W3C is pleased to recieve the "Clear, Secure, and Portable Visual Marks for the Cyber World" submission from Hitachi Ltd.
This Submission addresses concerns regarding the authenticity and integrity of trust marks. These images are used in Web pages by a member organization or licensee ("Organization") to represent a relationship (e.g., quality or membership) with the trusted organization ("Guarantor"). For instance, privacy seals are adopted and displayed by member Organizations in order to represent their compliance with the privacy policies of the trusted Guarantor [CleinWaterman, TRUSTe] . However, what is to stop malicious sites from "pirating" the marks for use on their own site without the Guarantor's sanction? While Guarantors and their Organizations may (1) ask users to verify such marks by clicking on them and reviewing a list of sanctioned organizations (which could be fabricated as well), or (2) use Web crawlers to look for pirates, neither solution consistently ensures the authenticity of all marks.
The submission approaches this problem by proposing a design that binds the (1) image, the (2) organization's IP number, and (3) other data describing the location and structure of the Organization's site with a digital signature of the Gaurantor. The Submission calls for the standardization of the particulars of virtual marks (e.g., image format extensions and cryptographic algorithms) as well as the more difficult issue of standardizing the authentication of such a mark upon user activation (e.g., clicking the image invokes a cryptographic process for validating the signature over the visual mark).
W3C is not currently planning to work in this area, so no further action is planned.