Authors:
Emina Ahmetovic
1
;
Thomas Lenz
1
and
Christian Kollmann
2
Affiliations:
1
E-Government Innovation Center, Graz, Austria
;
2
A-SIT Plus GmbH, Vienna, Austria
Keyword(s):
PDF Signature App, Qualified Electronic Signatures, Mobile Devices, Authentication, Qualified PDF Signing.
Abstract:
Electronic documents are an important part of a business workflow. To assure the integrity, authenticity, and non-repudiation of those documents, both public and private sectors use qualified electronic signatures to sign PDF files. Benefits of the resulting qualified PDF signing are widely recognized, and there are many desktop and web applications used to sign PDFs. Those applications usually require additional hardware, such as smartphones, or smart cards, to assure a multi-factor authentication in the signing process. However, the prevalence of mobile devices in everyday life posed a need for public services, which can be executed on a single mobile device. In this paper, we develop a user-friendly and privacy-preserving framework for qualified PDF signing on mobile devices. We show the feasibility of our framework by implementing all necessary components: the PDF processing application, the Trust Service Provider server-side, and client-side application. The main focus of these
components is to preserve the privacy of users and to meet user expectations regarding the functionalities of PDF signing applications. Furthermore, we demonstrate the practical applicability of our solution by integrating it into the productive Austrian e-Government system. Lastly, we conclude the paper with extensive performance evaluation.
(More)