Abstract
Electronic signatures are a crucial building block of transactional e-services. This especially applies to the European Union, where so-called qualified electronic signatures are legally equivalent to their handwritten pendant. For many years, signature solutions, which enable users to create electronic signatures, have been designed for classical end-user devices such as desktop computers or laptops. In most cases, these solutions cannot be easily applied on mobile end-user devices such as smartphones or tablet computers, due to the special characteristics of these devices. This complicates a use of transactional e-services on mobile devices and excludes a growing number of users, who prefer mobile access to services. To tackle this problem, this paper provides a basis for mobile signature solutions that are compatible to and applicable on mobile end-user devices. Possible architectures for these solutions are systematically derived from an abstract model first. Then, the best alternative is determined by means of systematic assessments. In particular, the aspects security and usability are considered in detail. This finally yields an implementation-independent and technology-agnostic architecture that can be used as basis for concrete implementations. By keeping the proposed solution on a rather abstract architectural level, its validity is assured, even if available mobile technologies and the current state of the art change. This way, the proposed architecture represents a sustainable basis for future mobile signature solutions and paves the way for transactional e-services on mobile end-user devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A-Trust: Handy-Signatur - Your digital identity (2015). https://www.handy-signatur.at
Agência para a Modernização Administrativa: Cartão de Cidadão (2015). http://www.cartaodecidadao.pt
Al-Hadidi, A., Rezgui, Y.: Critical success factors for the adoption and diffusion of m-Government services: a literature review. In: Proceedings of the European Conference on e-Government, ECEG, pp. 21–28 (2009)
Al-khamayseh, S., Lawrence, E., Zmijewska, A.: Towards understanding success factors in interactive mobile government (2007). http://www.mgovernment.org/
ANSI: Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA) (2005) http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.62%3A2005
Apple: iOS 8 (2015). https://www.apple.com/at/ios/
Arnellos, A., Lekkas, D., Zissis, D., Spyrou, T., Darzentas, J.: Fair digital signing: the structural reliability of signed documents. Comput. Secur. 30(8), 580–596 (2011). http://www.sciencedirect.com/science/article/pii/S016740481100112X
CEN: CWA 14169 - Secure Signature-Creation Devices “EAL 4+”. Technical report, European Committee for Standardization (2004)
CEN: CWA 14170 - Security Requirements for Signature Creation Applications (2004). http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_ PROJECT,FSP_ORG_ID:23764,400296&cs=1C1B2F4DF3464C9FD768CB422F16D3387
Check Point Software Technologies Ltd: Media Alert: Check Point and Versafe Uncover New Eurograbber Attack (2012). http://www.checkpoint.com/press/2012/120512-media-alert-cp-versafe-eurograbber-attack.html
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing Inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM Press (2011). http://www.eecs.berkeley.edu/~emc/papers/mobi168-chin.pdf
Common Criteria (2013). http://www.commoncriteriaportal.org/
El-Kiki, T.: mGovernment: a reality check. In: Conference Proceedings of the 6th International Conference on the Management of Mobile Business, ICMB 2007, p. 37. IEEE (2007)
El-Kiki, T., Lawrence, E.: Mobile user satisfaction and usage analysis model of mGovernment services. In: Proceedings of the Second European Mobile Government Conference, pp. 91–102 (2006)
Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Secur. Priv. 7, 50–57 (2009)
ETSI: Conformity Assessment for Signature Creation and Validation Applications (2014). http://docbox.etsi.org/esi/Open/Latest_Drafts/prEN_419103_v002_conformity-assessment-sign-creation-validation_COMPLETE-draft.pdf
Fairchild, A., de Vuyst, B.: The evolution of the e-ID card in Belgium: data privacy and multi-application usage. In: Sixth International Conference on Digital Society, pp. 13–16, Valencia (2012)
Google: Android (2015). https://www.android.com/
Harrison, R., Flood, D., Duce, D.: Usability of mobile applications: literature review and rationale for a new usability model. J. Interact. Sci. 1(1), 1 (2013)
ID.ee: Mobiil-ID (2015). http://id.ee/index.php?id=36881
Karan, K., Khoo, M.: Mobile diffusion and development: issues and challenges of m-Government with India in perspective. In: Proceedings of the 1st International Conference on M4D Mobile Communication Technology for Development, pp. 138–149 (2008)
Leitold, H., Hollosi, A., Posch, R.: Security architecture of the Austrian citizen card concept. In: 2002 Proceedings of the 18th Annual Computer Security Applications Conference, pp. 391–400 (2002)
mobiForge: Mobile software statistics 2014 (2015). http://mobiforge.com/research-analysis/mobile-software-statistics-2014
Network Working Group: The Transport Layer Security (TLS) Protocol Version 1.2 (2008). http://tools.ietf.org/rfcmarkup/5246
OpenSignal: Android fragmentation visualized. Technical report (2014). http://opensignal.com/reports/2014/android-fragmentation/
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Rogers, M., Goadrich, M.: A hands-on comparison of iOS vs. Android. In: Proceedings of the 43rd ACM Technical Symposium on Computer Science Education, SIGCSE 2012, p. 663. ACM, New York (2012)
The European Parliament, the Council of the European Union: Directive 1999/93/EC of the European Parliament and of the Council of 13 on a Community Framework for Electronic Signatures, December 1999
The European Parliament, the Council of the European Union: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market and Repealing Directive 1999/93/EC, July 2014
Zefferer, T., Kreuzhuber, S., Teufl, P.: Assessing the suitability of current smartphone platforms for mobile government. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2013 and EGOVIS 2013. LNCS, vol. 8061, pp. 125–139. Springer, Heidelberg (2013)
Zefferer, T., Krnjic, V.: Usability evaluation of electronic signature based e-Government solutions. In: Proceedings of the IADIS International Conference WWW/INTERNET 2012, pp. 227–234 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Zefferer, T. (2016). A Sustainable Architecture for Secure and Usable Mobile Signature Solutions. In: Monfort, V., Krempels, KH., Majchrzak, T.A., Turk, Ž. (eds) Web Information Systems and Technologies. WEBIST 2015. Lecture Notes in Business Information Processing, vol 246. Springer, Cham. https://doi.org/10.1007/978-3-319-30996-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-30996-5_17
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30995-8
Online ISBN: 978-3-319-30996-5
eBook Packages: Computer ScienceComputer Science (R0)