A so-called Cloud Signature Consortium has been formed around IT giant Adobe to create open standards for digital signatures across mobile devices and web apps. The time to develop mobile uniform standards offered by various providers to manage trust services and electronic identification is pressing. Since 1 July, the EU-wide eIDAS regulation has come into effect to regulate electronic identification and trust services for electronic transactions in the internal market and create a joint basis for more secure electronic interaction between natural and legal persons. The Cloud Signature Consortium expects to be able to offer standardised cloud-based specifications by the end of this year and, from 2017, to implement it internationally beyond the European single market. 12 renowned European companies and establishments are in the industry consortium, including France’s Universign, Switzerland’s SwissSign and Italy’s Intensi Group. TU Graz is the only Austrian institution and the only university worldwide to be part of this.
New European signature regulation
Digital signatures are increasing in importance internationally in the electronic interaction between citizens, companies and public administration and are neither standardised nor fully mobile. In many cases digital signatures are tethered to the use of a desktop computer and ID certificates have to be stored on a USB token or smart card. The Austrian citizen’s card offers a well-known exception with its mobile phone signature. Mobile solutions are mainly proprietary and offered by individual providers on the market, thus preventing the broad use of mobile digital signatures. The digital world of business will thus become a great deal more secure and simpler with this signature solution. A proliferation of electronic business communications is in any case to be expected.
TU Graz as consortium partner
TU Graz and especially the Institute of Applied Information Processing and Communication Technology has a long history of research in IT security. Institute head Reinhard Posch is not least chief information officer of the Austrian federal government and chairman of “Plattform Digitales Österreich” – the strategic umbrella organisation of e-government in Austria. “Due to the well-proven competence of TU Graz in IT security over many years, we’ve been invited by Adobe to participate in the development of these open standards for cloud-based digital signatures,” reports Peter Lipp, who is responsible for the project at TU Graz, and he continues: “Besides work on the standards themselves, our task in this project is in particular to develop and carry out compliance testing, in other words to align the implementation of the new standards with elaborated specifications.” Lipp is convinced that this new standard signature solution will raise security and acceptance of digital transactions in Europe and further afield.
IT security research is anchored in the Field of Expertise "Information, Communication and Computing", one of five strategic FoE of Graz University of Technology.