How mobile signature works?

Question

We are planning to use mobile sign for one of our application. But as far as I know there are some limitations for signing documents. The vendor we are working has a limitation that you should enter a pin code for every single document and it's attachments. This means if there is a document with 3 attachments, user should enter 4 pin codes in order to complete the mobile sign. This is NOT acceptable, so I wonder how mobile sign works around the globe? I mean other vendors also have the same limitation? Does mobile sign use messaging infrastructure? Would you please give me some information about Mobile Sign?

Thanks in advance.

Best Regards.

Answer 1

Let me explain how mobile signatures work. Based on the process you may infer some conclusion. Technically the mobile signature is created by a security module when a request for it reaches the device (SIM card,) and after introducing the request to the user with a few explanation prompts, the device asks for a secret code that only the correct user should know. Usually this is in form of a PIN. If the access control secret was entered correctly, the device is approved with access to secret data containing for example RSA private key, which is then used to do the signature or other operations that the request wanted.

The PKI system associates the public key counterpart of the secret key held at the secure device with a set of attributes contained in a structure called digital certificate. The choice of the registration procedure details during the definition of the attributes included in this digital certificate can be used to produce different levels of identity assurance. Anything from anonymous but specific to high-standard real-word identity. By doing a signature, the secure device owner can claim that identity.

Thus, the mobile signature is a unique feature for:

• Proving your real-world identity to third parties without face-to-face communications.
• Making a legally-binding commitment by sending a confirmed message to another party.
• Solve security problems of the online world with identity confirmation (an anonymous but specific identity is often equally good as a high-standards identity).