DISIMOD–Digital Signature for Mobile Devices (original) (raw)
Related papers
Generating digital signatures on mobile devices
18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004.
With the explosion of the mobile communication market, more and more handheld devices act as clients in the Internet. People use these devices to purchase books, play games, receive emails, etc. For protecting privacies, such applications should integrate digital signature schemes. Since handheld devices have poor computational capabilities and limited battery life, traditional computation intensive digital signature protocols that are based on asymmetric cryptographic algorithms are not suitable for mobile devices. In this paper, we propose a Server Based Signature (SBS) scheme for mobile devices. Besides achieving the same security level of the traditional digital signature protocols, the SBS scheme also: 1) reduces the computation complexity on the mobile devices; 2) reduces the communication consumption between signer and verifier. Application results show that our scheme is very useful for mobile communication systems.
A survey of electronic signature solutions in mobile devices
Journal of Theoretical …, 2007
The development of electronic signature in mobile devices is an essential issue for the advance and expansion of the mobile electronic commerce since it provides security and trust in the system. E-signatures provide security for the transactions with authenticity and integrity characteristics that make non-repudiation of the transactions possible.
An electronic Signature Infrastructure for mobile Devices
ISSE 2005 — Securing Electronic Business Processes, 2005
The mobile commerce will come true when we provide the certification services and electronic signature necessaries to make the electronic transactions secure. However, at this moment, the mobile technologies can not offer us theses services or they are much reduced. This paper discusses the main drawbacks of these technologies and describes the infrastructure and components that we have developed in response to this need. The infrastructure, as a result of a project between a Spanish mobile operator and the University of Murcia, offers the applications, certification services and electronic signature combined with the use of highly-recognized standards. With Windows mobile, we made components to the process of certification, the signing and time-stamping of an electronic document and the important problem of the validation of a certificate. Our infrastructure has also been tested in a real environment, providing us an interesting feedback based on technical and user-friendly matters.
Practical Mobile Digital Signatures
Lecture Notes in Computer Science, 2002
There are important details that give legal validity to handwritten signatures: First, the document to be signed is under control of the signatory and it is not possible to substitute or alter it, and second, the tools to produce the signature (the pen and the signatory itself) are also under control of the signatory. These details make possible that handwritten signatures are used in a law court to prove the willingness of the signatory to be bound by the content of the document. Digital signatures require complex calculations that can not be done using mental arithmetic by the signatory. In this case neither document nor tools are under direct control of the signatory but under control of a computer. Consequently, the willingness of the signatory can not be sufficiently demonstrated. Furthermore, to be able to perform digital signatures, we must assume that the user trusts the computer to perform exactly what is intended. This yields digital signatures unusable in scenarios that require mobility. In this paper we present a system to perform digital signatures in environments that require mobility. The system is based on the use of personal digital assistants and smart cards and fulfils the common requirements established in different national laws regarding digital signatures.
Qualified mobile electronic signatures : Possible , but worth a try ?
2004
Four years have passed since the EU directive on electronic signatures has been enacted by the European Union. By 2002, all EU member countries had to implement local legislation for electronic signatures. Development of products and applications in these countries so far, mainly focuses on signing with desktop PC’s on the basis of smart cards, issued by certification authorities. Several parties worked on mobile signing infrastructures, but as of today, no integrated implementation of qualified mobile signatures has occurred on the market. This raises the question whether qualified mobile signatures can be implemented at all and whether they can be implemented economically. This paper will analyse and conclude the possible conformance of mobile technology with the EU directive on mobile signatures and discuss economic implications for market scenarios. 1. The EU directive on Electronic Signatures In the directive 1999/93/EC of the European Parliament [EU_esig1999], legal requiremen...
Dynamic Signature Verification on Smart Phones
Communications in Computer and Information Science, 2013
This work is focused on dynamic signature verification for state-of-the-art smart phones, including performance evaluation. The analysis was performed on database consisting of 25 users and 500 signatures in total acquired with Samsung Galaxy Note. The verification algorithm tested combines two approaches: feature based (using Mahalanobis distance) and function based (using DTW), and the results are shown in terms of EER values. A number of experimental findings associated with signature verification in this scenario are obtained, e.g., the dominant challenge associated with the intra-class variability across time. As a result of the algorithm adaptation to the mobile scenario, the use of a state-of-the-art smart phone, and contrarily to what has been evidenced in previous works, we finally demonstrate that signature verification on smart phones can result in a similar verification performance compared to one obtained using more ergonomic stylus-based pen tablets. In particular, the best result achieved is an EER of 0.525%.
Qualified Mobile Server Signature
A legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. Introducing amobile component addresses most of the shortcomings of existing qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protection of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signature fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementation
Public hash signature for mobile network devices
In this work we have developed a digital signature protocol using hash functions that once implemented on mobile devices have demonstrated to be secure and efficient. It has been incorporated a model for a Certification Authority to exchange public keys between users. This work constitutes an experimental research, which bears a certain resemblance to theoretical research, but is not intended to propose a new theory, but to establish the behavior of a system to know its characteristics, in order to improve its knowledge and/or its performance. The hash signature system was tested on mobile communication devices. The experimental results show that the hash signature improves the efficiency to generate the cryptographic keys and the signing and verification processes when compared to ECC. Likewise, when generating 2048 keys, the hash signature is faster than RSA. In addition, the larger RSA keys consume a significative time, while the hash does not require to increase the size of the keys. Although we have not included here a formal analysis about the protocol, we highlight some points that improve the security of the proposed protocol. Finally, this work constitutes a new approach to public key cryptography based on hash functions that could be used to make digital signatures in electronic commerce. This method is suitable for mobile network devices due to the high speed and low hardware requirements of the hash functions. The method described here, which is compatible with hash functions, belongs to the field of post-quantum cryptography. The security of the method is based on the security of the hash cryptography, which is widely known and discussed.
2013
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http://ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). ETSI Draft SR 019 020 V0.0.4 (2013-11) 9 [i.26] IETF RFC 5055 Server-Based Certificate Validation Protocol Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the [following] terms and definitions [given in ... and the following] apply: Digital signature value: data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient. Note: This excludes any public key certificate or other information required to conform to advanced electronic signature standards such as EN 319 122 [i.2], EN 319 132[i.3], EN 319 142 [i.4] Advanced Electronic signature: electronic signature which meets the following requirements: a) it is uniquely linked to the signatory; b) it is capable of identifying the signatory; c) it is created using means that the signatory can maintain under his sole control; and d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
A Comprehensive Study of Cryptography and Digital Signature
2015
— With the computerized message systems replacing the physical transport of paper and ink documents, an effective solution for authentication of the electronic data is necessary. In situation where there is not complete trust between sender and receiver, something more than authentication is needed.The most attractive solution to this problem is the digital signature. While the nature of the transaction these documents are meant to support has not changed, the environment in which the transaction is made is changing. To support the new environment we must provide rules and practices that employ electronic and digital signature technology to achieve and surpass the functionality historically expected from paper based documents with ink signatures. Compared to the tedious and labour-intensive paper methods such as checking specimen signature cards, digital signatures yield a high degree of assurance without adding greatly to the resources required for processing documents. Digital sig...