Please enable JavaScript.
Coggle requires JavaScript to display documents.
Signature Validation - Coggle Diagram
Signature Validation
statuses
TOTAL-FAILED
indicates that either the signature format is incorrect or that the digital signature value fails the verification
TOTAL-PASSED
indicates that the signature has passed verification and it complies with the signature validation policy.
INDETERMINATE
indicates that the format and digital signature verifications have not failed but there is an insufficient information to determine if the electronic signature is valid
signature dictionary
PDF data structure, of type dictionary, as described in ISO 32000-1 [1], clause 12.8.1, table 252
that contains all the information about the Digital Signature
The signature itself along with various optional information is contained in a data structure of the PDF called the signature dictionary
Basic Building Blocks
-
Each block contains a number of rules that are executed sequentially. The rules are driven by the constraints defined in the validation policy. The result of each rule is OK or NOT OK. The process is stopped when the first rule fails. Each block also contains a conclusion. If all rules are met then the conclusion node indicates PASSED. Otherwise FAILED or INDETERMINATE indication is returned depending on the ETSI standard definition.
electronic signature
Data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication
Best-signature-time
an internal variable for the algorithm denoting the earliest time when it can be trusted by the SVA (either because proven by some POE present in the signature or passed by the DA and for this reason assumed to be trusted) that a signature has existed.
-
PDF signature
binary data object based on the CMS (see RFC 3852 [5]) or related syntax containing a digital signature placed within a PDF document structure as specified in ISO 32000-1 [1], clause 12.8 with other information about the signature applied when it was first created
Diagnostic Data
This is a data set constructed from the information contained in the signature itself, but also from information retrieved dynamically as revocation data and information extrapolated as the mathematical validity of a signature. All this information is independent of the applied validation policy. Two different validation policies applied to the same diagnostic data can lead to different results.
-