Qualified Mobile server signature

Abstract

A legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. Introducing amobile component addresses most of the shortcomings of existing qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protection of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signature fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementation. © IFIP International Federation for Information Processing 2010.