Encryption-Based Second Authentication Factor Solutions for Qualified Server-Side Signature Creation

摘要

Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.