nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API

verfasst von : Iulian Aciobanitei, Paul-Danut Urian, Mihai-Lica Pura

Erschienen in: Innovative Security Solutions for Information Technology and Communications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced electronic signatures are the main security mechanism used for assuring authentication, integrity and non-repudiation of electronic documents. Digitization on a large scale requires secure and flexible electronic signature systems. In E.U., the use of remote qualified electronic signatures has considerably increased after the adoption of the Regulation (EU) No 910/2014 (“eIDAS”). Thanks to the new legislative measures, owning a physical device to create a qualified electronic signature in no longer mandatory, so the user experience has been considerably improved. However, the full potential of remote qualified electronic signatures has not been reached yet. Our work supports the adoption of the remote digital signature in various fields by implementing an Android application that can apply qualified electronic signatures. To assure interoperability, the client-server communication follows a standard protocol: the Cloud Signature Consortium API. The main advantage of our approach is that the Android application is able to sign using certificates issued by different Trust Service Providers. This paper will analyze the current situation and will present the main challenges encountered when designing and developing a digital signature application that uses remote qualified digital certificates as well as the learned lessons that could be of tremendous help for others activating in this field.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Reputation-Based Security Framework for Internet of Things

Nächstes Kapitel Integrating Adversary Models and Intrusion Detection Systems for In-vehicle Networks in CANoe

Nur mit Berechtigung zugänglich

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “qualified electronic signature”.

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26.

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.3, Definition of “electronic signature”.

CEN EN 419 241-1. “Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements”, Section 5.4.

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, Art.26 (c).

https://cloudsignatureconsortium.org/resources/download-api-specifications/.

European Commission, Regulation (EU) No 910/2014 of the European Parliament and of the council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Off. J. Eur. Union, July 2014. https://doi.org/10.1145/1219092.1219093

ETSI TS 119 432: Electronic Signatures and Infrastructures (ESI); Protocols for remote digital signature creation (2019)

CEN EN 419 241–1: Trustworthy Systems Supporting Server Signing Part 1: General System Security Requirements (2016)

CEN EN 419 241–2: Trustworthy Systems Supporting Server Signing. Part 2: Protection Profile for QSCD for Server Signing (2018)

Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 103–111. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15257-3_10CrossRef

Rath, C., Roth, S., Bratko, H., Zefferer, T.: Encryption-based second authentication factor solutions for qualified server-side signature creation. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2015. LNCS, vol. 9265, pp. 71–85. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22389-6_6CrossRef

Rath, C., Roth, S., Schallar, M., Zefferer, T.: Design and application of a secure and flexible server-based mobile eID and e-Signature solution. Int. J. Adv. Secur 7(3&4), 50–130 (2014)

Kinastowski, W.: Digital signature as a cloud-based service. In: The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2013). IARIA (2013)

Reimair, F.: Cloud-based signature solutions: a survey. Technical report, Secure Information Technology Center Austria, October 2014. https://technology.a-sit.at/wp-content/uploads/2014/10/Cloud-based-signature-solutions-a-survey.pdf

10.

EU Signature Directive: Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures. Off. J. L 13 (1999)

11.

ETSI TS 119 431–1: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP service components operating a remote QSCD/SCDev (2018)

12.

CEN 419241–5: Protection profiles for TSP Cryptographic modules. Part 5: Cryptographic Module for Trust Services (2016)

13.

ETSI TS 119 431–2: Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers; Part 2: TSP service components supporting AdES digital signature creation (2018)

14.

Cloud Signature Consortium: Architectures, Protocols and API Specifications for Remote Signature applications (2017)

15.

Organization for the Advancement of Structured Information Standards (OASIS): Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0, April 2007

16.

Theuermann, K., Tauber, A., Lenz, T.: Mobile-only solution for server-based qualified electronic signatures. In: 2019 IEEE International Conference on Communications (ICC 2019). IEEE (2019)

Titel: Learned Lessons from Implementing an Android Client for the Cloud Signature Consortium API
verfasst von: Iulian Aciobanitei
Paul-Danut Urian
Mihai-Lica Pura
Verlag: Springer International Publishing
Buch: Innovative Security Solutions for Information Technology and Communications
Print ISBN: 978-3-030-41024-7

Electronic ISBN: 978-3-030-41025-4

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-41025-4_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"