Abstract
Despite a legal framework being in place for several years, the market share of qualified electronic signatures is disappointingly low. Mobile Signatures provide a new and promising opportunity for the deployment of an infrastructure for qualified electronic signatures. We analyzed two possible signing approaches (server based and client based signatures) and conclude that SIM-based signatures are the most secure and convenient solution. However, using the SIM-card as a secure signature creation device (SSCD) raises new challenges, because it would contain the user’s private key as well as the subscriber identification. Combining both functions in one card raises the question who will have the control over the keys and certificates. We propose a protocol called Certification on Demand (COD) that separates certification services from subscriber identification information and allows consumers to choose their appropriate certification services and service providers based on their needs. We also present some of the constraints that still have to be addressed before qualified mobile signatures are possible.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Specification of GSM, http://www.3gpp.org/ftp/Specs/archive/
European Union: DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures (1999)
ETSI MCOMM Specialist Task Force 221
Fedderath, H.: Digitale Signatur und Public Key Infrastruktur, http://www-sec.uni-regensburg.de/security/5PKI.pdf
Project. Feasibility Study Electronic Identity Card, www.uni-kassel.de/fb10/oeff_recht/english/projekte/projekteDigiPerso_eng.ghk
Fritsch, L.: A secure, economic infrastructure for signing of web based documents and financial affairs; CBL - Cyberbanking & Law, issue 2 (2002)
Fritsch, L., Ranke, J., Rossnagel, H.: Qualified Mobile Electronic Signatures: Possible, but worth a try? In: Information Security Solutions Europe (ISSE) 2003 Conference, Vienna Austria (2003)
Figge, S., Schrott, G., Muntermann, J., Rannenberg, K.: EARNING M-ONEY–A Situation based Approach for Mobile Business Models. In: Proceedings of the 11th European Conference on Information Systems (ECIS) (2003)
FuchB, T., Fritsch, L.: Security Certificates as a tool for reliably software engineering; Datenschutz und Datensicherheit 9/2000, pp.514 (2000)
Giesecke & Devrient: STARSIM® Applications, STARSIM®banking, www.gdm.de/eng/products/04/index.php4?product_id=386
GSM Association: GSM Statistics, www.gsmworld.com/news/statistics/index.shtml
Pfitzmann, B., Stuble, C.: PERSEUS: A Quick Open-Source Path to Secure Electronic Signatures, http://www.perseus-os.org/
Windows Mobile – based Pocket PCs, http://www.microsoft.com/windowsmobile/products/pocketpc/default.mspx
Radicchio, http://www.radicchio.org
Ranke, J., Fritsch, L., Rossnagel, H.: M-Signaturen aus rechtlicher Sicht. In: Datenschutz und Datensicherheit, vol. 27(2), pp. 95–100. Vieweg & Sohn (2003)
Rannenberg, K.: Identity Management in Mobile Applications. In: Datenschutz und Datensicherheit (DuD), vol. 27(9), pp. 546–550. Vieweg & Sohn (2003)
Regulierungsbehörde für Telekommunikation und Post (RegTP) der Bundesre-publik Deutschland, http://www.regtp.de/
Symbian OS – the mobile operating system, http://www.symbian.com
T-Mobile: Czech Republic: m-payment becomes a universal payment tool for customers, http://www.t-mobile.net/CDA/news_details,20,0,newsid-799,en.html?w=925&h=588
WAP Forum: Specifications of WAP. WIM, http://www.wapforum.org/
European IST Project. Wireless Trust for Europe (WiTness), www.wireless-trust.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rossnagel, H. (2004). Mobile Qualified Electronic Signatures and Certification on Demand. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive