An electronic Signature Infrastructure for mobile Devices

Journal of Theoretical …, 2007

The development of electronic signature in mobile devices is an essential issue for the advance and expansion of the mobile electronic commerce since it provides security and trust in the system. E-signatures provide security for the transactions with authenticity and integrity characteristics that make non-repudiation of the transactions possible.

A legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. Introducing amobile component addresses most of the shortcomings of existing qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protection of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signature fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementation

2004

Four years have passed since the EU directive on electronic signatures has been enacted by the European Union. By 2002, all EU member countries had to implement local legislation for electronic signatures. Development of products and applications in these countries so far, mainly focuses on signing with desktop PC’s on the basis of smart cards, issued by certification authorities. Several parties worked on mobile signing infrastructures, but as of today, no integrated implementation of qualified mobile signatures has occurred on the market. This raises the question whether qualified mobile signatures can be implemented at all and whether they can be implemented economically. This paper will analyse and conclude the possible conformance of mobile technology with the EU directive on mobile signatures and discuss economic implications for market scenarios. 1. The EU directive on Electronic Signatures In the directive 1999/93/EC of the European Parliament [EU_esig1999], legal requiremen...

IEEJ Transactions on Electrical and Electronic Engineering, 2006

We have developed a public key certificate validation system considering the restrictions peculiar to the mobile environment, such as processing the speed and memory capacity of a cellular-phone terminal, and the network transmission speed. In this paper we derive a theoretical formula showing the performance of a validity check of the public key certificate of the conventional system and of the proposed system, and compare and examine a theoretical value in a mobile environment. Moreover, we evaluate the actual measurement that uses the server and cellular-phone terminal that we developed. We show that our proposed system based on the certificate validation server (CVS) system is better than the conventional system from the viewpoint of processing speed and transmission speed.

Lecture Notes in Computer Science, 2002

There are important details that give legal validity to handwritten signatures: First, the document to be signed is under control of the signatory and it is not possible to substitute or alter it, and second, the tools to produce the signature (the pen and the signatory itself) are also under control of the signatory. These details make possible that handwritten signatures are used in a law court to prove the willingness of the signatory to be bound by the content of the document. Digital signatures require complex calculations that can not be done using mental arithmetic by the signatory. In this case neither document nor tools are under direct control of the signatory but under control of a computer. Consequently, the willingness of the signatory can not be sufficiently demonstrated. Furthermore, to be able to perform digital signatures, we must assume that the user trusts the computer to perform exactly what is intended. This yields digital signatures unusable in scenarios that require mobility. In this paper we present a system to perform digital signatures in environments that require mobility. The system is based on the use of personal digital assistants and smart cards and fulfils the common requirements established in different national laws regarding digital signatures.

This paper presents a new digital signature to mobile devices. This digital signature system takes into account the device limitations and thus generates a functional signature. This paper also presents a case study that allows the evaluation of the device implication in the key generation that takes part of the digital signature process.

This paper describes the legal framework, architecture with standards and signature services of the new public Finnish federated strong mobile signature scheme. Mobile signatures are used, for example, for user identification and authentication, the message authentication, non-repudiation of transactions and verifying the information integrity. The service is based on mobile PKI and on the federation of security assertions using ETSI MSS standards. The service provider needs an agreement only with one operator. Then all services in the Circle of Trust may request authentication and digital signing from user even if a service provider has made an agreement with other competing operator than the home operator of the user. The signature service platform is extremely secure using strong two-factor and two-channel model. All personal security credentials are stored and the crypto-operations run in the mobile operator's tamper-proof secure element, UICC. The Finnish mobile signature service fulfils the strong identification in the Finnish 'Identification' Act. The service platform offers potentially to millions of Finnish citizens and the participating Finnish businesses convenient to use and trusted signature services on various service channels for applications hosted on the premises or in the cloud. Signature services can be used also abroad where SMS services are provided and where user's operator has a roaming agreement.

Traditionally, the document was recorded on the papers and signed by related personnel to differentiate the responsibility. As the technology of communication is evolved quickly, it makes people connect each other by many different ways. Now, the e-document can be transferred on the network and e-signed with proper tools. However, it still needs people to stay in front of desktop to send and receive e-document. In this paper, we propose a way to send and receive the urgent e-document with cellular phone. For the sake of safety and non-repudiation, the users need to e-sign the document after receiving and before sending our e-document using the embedded wireless identity module (WIM) inside the SIM cards. The use of WIM in the SIM card to sign e-document can make the signing process more secure and reduce the possibility of argument. A prototype of this system was implemented. As can be imagined, the system will provide convenience and security for top managers to handle urgent events and e-document on the move.

The Ninth Pacific Asia Conference on …, 2005

In 1999 the directive 1999/93/EC of the European Parliament and of the Council was enacted, providing legal requirements for a common introduction of electronic signatures in Europe. So far the signature market has failed miserably. Mobile electronic signatures are often seen as a potential and promising way to provide market acceptance for electronic signatures. This paper builds upon an infrastructure for qualified mobile electronic signatures proposed by Rossnagel (2004) that does not require the mobile operator to act as a certificate service provider (CSP). The user can freely choose a CSP and add the signature functionality along with the required certificates later on demand. In this paper we will take a look at the economic feasibility of mobile qualified electronic signatures from the viewpoint of a mobile operator (MO) and try to predict his return on investment. We also examine potential revenues for CSPs using new business models as proposed by Lippmann and Rossnagel (2005) that have the potential to be far more successful than the current ones. Our prediction shows that mobile qualified electronic signatures can be quite profitable for a mobile operator as well as the CSPs.

18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.

With the explosion of the mobile communication market, more and more handheld devices act as clients in the Internet. People use these devices to purchase books, play games, receive emails, etc. For protecting privacies, such applications should integrate digital signature schemes. Since handheld devices have poor computational capabilities and limited battery life, traditional computation intensive digital signature protocols that are based on asymmetric cryptographic algorithms are not suitable for mobile devices. In this paper, we propose a Server Based Signature (SBS) scheme for mobile devices. Besides achieving the same security level of the traditional digital signature protocols, the SBS scheme also: 1) reduces the computation complexity on the mobile devices; 2) reduces the communication consumption between signer and verifier. Application results show that our scheme is very useful for mobile communication systems.