Abstract
Qualified electronic signatures are recognized as being equivalent to handwritten signatures and are supported by EU legislation. They require a secure signature creation device (SSCD) such as a smart card. This paper presents a novel approach for the integration of smart cards in web applications without the requirement to install dedicated software on the user’s computer. The signature creation process is split into two parts: One part is performed on the server side and the other part (requiring access to functions of the secure signature creation device) is deployed and executed as a lightweight component in the user’s browser on demand. This significantly facilitates the usage of smart cards for the creation of qualified electronic signatures and therefore counteracts their low market penetration all over Europe. The approach has meanwhile attracted attention in various Member States and proved ideal for the quick integration and deployment of a large number of diverse and rapidly evolving SSCDs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bundesamt fr Sicherheit in der Informationstechnik: BSI - Technische Richtlinie: eCard-API-Framework, BSI TR-03112 (2008), http://www.bsi.bund.de/cln_136/ContentBSI/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html
European Commission / European eGovernement services (IDABC): Preliminary Study on Mutual Recognition of eSignatures for eGovernment applications, Report (November 2007), http://ec.europa.eu/idabc/en/document/6485
European Parliament and Council: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999, on a Community framework for electronic signatures (December 1999), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:EN:HTML
Hollosi, A., Karlinger, G.: The Austrian Citizen Card. AG Bürgerkarte (May 2004), http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20040514/introduction/Introduction.en.html
Leitold, H., Hollosi, A., Posch, R.: Security architecture of the austrian citizen card concept. In: Proceedings of 18th Annual Computer Security Applications Conference, 2002 , pp. 391–400 (2002)
Rössler, T.: Giving an interoperable e-ID solution: Using foreign e-IDs in Austrian e-Government. Computer Law & Security Report 24(5), 447–453 (2008)
Rössler, T., Leitold, H.: Identifikationsmodell der österreichischen Bürgerkarte. In: Proceedings of the D-A-CH Security Conference 2005. University of Technology Darmstadt, Germany (2005)
Roßnagel, H.: On diffusion and confusion – why electronic signatures have failed. Lecture Notes in Computer Science – Trust and Privacy in Digital Business pp. 71–80 (2006), http://dx.doi.org/10.1007/11824633_8
Roßnagel, H.: Mobile qualifizierte elektronische Signaturen. Datenschutz und Datensicherheit (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Orthacker, C., Centner, M. (2011). Minimal-Footprint Middleware to Leverage Qualified Electronic Signatures. In: Filipe, J., Cordeiro, J. (eds) Web Information Systems and Technologies. WEBIST 2010. Lecture Notes in Business Information Processing, vol 75. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22810-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-22810-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22809-4
Online ISBN: 978-3-642-22810-0
eBook Packages: Computer ScienceComputer Science (R0)