circuits" and combinational logic is about combining logic gates together to process two or more signals in order to produce at least one output signal according to the logical function of each logic gate. Common combinational circuits made up from individual logic gates include Multiplexers, Decoders and De-multiplexers, Full and Half Adders etc. Classification of Combinational Logic One of the most common uses of combination logic is in Multiplexer and De-multiplexer type circuits. Here, multiple inputs or outputs are connected to a common signal line and logic gates are used to decode an address to select a single data input or output switch. A multiplexer consist of two separate components, a logic decoder and some solid state switches, but before we can discuss multiplexers, decoders and de- multiplexers in more detail we first need to understand how these devices use these "solid state switches" in their design. Solid State Switches Standard TTL logic devices made up from Transistors can only pass signal currents in one direction only making them "uni-directional" devices and poor imitations of conventional electro-mechanical switches or relays. However, some CMOS devices made up from FET's act as near perfect "bi-directional" switches making them ideal for use as solid state switches.
16. 16. Solid state switches come in a variety of different types and there are many different applications for using solid state switches but they can basically be divided into 3 different groups of switching applications and in this section we will only look at the Analogue type switch but the principal is the same for all types. Solid State Switch Applications • Analogue Switches Data & Process Control, Video & Audio Switching, Instrumentation ...etc. • • Digital Switches High Speed Data Transmission, Switching & Routing, LAN's, USB ...etc. • • Power Switches Power Supplies and general "Standby Power" Switching Applications ...etc. Analogue Bilateral Switches Analogue or "Analog" switches are those types that are used to switch data or signal currents when they are in their "ON" state and block them when they are in their "OFF" state. The rapid switching between the "ON" and the "OFF" state is usually controlled by a digital signal applied to the control gate of the switch. An ideal analogue switch has zero resistance when "ON" (or closed), and infinite resistance when "OFF" (or open) and switches with RON values of less than 1Ω are commonly available. Solid State Analogue Switch By connecting an N-channel MOSFET in parallel with a P-channel MOSFET allows signals to pass in either direction making it a Bi-directional switch and as to whether the N-channel or the P-channel device carries more signal current will depend upon the ratio between the input to the output voltage. The two MOSFETs are switched "ON" or "OFF" by two internal non-inverting and inverting amplifiers. Contact Types Just like mechanical switches, analogue switches come in a variety of forms or contact types, depending on the number of "poles" and "throws" they offer. Thus, terms such as "SPST" (single-pole single throw) and "SPDT" (single-pole double-throw) also apply to solid state analogue switches with "make-before-break" and "break-before-make" configurations available. Analogue Switch Types
17. 17. Individual analogue switches can be grouped together into standard IC packages to form devices with multiple switching configurations of SPST and SPDT as well as multi channel multiplexers. The most common and simplest analogue switch IC is the 74HC4066 which has 4 independent bi-directional "ON/OFF" Switches within a single package but the most widely used variants of the CMOS analogue switch are those described as "Multi-way Bilateral Switches" otherwise known as the "Multiplexer" and "De- multiplexer" IC´s and these are discussed in the next tutorial. Comparison of Digital and Handwritten Signatures David Fillingham Introduction During the course of our lives, we sign our name many thousands of times - on checks, applications for loans, marriage licenses - the list is endless. People in positions of authority can certify the existence of a person with a signature on a birth certificate, or end a life with a signature on a death warrant. Signatures have been applied in much the same way since ancient times - by scribing one?s own name. Within the past few years, cryptography has made a new way to affix signatures practical. The legal and business communities are rushing to adopt these new cryptographic signature techniques to replace handwritten signatures - but how analogous are handwritten and digital signatures? This paper will explore the similarities and differences between traditional and cryptographic signatures from a technical, legal and practical perspective. Finally, the paper will suggest that although digital signatures will likely revolutionize electronic commerce, handwritten signatures will almost certainly continue to be used for some purposes into the foreseeable future. Why We Sign, How We Sign - A Brief History of Authentication It is probably not surprising that the inventors of writing, the Sumerians, were also the inventors of an authentication mechanism. The Sumerians used intricate seals, applied
18. 18. into their clay cuneiform tablets using rollers, to authenticate their writings. Seals continued to be used as the primary authentication mechanism until recent times. [1] Use of signatures is recorded in the Talmud (fourth century), complete with security procedures to prevent the alteration of documents after they are signed. The Talmud even describes use of a form of "signature card" by witnesses to deeds. [2] The practice of authenticating documents by affixing handwritten signatures began to be used within the Roman Empire in the year AD 439, during the rule of Valentinian III. The subscripto - a short handwritten sentence at the end of a document stating that the signer "subscribed" to the document - was first used for authenticating wills. The practice of affixing signatures to documents spread rapidly from this initial usage, and the form of signatures (a hand-written representation of one?s own name) remained essentially unchanged for over 1,400 years. It is from this Roman usage of signatures that the practice obtained its significance in Western legal tradition. [3] In 1677, England passed "An Act for Prevention of Frauds and Perjuries," which required that "some note or memorandum in writing" that is "signed by the parties" exist for certain types of transactions. [4] This "Statute of Frauds" had a profound influence on U.S. commercial law, and is the antecedent of the Uniform Commercial Code (UCC), which is the basis for most U.S. state and Federal laws governing "transactions in goods." Samuel Morse?s telegraph, first used in 1844, introduced the problem of authenticating electrically transmitted messages. In the legal dispute Trevor v. Wood, 36 N.Y. 307, in 1867, the court found that telegraphed "signatures" met the legal requirements for "written signatures" under the Statute of Frauds. One might say that this was the first legal victory for electronic commerce! [5] Use of networked computers to conduct electronic commerce began in the 1960s, starting with proprietary systems to move data within individual corporations, and later within industry groups, such as the railroad and food industries [6]. During the early days of Electronic Data Interchange (EDI), there was no way to apply cryptographically based signatures to electronic documents, so the industries relied heavily upon "trading partner agreements." These paper agreements, signed by the parties involved, described the rules to which the EDI trading partners agreed with respect to honoring purchase order requests, dispute resolution, and so on. Trading Partner Agreements have been remarkably successful, with legal disputes regarding EDI transactions being exceptionally rare. Trading Partner Agreements still remain an important part of Electronic Commerce. However the world-wide-reach and extremely dynamic population of the Internet makes establishing Trading Partner Agreements with all the possible participants in electronic transactions practically impossible. Furthermore, the Intenet is now used for functions other than electronic commerce with legal requirements for authenticated transactions. For example, medical records are transferred via the Internet, and privacy concerns regarding this information demand authenticated access control.
19. 19. The means to provide digital signatures for computer communications that are roughly equivalent to handwritten signatures on paper documents became available with the advent of public key technology.[7] In 1976 Whitfield Diffie and Martin Hellman published their landmark paper New Directions in Cryptography. This paper outlined how the difficult problem of solving discrete logarithms in finite fields could be used to develop asymmetric public/private key pairs which had clear potential for use in data networks. Diffie and Hellman suggested, quite prophetically, that the "one-way authentication" services offered by public key schemes would ultimately be of more importance to the business community than the confidentiality services for which cryptography had traditionally been used. [8] In 1978, Ron Rivest, Adi Shamir and Len Adleman invented the RSA cryptosystem, which allowed both encryption and the application of digital signatures. Other digital signature schemes soon followed, including the ElGamal technique in 1985 and the U.S. Government?s Digital Signature Standard (DSS) in 1991. The signing and verification process for each of these algorithms is similar: 1. The signer generates (or is provided) a "private signature key," and an associated "public signature key." It is computationally infeasible to determine the private signature key from knowledge of the public signature key, so the public key can be widely and freely disseminated. 2. The signer generates a "digest" of the message to be signed. A "message digest" is the product of a "hash function," that maps a message of arbitrarily large size to a specific, small size. For example, message of 25,000 bytes might be "hashed" to create a message digest of 128 bits (16 bytes). A good hashing algorithm will have the following properties: ? A modification of any bit in the message will result in a deterministic modification of the message digest; ? Given a specific message digest value, it should be computationally infeasible to generate a message that will hash to that message digest value. 3. The signer provides the message digest and a "private signature key" as inputs to the signature algorithm. The output is a "signature value" which is normally appended to the signed data. 4. The verifier, having obtained the signed message, uses the same hash function as the originator to generate a message digest over the received message. If the message has not been changed since the signer applied the signature, the signer?s and the verifier?s hash calculation will result in the same message digest. 5. The verifier obtains and authenticates the signer?s public signature key, and provides the message digest, signature value, and signer?s public
20. 20. signature key to the signature algorithm, which will indicate whether the signature is valid or not. If the signature is valid, then the verifier has an indication that the originator signed the message, and that the message was unchanged during the time between when the message was signed, and when it was verified. What are Signatures Good For? Signatures and Security Services Whether signatures are handwritten or digital, they are applied to achieve three security services: ? authentication, which is concerned with assurance of identity. [9] When a sales clerk compares the signature on the back of a credit card with the signature on a sales slip, the clerk is using the handwritten signatures as an authentication mechanism, to verify the person presenting the credit card is the person the card was sent to by the issuing bank. ? data integrity - assurance that data has not been modified since the signature was applied. While a handwritten signature does not in itself provide data integrity services, the security practices traditionally surrounding handwritten signatures, including the use of indelible ink and tamper-evident paper, provide some measure of data integrity. Digital signatures provide excellent data integrity services by virtue of the digital signature value being a function of the message digest; even the slightest modification of digitally signed messages will always result in signature verification failure. ? non-repudiation, which is concerned with providing evidence to a third-party (like a judge, or jury, for example) that a party participated in a transaction, and thereby protect other parties in the transaction against false denials of participation. The buyer?s signature on the credit card sales slip provides evidence of the buyer?s participation in the transaction, and protects the store and the card- issuing bank from false denials of participation in the transaction by the buyer. How Strong are Signatures? No security mechanism, whether manual or automated, provides absolute assurance. There is evidence that forgery was practiced shortly after the invention of writing, and that it has remained a problem ever since. In the year 539 AD (100 years after the Romans started using signatures) the Romans generated legislation (in the code of Justinian) that established requirements that forensic document examination experts be sworn, and specifying under what circumstances their testimony may be given in cases of forgery. [10] Modern forensic document examiners commonly compare a suspect signature with several examples of known valid signatures, and look for signs of forgery, which include: [11]
21. 21. ? Signatures written at a speed which is significantly slower than the genuine signatures; ? Frequent change of the grasp of the writing implement; ? Blunt line endings and beginnings; ? Poor line quality with wavering and tremor of the line; ? Retracing and patching; ? Stops in places where the writing should be free. These techniques are supplemented with ink and paper analysis, electrostatic detection of writing imprints, and so on. It is difficult to quantify the strength of handwritten signatures. It seems that the level of assurance that one can place in a handwritten signature depends largely on the technical expertise of the forensic document examiner used to investigate the signature. Certainly, expert forgers have succeeded in some cases, but handwritten signatures continue to be used, because they generally provide a strength of security services sufficient for the purposes to which they are applied. Where stronger authentication mechanisms are required, notarized, witnessed signatures are used - sometimes in elaborate "signing ceremonies," such as those associated with signing bills into law, and entering into treaty agreements. The basis of the assurance provided by a digital signature is fundamentally different than that of a handwritten signature. Whereas the judgement of whether a handwritten signature is valid or not depends on the skill of the examiner (be it the clerk comparing the credit card against the sales slip, or the forensic document expert), the judgement of whether a digital signature is valid depends on a great many processes and procedures working correctly. If one were to argue in court that "I didn?t sign this document, my pen did," the result would probably be tittering in the courtroom, a lost case, and a possible court-ordered psychiatric evaluation. However, if one were to argue in court that "I didn?t sign the data, my computer did," the response from the court might be more sympathetic, as anyone who has used a computer has had the experience of the computer doing something the operator didn?t want it to do. In addition to accidental programming errors (such as one that caused a British bank to replicate each payment request, with a consequential temporary loss of about \$ 4 Billion), there are many documented instances of networked computers being manipulated by malicious "outsiders" to do things the legitimate user would never have approved. [12] Ultimately, people do not sign electronically - they command their computers to sign electronically on behalf of the signer. Someday an attacker will seize control of a victim? s signing application to fraudulently sign data, and when this attack becomes public, confidence in digital signatures may be forever shaken. The impact of such an attack on
22. 22. juries and judges is difficult to estimate. U.S. Federal Rule of Evidence 901(9) requires "Evidence describing a process or system used to produce a result and showing that the process or system produces an accurate result." [13] It seems that a single instance of a particular signing application being subverted might call all signed evidence produced using that application (or perhaps even using similar applications) into question. A fundamental difference, then, between digital signatures and handwritten signatures is that digital signatures require the intervention of a computer to be applied - and computers are subject to both accidental errors and malicious subversion. Handwritten signatures, by virtue of their simplicity, are not subject to these vulnerabilities. Another difference between handwritten and digital signatures concerns the mechanism of association between the signer and her signature. A handwritten signature is biologically linked to a specific individual, but cryptographic authentication systems bind signatures to individuals through technical and procedural mechanisms. There are strong, mathematical links between a private signature key, its associated public key, and the message signature, but the association between the signer and her private key depends on the protection afforded the private key. The association between the signer and her public key depends on the honesty and diligence of the Certification Authority (CA) issuing the signer?s public key certificate (a public key certificate is a digitally signed statement by a CA that binds a public key to a signer?s identity). [14] Hence, the strength of the security services provided by a digital signature is a function of the methods used to safeguard the private signature key, methods used by the CA to identify and authenticate those applying for digital certificates, the protections provided against corrupt CAs, safeguards against the computers used by the CA being subverted, and so on. The standards, practices and procedures used to ensure the validity of the binding between a signer and the signer?s public key represent a "certificate policy." The Internet Engineering Task Force (IETF) Public Key Infrastructure/X.509 (PKIX) working group has developed a guide for developing certificate policies that describes certificate policies more precisely as: "A named set of rules that indicate the applicability of a certificate to a particular community and/or class of application with common security requirements." [15] The IETF goes on to list about 250 "policy elements" which can be factored into the establishment of a certificate policy. These policy elements include methods used to identify an individual, how the public/private key pairs are generated, how the private keys are protected, liability limits, and so on. Since different CAs establish and follow different policies, the strength of digital signatures varies according the policy of the CA who issued the signers? certificates. Furthermore, digital signature certificates normally state a "validity interval," determined by the CA, during which the certificate may be used to verify signatures. The matter of what to do about signatures applied using a private key for which the associated public key has expired is one of many associated with the long-term validity of digital signatures. Digital Signatures - Will They Last?