Abstract
Advanced electronic signatures are the main security mechanism used for assuring authentication, integrity and non-repudiation of electronic documents. Digitization on a large scale requires secure and flexible electronic signature systems. In E.U., the use of remote qualified electronic signatures has considerably increased after the adoption of the Regulation (EU) No 910/2014 (“eIDAS”). Thanks to the new legislative measures, owning a physical device to create a qualified electronic signature in no longer mandatory, so the user experience has been considerably improved. However, the full potential of remote qualified electronic signatures has not been reached yet. Our work supports the adoption of the remote digital signature in various fields by implementing an Android application that can apply qualified electronic signatures. To assure interoperability, the client-server communication follows a standard protocol: the Cloud Signature Consortium API. The main advantage of our approach is that the Android application is able to sign using certificates issued by different Trust Service Providers. This paper will analyze the current situation and will present the main challenges encountered when designing and developing a digital signature application that uses remote qualified digital certificates as well as the learned lessons that could be of tremendous help for others activating in this field.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “qualified electronic signature”.
- 2.
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26.
- 3.
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “electronic signature”.
- 4.
CEN EN 419 241-1. “Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements”, Section 5.4.
- 5.
REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26 (c).
- 6.
References
European Commission, Regulation (EU) No 910/2014 of the European Parliament and of the council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Off. J. Eur. Union, July 2014. https://doi.org/10.1145/1219092.1219093
ETSI TS 119 432: Electronic Signatures and Infrastructures (ESI); Protocols for remote digital signature creation (2019)
CEN EN 419 241–1: Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements (2016)
CEN EN 419 241–2: Trustworthy Systems Supporting Server Signing. Part 2: Protection Profile for QSCD for Server Signing (2018)
Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 103–111. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15257-3_10
Rath, C., Roth, S., Bratko, H., Zefferer, T.: Encryption-based second authentication factor solutions for qualified server-side signature creation. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2015. LNCS, vol. 9265, pp. 71–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22389-6_6
Rath, C., Roth, S., Schallar, M., Zefferer, T.: Design and application of a secure and flexible server-based mobile eID and e-Signature solution. Int. J. Adv. Secur 7(3&4), 50–130 (2014)
Kinastowski, W.: Digital signature as a cloud-based service. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2013). IARIA (2013)
Reimair, F.: Cloud-based signature solutions: a survey. Technical report, Secure Information Technology Center Austria, October 2014. https://technology.a-sit.at/wp-content/uploads/2014/10/Cloud-based-signature-solutions-a-survey.pdf
EU Signature Directive: Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures. Off. J. L 13 (1999)
ETSI TS 119 431–1: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD/SCDev (2018)
CEN 419241–5: Protection profiles for TSP Cryptographic modules. Part 5: Cryptographic Module for Trust Services (2016)
ETSI TS 119 431–2: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation (2018)
Cloud Signature Consortium: Architectures, Protocols and API Specifications for Remote Signature applications (2017)
Organization for the Advancement of Structured Information Standards (OASIS): Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0, April 2007
Theuermann, K., Tauber, A., Lenz, T.: Mobile-only solution for server-based qualified electronic signatures. In: 2019 IEEE International Conference on Communications (ICC 2019). IEEE (2019)
Acknowledgment
This work was supported by a grant of the Romanian Ministry of Research and Innovation, CCCDI - UEFISCDI, project number PN-III-P1-1.2-PCCDI-2017-0272/Avant-garde Technology Hub for Advanced Security (ATLAS), within PNCDI III.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Annex A
Annex A
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Aciobanitei, I., Urian, PD., Pura, ML. (2020). Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API. In: Simion, E., Géraud-Stewart, R. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2019. Lecture Notes in Computer Science(), vol 12001. Springer, Cham. https://doi.org/10.1007/978-3-030-41025-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-41025-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41024-7
Online ISBN: 978-3-030-41025-4
eBook Packages: Computer ScienceComputer Science (R0)