m-government: mobile digital signature with Viafirma

What does m-government mean?

This is an interesting starting point for the post. If I point out that the ‘m-‘ part comes from «mobile», I am sure that most of the readers will already get the point of the term. It is nothing else than the electronic government (e-government) services evolving so that they can be accessed using mobile devices. As an introduction, we recommend listening to this interesting interview from Radio Líder to Nacho Campos (Alvina).

Why m-government?

Because the average user is dramatically getting used to utilize its new generation phone (whether it is iPhone, Android, BlackBerry, Windows Phone or Symbian) to other things than speaking or sending SMS. The smartphone age is coming quick and it plans to stay a long time with us.

I don’t think I can pass as the example of an average user, but with my iPhone and iPad not only I browse the internet, but send mails, use any web oriented service, buy online, manage my bank account, read the news, exchange messages using WhatsApp, make VoIP calls using Skype or Viber and videocalls with Tango, use «traditional» social networks like Twitter, Facebook and LinkedIn, or those using geolocalization like Foursquake and 11870, get to know where I am or where I am supposed to be using Google Maps and a navigation app, or listening to podcasts.

And I do not intend to stop doing that. Am I a geek? A nerd? Maybe, but there are other two million people just like me in Spain, and if you have a look to the global statistics you may freak out with the numbers. Young people make use of everything I have said day after day, and in short time my bet is that the «nerd» will be the one NOT using a smartphone, as it already happened with the internet and the mobile phone. It is a one-way road. Users of simple phones, surrender and let it go.

Most of the online services and institutions are adapting to these changes as they go. Banks, the media, old and new companies… everybody want to have their products in the Apple Store and the Android Market, and the statistics show that traffic coming from mobile devices is increasing. In fact, it may be bigger in short time (as it has already happened in other countries) than the traffic coming from DSL or equivalent connections.

So, why not interact with the government institutions using our smartphones (which get even smarter as days go by)? Why giving up on m-government? More over, when countries like Spain force themselves to bet on it. As an example, the law «Ley 11/2007 de Acceso Electrónico de los Ciudadanos a los Servicios Públicos» states in the part 8.1 that «government institutions must setup the means so that every citizen is able to use their electronic services, no matter of his or her personal circumstances, capacities or knowledge». And by «means» they are saying «the infraestructure used to make it able the access to contents and services, including face to face, telephonic and electronic communication, as well as every other that either exists now or may exist in the future (using mobile devices, DTV, etc).

Digital signature, cornerstone of the e-government

Probably the most important pillar of the e-government is the digital signature. Thanks to it, and to the platforms that use it, it is possible to perform a procedure via the internet which is as valid as the traditional one. Digital signatures are based on the use of digital certificates issued by Certification Authorities, which have the same legal validity than handwritten signatures, with the additional advantages of being more secure and less prone to forgery. Focusing on Spain, in the last years, the effort made by the institutions to allow the citizens to use digital signatures in the procedures (with more or less success) has been noticeable. From town halls to the national government, in every step of the hierarchy digital signatures are present, one way or another (the aforementioned law 11/2007 even force them to have  heir own virtual branch).

Digital signatures on mobile devices, a technological challenge

However, given my own experiences I can say that the creation of an universal application that works on every single mobile device is a really difficult task. Being specific, if we understand with «universal» that with one single development we can get something to work on every platform, that is simply impossible. In the «traditional» web environment, you can write a Java applet (the Viafirma approach) which is able to run in different operating systems (Windows, Linux, OS X) and browsers (Internet Explorer, Mozilla Firefox, Google Chrome, Safari, Opera, …). Notice that this is not possible with mobile devices, as most of them do not even have a compatible Java Virtual Machine (for example, the iPhone). Therefore, it is necessary to write an application for each existent platform (Apple iOS, Android, BlackBerry, Symbian and Windows Phone 7) and aim for including most of the existent hardware, and most of the operating system versions. Each one of these applications will be written with a computer language (Objective C, C++, Java, …). A big technological challenge, very difficult but not impossible to overcome.

Undoubtedly, this enormous technical complexity and the lack of standards for mobile devices are slowing the evolution of the digital signatures so that it can be performed on mobile devices. Nowadays, there exist some alternatives, as using mobile devices to start the signing process in a server instead of in the signer’s mobile device. This may be valid in a localized environment (as in an intranet), but it definitely is not when we are talking of e-government, when the institution does not know every user and is not able to keep a copy of every certificate.

On the other hand, with a great effort it is possible to sign WITH the mobile device, but at the cost of using software certificates. In the future we expect that it will be possible to use smart card readers with mobile devices.

Viafirma as a digital signature solution for mobile devices

In the last years, and especially in the last months we have been working on adding to Viafirma support to sign from mobile devices, facing all the technical difficulties mentioned before. A few months ago we released Viafirma clients in the Apple Store and the Android Market, available at no cost, as well as guides showing how to install certificates on these systems. Besides, we have written another client for the BlackBerry, although it uses a different approach, pushing information from the Viafirma server to the BlackBerry device, something that is not feasible on the rest of devices.

Let’s highlight some of the features of this new product that we have named Viafirma Mobile:

  • The digital signature is performed always in the mobile device, not in a server on the net.
  • Any web application using Viafirma 3.0 or later already supports signing using the mobile device. No extra steps are required (though sometimes it is recommended to modify some CSS code).
  • These clients are only compatible with Viafirma; we are getting mails from disappointed users that  are not able to use Viafirma Mobile with some sites like spanish Agencia Tributaria. We are sorry  about that, folks, but there is nothing we can do about that.
  • Multiple formats supported: CMS, XAdES (includeing XAdES-X-L and XAdES-A), PDF signature, batch signing and bulk signing, among others.
  • Viafirma Mobile uses software certificates.

This may sound a little bit pretentious, but we haven’t been able to find another digital signature client for mobile devices neither in the Apple Store nor the Android Market. We wonder (and we can’t really believe the answer to be ‘yes’) if it is possible that we are the only ones working on something like this, because, as difficult as it may be, more difficult things have been done already. So, dear reader, if you know about any other solution for signing over an Android or iPhone device, please let us know the name by which it can be found either in the Apple Store or the Android Market.

Those institutions betting on Viafirma as their digital signature platform get for all of their applications the possibility of signing with an iPhone, iPad, iPod Touch, Android mobile devices and BlackBerry, so with the helping hand of a good CSS expert they are able to have a working m-government implementation in a few days. There are already several examples of this:  Diputación de Cádiz virtual branch is fully functional (including authentication and digital signing using software certificates) from mobile devices; several applications from Fundación Tripartita para la Formación en el Empleo and the web applications from Pozuelo de Alarcón’s Townhall, among other solutions that have opted for Viafirma and that will be released in the near future (ie, our last client AEMET).

Next steps

With Viafirma, we will keep doing our best to improve m-government integration. How, exactly?

  • Writing clients for other architectures: Windows Phone 7, Symbian, …
  • Testing every single combination of operating system, hardware and carrier. Even beta versions.
  • Developing solutions that allow you to use digital signatures using hardware certificates (as  smartcards and spanish DNIe). As smart card readers able to communicate with mobile devices are  coming out, our next step will be working on different I/O systems for each operating system; an ambitious project, sure, but one that we expect to be doable.