Abstract
A legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. Introducing amobile component addresses most of the shortcomings of existing qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protection of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signature fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementation
Chapter PDF
Similar content being viewed by others
References
Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures (December 13, 1999), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF
Bundesgesetz über elektronische Signaturen (Signaturgesetz - SigG), StF: BGBl. I Nr. 190/1999 (1999), http://ris.bka.gv.at:80/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10003685 (NR: GP XX RV 1999 AB 2065 S. 180.BR: AB 6065 S. 657.)
Working Paper on Advanced Electronic Signatures (2004), http://www.fesa.eu/public-documents/WorkingPaper-AdvancedSignature-20041012.pdf
Public Statement on Server Based Signature Services (2005), http://www.fesa.eu/public-documents/PublicStatement-ServerBasedSignatureServices-20051027.pdf
Verordnung des Bundeskanzlers über elektronische Signaturen (Signaturverordnung 2008 SigV 2008), StF: BGBl. II Nr. 3/2008 (2008), http://ris.bka.gv.at:80/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20005618
Centner, M., Orthacker, C., Bauer, W.: Minimal-Footprint Middleware for the Creation of Qualified Signatures. In: Proceedings of the 6th International Conference on Web Information Systems and Technologies, pp. 64–69 (2010)
Comitée Européen de Normalisation (CEN): Guidelines for the implementation of Secure Signature-Creation Devices (June 2002), ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14355-00-2004-Mar.pdf
Comitée Européen de Normalisation (CEN): Secure Signature-Creation Devices ”EAL 4+” (2004), ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14169-00-2004-Mar.pdf
Fritsch, L., Ranke, J., Rossnagel, H.: Qualified mobile electronic signatures: Possible, but worth a try? In: Proceedings of Information Security Solutions Europe (ISSE) 2003 Conference. Vieweg Verlag, Vienna (2003)
Hollosi, A., Karlinger, G.: The Austrian Citizen Card, http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20040514/introduction/Introduction.en.html
Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898 (Informational) (September 2000), http://tools.ietf.org/html/rfc2898
Mobilkom Austria AG & Co KG: Certificate Policy für A1 SIGNATUR Zertifikate für Verwaltungssignaturen nach E-Government- Gesetz, E-GovG (2004), http://www.signatur.rtr.at/repository/csp-mobilkom-cp-a1signatur-13-20040423-de.pdf
Ranke, J., Fritsch, L., Roßnagel, H.: M-Signaturen aus rechtlicher Sicht (2003)
Roßnagel, H.: Mobile qualifizierte elektronische Signaturen. PhD thesis, Goethe-Universität Frankfurt a.M (2008)
Secure Information Technology Center Austria (A-SIT): Sichere Signaturerstellungseinheit der A-Trust für die mobile Signatur bestehend aus HSM und HSM Server (2009), http://www.a-sit.at/pdfs/bescheinigungen_sig/1087_bescheinigung_mobile_signatur_final_S_S.pdf
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). RFC 3610 (Informational) (September 2003), http://tools.ietf.org/html/rfc3610
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Orthacker, C., Centner, M., Kittl, C. (2010). Qualified Mobile Server Signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)