Non-repudiation is an important issue in mobile business and mobile commerce in order to provide the necessary evidences to prove whether some party participated in a transaction. The basis to support non-repudiation is the electronic signature. In Europe, directive 1999/93/EC of the European Parliament and the Council establishes the conditions that should be fulfilled in order to provide an electronic signature legally equivalent to the handwritten signature. This chapter presents and analyses the different solutions that have appeared over the years to provide mobile signatures. This analysis will help us to determine which mobile signatures solutions can be considered legally equivalent to the handwritten signature. Thus, this chapter allows people to get to know the different solutions that are available to build mobile commerce and mobile business applications that require the use of the non-repudiation service, and hence electronic signature in mobile devices.
TopIntroduction
Nowadays, mobile handsets (mobile phones, Personal Digital Assistants, etc) are an important element in our daily life. In fact, in developed countries almost everybody has a mobile handset and almost everybody has it on them every time. More and more these devices are reducing their size, and, even more importantly, they are incorporating new features of communication, entertainment and computation and storage capabilities. These improvements make possible the development, in different scenarios, of services that previously were not possible, such as in mobile commerce (m-commerce), mobile business (m-business) or multimedia. Among these services (Grillo et al., 2008; Zmijewska & Lawrence, 2006; Dahlberg et al., 2008) we can mention: m-payments, location-based services, banking transactions, contract signing, brokerage, mobile access to enterprise applications, e-health environments, and so on. These services, thanks to our mobile handsets, could be offered and used anywhere/anytime. Indeed, they could be used in pervasive environments in order to facilitate the daily life/work of the users.
Most of the m-commerce and m-business applications or services need to use some security services to guarantee the safety of the transactions that they perform. Of the different security services we can highlight non-repudiation because this service provides the necessary evidences to prove whether some party participated in a transaction. The basis to support this service of non-repudiation is the electronic signature since it allows the creation of evidences associated to a transaction and a user or entity (Zhou, 2001). Non-repudiation also needs other components or elements such as timestamping services, the participation of trusted third parties (TTPs), etc (for a deeper analysis see (Zhou, 2001)). However, as we have just mentioned, the basic element is the use of electronic signature. In this chapter we will focus on how to provide this service in mobile devices. From this basis we will be able to develop the rest of components or services needed and that are out of the scope of this chapter.
The goal of the electronic signature (e-signature) is to be equivalent to handwritten signatures, even in legal terms. In Europe, directive 1999/93/EC of the European Parliament and the Council (European Parliament, 2000) establishes the conditions that should be fulfilled in order to provide an e-signature legally equivalent to the handwritten signature. These conditions will be explained later in this chapter but we can release some details. Basically, it consists of generating the electronic signature by using a Secure Signature Creation Device (SSCD) with a qualified certificate. Previously, it was no possible to satisfy these conditions in mobile devices due to their limited cryptographic and computational capabilities. Today the situation is completely different and we are able to generate e-signatures based on asymmetric cryptography or even based on elliptic curve cryptography. Furthermore, there are now different technologies to provide e-signatures in mobile devices.
The aim of this chapter is to present the different solutions that have appeared over the years to provide mobile signatures (section 4). But before presenting these, we are going to describe the basic concepts related to mobile electronic signature (section 2) as well as the different technologies that we have available to build these mobile signatures (section 3). Furthermore, as well as reviewing the different solutions, we are going to analyze them from the security and legal point of view with the aim of determining whether the mobile signatures generated in these solutions can be considered legally equivalent to the handwritten signature (section 4). Therefore, this chapter will allow us to get to know the different solutions that we have available to build m-commerce and m-business applications that require the use of the non-repudiation service, and hence electronic signature in mobile devices. Thus, this chapter is useful to understand how current m-commerce and m-business applications as well as new ones that support new business models can incorporate the use of the e-signature in their processes. Finally, we have also decided to include an Appendix with a glossary of acronyms in order for the reader to find easily the meaning of each acronym used in this chapter.