Signatures to Go: A Framework for Qualified PDF Signing on Mobile Devices

Emina Ahmetovic, Thomas Lenz, Christian Kollmann

Abstract

Electronic documents are an important part of a business workflow. To assure the integrity, authenticity, and non-repudiation of those documents, both public and private sectors use qualified electronic signatures to sign PDF files. Benefits of the resulting qualified PDF signing are widely recognized, and there are many desktop and web applications used to sign PDFs. Those applications usually require additional hardware, such as smartphones, or smart cards, to assure a multi-factor authentication in the signing process. However, the prevalence of mobile devices in everyday life posed a need for public services, which can be executed on a single mobile device. In this paper, we develop a user-friendly and privacy-preserving framework for qualified PDF signing on mobile devices. We show the feasibility of our framework by implementing all necessary components: the PDF processing application, the Trust Service Provider server-side, and client-side application. The main focus of these components is to preserve the privacy of users and to meet user expectations regarding the functionalities of PDF signing applications. Furthermore, we demonstrate the practical applicability of our solution by integrating it into the productive Austrian e-Government system. Lastly, we conclude the paper with extensive performance evaluation.

Download


Paper Citation