Client Module with Multifactor Authentication for Remote Electronic Signature Generation Using Cryptography API: Next Generation

Abstract

In classic PKI systems, users resorted to cryptographic devices like smartcard or electronic-token to perform the required cryptographic operations, therefore all cryptographic operations will be done in a safe environment. Although a widely-accepted and highly-efficient method, along with the evolution of technology, it is also desirable to simplify user experience with the applications and at the same time to reduce costs. Thus, there is the problem of cryptographic devices and passwords needing to be retained and secret. To overcome all these impediments, we introduce the concept of remote signing, a concept that will simplify the signature generation process, and also increase security to the whole process while lowering costs for equipment. Therefore, by the fact that the signature generation process will be delegated to a remote service, the possibility of generating errors due to the client system is minimized, the need for a cryptographic device for users is eliminated. At the same time, the entire computational effort is also delegated to the remote service, which means an increased computing speed, and by the fact that the cryptographic devices that generate the signature are located at distance, there is also the possibility of physical securing and limiting unauthorized access.