What is driving Electronic Commerce and e-Government solutions? The answer is simple: useful applications and user-friendly yet secure solutions that can deliver operational cost savings. Smartcards, used for providing digital signatures for Electronic Commerce (EC), never caught on in any significant volume because there are very few smartcard readers around, making such solutions very expensive. However, there is an alternative approach: Signing in the Cloud - or remote signing as we call it - introduced by Cryptomathic in 2000, long before cloud solutions came into fashion. This approach has been a tremendous success in countries like Denmark, Norway, and Luxembourg and is catching on outside Europe.
What is the goal?
There are enormous savings for government agencies, companies, individuals, and the environment if we can communicate - and not least commit and be held liable - electronically, using digital signatures, rather than by paper. Nevertheless, it would help if you started with the applications that make it attractive to the end-users. We have already seen how attractive e-banking and Internet shopping has become. If you think of all the letters you get throughout the year from public authorities, e.g. on various taxes, registration for voting, pension, etc., you start grasping the significance of making this digital. You can add insurance, utilities, TV-license, and much more to this list. What are the Challenges?
The main challenges are around the generation of digital signatures. In 1998, we coined the phrase WYSIWYS, “What You See is What You Sign”. The point is that when you read something off the screen of your smartphone, tablet orworkstation, and you want to commit to it - just as where you would traditionally be prepared and expected to physically sign it - by digitally signing "it", how do you ascertain that it is this message, and this message only, that you are committing to? This is the hardest thing to achieve, as this is a major challenge unless you have a Trusted Graphical User Interface (GUI), which you do not!
Storing the private signing key on a chip card does not address this challenge, and the only way to deal with this in case there is no Trusted GUI is to use two independent channels, as it is very unlikely both will be attacked at the same time.
Why are the cloud platforms for remote signing preferable
With a remote signature server, the challenge as far as the individual user is concerned is to ensure that:
- The user is properly authenticated before s/he can sign a message
- Only the owner of a particular private key can initiate the signature calculation
Each server is supported by tamper-resistant hardware boxes, and so-called Hardware Security Modules (HSMs). All secure calculations and verifications are carried out entirely by and in an HSM. This is very much like payment card transactions are authorized by banks.
PKI becomes transparent
This approach furthermore enables significant simplification and removes the shortcomings of a traditional PKI solution, where everybody, in principle, may communicate securely with everybody.
Firstly, once a user is properly identified and registered, his private key pair is generated by the signature server - and never leaves it - and the signature server can have a certificate issued by the Certificate Authority (CA). The CA ONLY issues such certificates for signature servers that are associated with and adhere to the same kind of solution and security level. Thus all applications for which this Infrastructure is used will, in principle, be able to recognize if a received signature from another user has been generated on a secure server rather than a chipcard or, even worse, in software.
Certificate expiry/revocation is no longer an issue
With the remote signing approach, revocation becomes a non-issue, except for a very short clearing period. Indeed, with this approach, the CA revokes the millisecond of a certificate, and the central signature server is informed by the CA, so requests from the user to sign with his private key are no longer honored. So again, if the CA used in conjunction with a central signer solution issues certificates only on public keys where the private key is stored with an authorized central signature server, you no longer need blocklists. Indeed, when you receive a digital signature generated by the central signature server, you know the private key used to generate it must have been valid at the time the signature was generated!
EU regulation on electronic ID and transactions provides a framework where a digital signature has the same legal value as a handwritten signature, provided several conditions are satisfied. One of these was a Secure Signature Creation Device (SSCD) was used. There are now nationwide deployments in countries across Europe and the Middle East that are highly successful, with more than 60% of all citizens, in some countries using such solutions almost daily. The technical standards behind such regulations are provided by bodies such as CEN and ETSI.
Signature Generation in the cloud is the most likely enabler of large-scale eGovernment and Electronic Commerce solutions as it is as safe or safer than the old-fashioned chipcard approach, as it enables WYSIWYS, and last but not least, it makes the underlying PKI transparent to the end-user.