Self-Proxy Mobile Signature: A New Client-Based Mobile Signature Model

The application of a fast and secure mobile signature model is an essential issue for the development of the mobile electronic commerce since digital signatures can provide authentication, data integrity, and non-repudiation. There are several technologies and models with the aim of implementing signature processes for mobile devices. In this paper, we categorize them into client-based and server-based models. We will comment on the most important properties of each solution and analyze the advantages and disadvantages, with a special focus on the private key security, performance of the signature generation process, and application of digital certificates. Furthermore, we present, analyze, and develop a new client-based mobile signature model, based on the concept of proxy certificates, which guarantees the security of user's private key as well as improving the speed of signature generation process. This model can be extended in order to use it for mobile partial identification, and also, to develop applications like secure mobile auctions that need several signature generations in a short period of time.

[1]  Heiko Rossnagel,et al.  Mobile Qualified Electronic Signatures and Certification on Demand , 2004, EuroPKI.

[2]  Chih-Cheng Chen,et al.  A server-aided signature scheme for mobile commerce , 2007, IWCMC.

[3]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[4]  Antonio F. Gómez-Skarmeta,et al.  Mobile Signature Solutions for Guaranteeing Non-Repudiation in Mobile Business and Mobile Commerce , 2009 .

[5]  Evgenia Pisko Mobile Electronic Signatures: Progression from Mobile Service to Mobile Application Unit , 2007, International Conference on the Management of Mobile Business (ICMB 2007).

[6]  Joos Vandewalle,et al.  (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions , 2003, TOIT.

[7]  Kemal Bicakci,et al.  Improved server assisted signatures , 2005, Comput. Networks.

[8]  Zhenqi Wang,et al.  Security Research on J2ME-Based Mobile Payment , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[9]  Samuel T. Chanson,et al.  Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce , 2004, World Wide Web.

[10]  Miguel Mira da Silva,et al.  Secure Mobile Agent Digital Signatures with Proxy Certificates , 2001, E-Commerce Agents.

[11]  Ning Zhang,et al.  Secure M-commerce Transactions: A Third Party Based Signature Protocol , 2007, Third International Symposium on Information Assurance and Security.

[12]  Omaima Bamasak,et al.  A secure method for signature delegation to mobile agents , 2004, SAC '04.

[13]  Chung-Ming Ou,et al.  Adaptation of proxy certificates to non-repudiation protocol of agent-based mobile payment systems , 2009, Applied Intelligence.

[14]  Antonio F. Gómez-Skarmeta,et al.  A Survey of Electronic Signature Solutions in Mobile Devices , 2007, J. Theor. Appl. Electron. Commer. Res..

[15]  Deren Chen,et al.  Generating digital signatures on mobile devices , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[16]  Kemal Bicakci,et al.  SAOTS: A New Efficient Server Assisted Signature Scheme for Pervasive Computing , 2003, SPC.

[17]  Ning Zhang,et al.  A new signature scheme: joint-signature , 2004, SAC '04.

[18]  David Lin,et al.  Design and correctness proof of a security protocol for mobile banking , 2009, Bell Labs Technical Journal.

[19]  D. O'Mahony,et al.  Electronic payment systems for e-commerce , 2001 .

[20]  Gene Tsudik,et al.  Equipping smart devices with public key signatures , 2007, TOIT.