Related Stories

Top 5 Stories


NIST proposes changes to digital signature standard to keep up with technology

18 April 2012

The US National Institute of Standards and Technology (NIST) has proposed changes to its digital signatures standard to incorporate new technology.

Revised several times since it was first published in 1994, NIST’s digital signature standard, also known as the Federal Information Processing Standard (FIPS) 186-3, provides a means of guaranteeing digital authenticity using complex math to make the signatures “all but impossible to forge", said NIST in a statement.

The proposed revisions provide clarification on how to implement the digital signature algorithms approved in the standard: the digital signature algorithm, the elliptic curve digital signature algorithm, and the Rivest-Shamir-Adelman (RSA) algorithm.

The changes also allow the use of additional random number generators, which are used to generate the cryptographic keys used for the creation and verification of digital signatures.

Those interested in commenting on the changes have until May 25, 2012. Both FIPS 186-3 and a separate four-page document outlining the proposed changes are available online. Electronic comments may be emailed to NIST, with ''186-3 Change Notice'' in the subject line.

In addition, NIST issued a report that found software that identifies people based on iris scans, the colored part of the eye that surrounds the pupil, can produce rapid results but at the cost of accuracy.

NIST evaluated 92 different iris recognition algorithms from nine companies and two university labs, all of which submitted software to an open competition held by NIST.

Accuracy varied substantially across the algorithms the NIST team tested. Success rates ranged between 90% and 99% among the algorithms, and some produced as many as 10 times more errors than others. Also, the tests found that while some algorithms would be fast enough to run through a dataset equivalent to the size of the entire US population in less than 10 seconds using a typical computer, there could be significant limitations to their accuracy.

This article is featured in:
Application Security  •  Biometrics  •  Internet and Network Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×