City Research Online - Defining Unified Signature API Library for Mobile Apps to Integrate with Secure Signature Creation Devices (SSCDs)

Defining Unified Signature API Library for Mobile Apps to Integrate with Secure Signature Creation Devices (SSCDs)

Bukhari, A., Miettinen, J. & Rajarajan, M. ORCID: 0000-0001-5814-9922 (2024). Defining Unified Signature API Library for Mobile Apps to Integrate with Secure Signature Creation Devices (SSCDs). In: 2024 IEEE International Conference on Blockchain (Blockchain). 2024 IEEE International Conference on Blockchain (Blockchain), 19-22 Aug 2024, Copenhagen, Denmark. doi: 10.1109/blockchain62396.2024.00091

Abstract

Secure Signature Creation Devices (SSCDs) are building blocks for performing a legal value digital signature. As the world moves more towards digital transactions, it increases reliance on digital signatures. Interfacing and enabling a SSCD to work with a mobile phone application allows these applications to perform digital signatures of legal value (i.e. Qualified Electronic Signatures - QES, in EU). However, the lack of standardized APIs for interfacing SSCDs with mobile apps poses significant hurdles to widespread adoption. and poses many challenges. This paper introduces a novel approach to address the challenges of integrating Secure Signature Creation Devices (SSCDs) with mobile applications by proposing a solution called MUSAP utilizing Unified Signature API Library. MUSAP enables secure communication between mobile apps and SSCDs, ensuring the protection of private keys and compliance with legal frameworks such as the eIDAS regulation. Implementation details and use cases demonstrate the practical application of MUSAP, showcasing its versatility in supporting both centralized and decentralized identity technologies. The entity issuing identity assertions (certificate or verifiable credential) holds the responsibility for verifying both user's identity, key material and provide a Level of Assurance (LoA) selection mechanism. Key material verification can be achieved by Controlling the key generation process, verifying device trust and relaying key attestations. MUSAP is released as open-source solution at in Github.

Publication Type:	Conference or Workshop Item (Paper)
Additional Information:	© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Publisher Keywords:	SSCD, eIDAS, Digital Signature, EDIW, MUSAP
Subjects:	H Social Sciences > HN Social history and conditions. Social problems. Social reform Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology School of Science & Technology > Engineering
SWORD Depositor:	Symplectic Administrator

[thumbnail of Ammar_Jarmo_Raj_MUSAP_paper_2024184872.pdf]

Preview

Text - Accepted Version
Download (448kB) | Preview

Official URL: http://dx.doi.org/10.1109/blockchain62396.2024.000...

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

Funder Information

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Bukhari, A. Miettinen, J. Rajarajan, M. ORCID: 0000-0001-5814-9922
Event Title:	2024 IEEE International Conference on Blockchain (Blockchain)
Event Type:	Conference
Event Location:	Copenhagen, Denmark
Event Dates:	19-22 Aug 2024
Status:	Published
Refereed:	Yes
Journal or Publication Title:	2024 IEEE International Conference on Blockchain (Blockchain)
Publisher:	IEEE
ISSN:	2834-9903
e-ISSN:	2834-9946
URI:	https://openaccess.city.ac.uk/id/eprint/34121
Date available in CRO:	29 Nov 2024 09:28
Date deposited:	28 November 2024
Dates:	Date Event 18 September 2024 Published 18 September 2024 Published Online 1 July 2024 Accepted