Qualified Electronic Signature via SIM Card Using JavaCard 3 Connected Edition Platform

Digital signature is one of the most common ways of determining the origin of a document in a digital way. To ensure authenticity, integrity and non-repudiation when such signatures are used, many countries have their standards and regulations. In EU, a signature that complies with those regulations is called ´Qualified Electronic Signature´ (QES). There are many QES solutions using dedicated smart cards or security tokens and few of them that use SIM cards as a signature creation device. These SIM-based solutions usually use a third party to perform a signature, such as mobile service operator and operate as a hybrid solutions. Hence, a cooperative connection between a mobile device and a SIM card is needed. In this paper we propose a solution based on the Java Card 3.0 Connected Edition platform that operate fulfills following conditions: it is a mobile service operator-independent and mobile phone operating system-independent. The first condition is achieved by performing all the operations directly on a SIM card and the second condition is satisfied by avoiding the application running on a mobile phone operating system. Instead, we propose a web based application to perform the necessary verification methods on the SIM card. So this proposed application can be accessed via mobile phone web browser. Of course, our solution satisfies the Common Criteria standard requirements for the EAL 4 level.