Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code