Skip to main content
SpringerLink
Log in

Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12001))

  • 428 Accesses

Abstract

Advanced electronic signatures are the main security mechanism used for assuring authentication, integrity and non-repudiation of electronic documents. Digitization on a large scale requires secure and flexible electronic signature systems. In E.U., the use of remote qualified electronic signatures has considerably increased after the adoption of the Regulation (EU) No 910/2014 (“eIDAS”). Thanks to the new legislative measures, owning a physical device to create a qualified electronic signature in no longer mandatory, so the user experience has been considerably improved. However, the full potential of remote qualified electronic signatures has not been reached yet. Our work supports the adoption of the remote digital signature in various fields by implementing an Android application that can apply qualified electronic signatures. To assure interoperability, the client-server communication follows a standard protocol: the Cloud Signature Consortium API. The main advantage of our approach is that the Android application is able to sign using certificates issued by different Trust Service Providers. This paper will analyze the current situation and will present the main challenges encountered when designing and developing a digital signature application that uses remote qualified digital certificates as well as the learned lessons that could be of tremendous help for others activating in this field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “qualified electronic signature”.

  2. 2.

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26.

  3. 3.

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “electronic signature”.

  4. 4.

    CEN EN 419 241-1. “Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements”, Section 5.4.

  5. 5.

    REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26 (c).

  6. 6.

    https://cloudsignatureconsortium.org/resources/download-api-specifications/.

References

  1. European Commission, Regulation (EU) No 910/2014 of the European Parliament and of the council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Off. J. Eur. Union, July 2014. https://doi.org/10.1145/1219092.1219093

  2. ETSI TS 119 432: Electronic Signatures and Infrastructures (ESI); Protocols for remote digital signature creation (2019)

    Google Scholar 

  3. CEN EN 419 241–1: Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements (2016)

    Google Scholar 

  4. CEN EN 419 241–2: Trustworthy Systems Supporting Server Signing. Part 2: Protection Profile for QSCD for Server Signing (2018)

    Google Scholar 

  5. Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 103–111. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15257-3_10

    Chapter  Google Scholar 

  6. Rath, C., Roth, S., Bratko, H., Zefferer, T.: Encryption-based second authentication factor solutions for qualified server-side signature creation. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2015. LNCS, vol. 9265, pp. 71–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22389-6_6

    Chapter  Google Scholar 

  7. Rath, C., Roth, S., Schallar, M., Zefferer, T.: Design and application of a secure and flexible server-based mobile eID and e-Signature solution. Int. J. Adv. Secur 7(3&4), 50–130 (2014)

    Google Scholar 

  8. Kinastowski, W.: Digital signature as a cloud-based service. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2013). IARIA (2013)

    Google Scholar 

  9. Reimair, F.: Cloud-based signature solutions: a survey. Technical report, Secure Information Technology Center Austria, October 2014. https://technology.a-sit.at/wp-content/uploads/2014/10/Cloud-based-signature-solutions-a-survey.pdf

  10. EU Signature Directive: Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures. Off. J. L 13 (1999)

    Google Scholar 

  11. ETSI TS 119 431–1: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD/SCDev (2018)

    Google Scholar 

  12. CEN 419241–5: Protection profiles for TSP Cryptographic modules. Part 5: Cryptographic Module for Trust Services (2016)

    Google Scholar 

  13. ETSI TS 119 431–2: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation (2018)

    Google Scholar 

  14. Cloud Signature Consortium: Architectures, Protocols and API Specifications for Remote Signature applications (2017)

    Google Scholar 

  15. Organization for the Advancement of Structured Information Standards (OASIS): Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0, April 2007

    Google Scholar 

  16. Theuermann, K., Tauber, A., Lenz, T.: Mobile-only solution for server-based qualified electronic signatures. In: 2019 IEEE International Conference on Communications (ICC 2019). IEEE (2019)

    Google Scholar 

Download references

Acknowledgment

This work was supported by a grant of the Romanian Ministry of Research and Innovation, CCCDI - UEFISCDI, project number PN-III-P1-1.2-PCCDI-2017-0272/Avant-garde Technology Hub for Advanced Security (ATLAS), within PNCDI III.

Author information

Authors and Affiliations

  1. Military Technical Academy, 050141, Bucharest, Romania

    Iulian Aciobanitei, Paul-Danut Urian & Mihai-Lica Pura

Authors
  1. Iulian Aciobanitei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul-Danut Urian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mihai-Lica Pura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Iulian Aciobanitei .

Editor information

Editors and Affiliations

  1. Polytechnic University of Bucharest, Bucharest, Romania

    Emil Simion

  2. École Normale Supérieure, Paris, France

    Rémi Géraud-Stewart

Annex A

Annex A

Fig. 4.
figure 4

Remote signing certificate retrieval

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aciobanitei, I., Urian, PD., Pura, ML. (2020). Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API. In: Simion, E., Géraud-Stewart, R. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2019. Lecture Notes in Computer Science(), vol 12001. Springer, Cham. https://doi.org/10.1007/978-3-030-41025-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41025-4_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41024-7

  • Online ISBN: 978-3-030-41025-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation