Qualified Mobile Server Signature

摘要

A legal basis for the use of electronic signatures exists since the introduction of qualified electronic signatures in EU Directive 1999/ 93/EC. Although considered as key enablers for e-Government and e-Commerce, qualified electronic signatures are still not widely used. In troducing a mobile component addresses most of the shortcomings of ex isting qualified signature approaches but poses certain difficulties in the security reasoning. The proposed server based mobile signature approach authenticates the signatory over trusted channels and assists the protec tion of the signature-creation data with organizational measures. As with traditional qualified signature approaches, strong authentication of the signatory to the system is ensured by two factors. Knowledge of a PIN and possession of a valid subscriber identity module card is verified over two separate communication channels. The qualified mobil server signa ture fulfills the requirements on secure signature-creation devices defined by the EU directive and in particular its Austrian implementation.