mobile app for qualified PDF signing, which at the
same time satisfies aspects of security, privacy, or us-
ability. A worrisome finding that revealed security
and privacy risk cases when online web applications
are exploited as mobile services urged the need to find
a solution for single-device users.
Challenges. There are a couple of reasons why qual-
ified PDF signatures remained insufficiently explored
inside the m-Government context. In general, users
anticipate that mobile services will offer the same
functionalities at the same security level as web and
desktop devices (Alliance, 2017). However, pro-
viding an elegant way to securely authenticate users
emerged as one of the biggest challenges. Mobile
devices have different security features and hardware
capabilities compared to personal computers. More-
over, constant changes in mobile technology made it
hard to come up with a long-term and stable authen-
tication mechanism. Different approaches with smart
cards, tokens, or additional smartphones, have been
proposed and implemented in past years. While those
solutions provide secure authentication, they suffer
from usability issues when used in the mobile do-
main (Theuermann et al., 2019a), (Lenz and Alber,
2017). Fortunately, recent advances in mobile tech-
nology, such as secure storage and support for biomet-
rics, can be leveraged to tackle the above-mentioned
challenges.
Contribution. In this paper, we propose a user-
friendly and privacy-preserving solution for qualified
PDF signing on mobile devices.
First, we introduce a framework for generating
qualified PDF signatures on a single mobile device.
a) Users can create legally binding PDF files in such
a way that authenticity, integrity, and non-repudiation
are guaranteed. b) The solution addresses the privacy-
related issues from prior work. The extensive client-
side implementation improves the privacy of users by
reducing dependencies on third-party services. c) We
propose a mobile app that processes PDF files. The
app provides the same usability features as desktop
and web applications for PDF signing. d) Our so-
lution employs easy means of authentication without
additional hardware requirements. Device-level bio-
metrics supports strong authentication on a single de-
vice.
Second, we implement all the necessary com-
ponents to show the architectural feasibility of our
solution. The heart of our implementation is the
PDF Signature App, an app that processes PDF files.
For demonstration purposes, we further implemented
both mobile application Trust Server Provider App
and web service Trust Service Provider. We show the
practical applicability of our solution by integrating it
into the Austrian identity management infrastructure.
The components such as the Trust Service Provider
and the Trust Service Provider App are instantiated
with the qualified trust service operator in Austria.
Third, we evaluate the capabilities of our solution
by benchmarking PDF processing app with different
signature features and also performing functionality
verification.
Outline. This paper is structured as follows: In Sec-
tion 2, we introduce the existing PDF signature so-
lutions and the research gap. In Section 3, we ex-
plain the architectural design of our framework. We
define requirements, components, and interfaces be-
tween them. In Section 4, we describe the implemen-
tation of components, which we evaluate in Section 5.
Lastly, we conclude the paper in Section 6.
2 BACKGROUND
As the benefits of paperless signing have been widely
recognized, many countries inside the EU and beyond
have invested in e-signature technologies that can be
used by a large number of people. One such an in-
stance is the Austrian Citizen Card Concept (Posch
et al., 2011),(Leitold et al., 2009). This concept
defines a generic protocol for creating QES based
on smart-cards and server-side signature solutions.
Smart cards serve as a qualified signature creation de-
vice; nevertheless, they require smart-card readers in-
serted into computers or laptops alongside the mid-
dleware software applications. Alternatively, a server-
side signature solution represents a user-friendly ap-
proach in terms of hardware requirements. This solu-
tion is based on the server-side authentication at the
Hardware Security Module (HSM), where the user
engages two-factor authentication to prove the alleged
identity. Two-factor authentication usually requires
a combination of knowledge factor (password) and
a possession factor, demonstrated by receiving One
Time Password (OTP) in the form of a TAN via SMS
using a mobile device. The important security feature
is the fact that these two factors are verified via two
separate communication channels.
Numerous desktop and web applications for PDF
signing are based on both smart-card and server-based
signature solutions. One popular implementation is
the PDF-AS, a framework used for digital signing and
verifying PDF files. The framework creates PAdES
(ETSI, 2009) signatures and consists of the three main
parts: Library - a core component, Web - web inter-
face for signing PDFs, and Client - a command-line
interface (Fitzek et al., 2015), (EGIZ, 2014a). An-
other recommended solution is the PDF-Over, a Java
Signatures to Go: A Framework for Qualified PDF Signing on Mobile Devices
331