Signing, Authentication and Encryption Solutions on Mobile Devices

Microsec Ltd. with its newly introduced service allows present and future clients to perform digital signing, encryption and authentication tasks using their intelligent mobile devices (smartphones). In case there is no need for qualified digital signature (which can only be created in Hungary using SSCD) , this solution can replace the use of smart cards or signing, encryption and authentication certificates on client computers.

Microsec Ltd. guarantees that the private keys belonging to the signing, encryption and authentication certificates installed on mobile devices will always be created on the smartphone device itself, there is no copy of the keys. The only exception can be the case of encryption keys, where the decryption of encrypted documents must be facilitated even if the mobile device is lost and therefore it is recommended to save a copy of the encryption keys. Our mobile solution allows the export or saving of keys for encryption keys alone.

Supported Smartphone Platforms

Process of Certificate Application for Smart Mobile Devices

  1. Fill in our certificate application form for mobile devices
  2. Certificate issuance for mobile devices takes place in each case following a face-to-face registration.
  3. On the arrival of your application we will contact you by e-mail to fix a registration appointment.
  4. Personal identification is performed by the verification of identity card, driving license or passport.
  5. Bring to the appointment your smart mobile device complying with the above platform requirements where you would like to install your certificates. It may be more than one device ( fees are charged by certificate ).
  6. Following a successful registration, you will receive in printed form one-time, personalized, unique passwords for each certificate (SCEP password).
  7. Key generation will be performed in each case by the registration staff member present.
  8. Prior to key generation, if your phone doesn’t possess the applications needed for certificate handling, the necessary programs will be installed. For iOS type mobile devices you are requested to have Apple Applestore user name and password.
  9. The certificate handling applications to be installed on smart phones are provided by e-Szignó Certificate Authority.

Loading the present page on your intelligent mobile device from QR code by a QR code reading program

QRcode

The following steps should be performed on your mobile device. Having read the above QR code you can open the present page on the browser of your mobile device.

Recommended QR code reading programs:

Generation of private keys for certificates on Apple iOS type mobile devices

Download and install the appropriate certificate generation profile on your iOS type mobile device. Supply the password protecting the mobile device ( in case it has been set before ) when prompted by the profile installer, as well as the one-time password unique for each certificate received on registration in the SCEP password field. Make sure to match the passwords to the appropriate profile. The passwords can be read by a QR code reading program from the printed password data sheet and then inserted from the clipboard in the SCEP password input field..

Installation of Live Certificate Generation Profiles on iOS Type Mobile Devices

Clicking on the link below in the browser of your mobile device the installation of the profile will be started automatically.

Installation of Test Certificate Generation Profiles on iOS Type Mobile Devices

Clicking on the link below in the browser of your mobile device the installation of the profile will be started automatically.

Generation of Certificate Private Keys on Android Type Mobile Devices

Clicking on the link you can download on your Android type mobile device the MicroSEQR application, featuring built-in key management functionality. On installation, the installation of applications from unknown source must be permitted.

Remember, the MicroSEQR application supports exclusively the live and test certificates of Microsec e-Szignó CA.

Scope of application

Signing on the Mobile Device Using webSzignó Signing Program

web-Szignó is a signing-verifying application available on the internet. It facilitates the creation of electronically signed dossiers on a web interface, so the user doesn’t have to install a separate program on their device. Its use requires a signing certificate and the timestamp service of Microsec. In case you wish to sign with your intelligent mobile device, check the „Use of mobile signing” option in the „Settings” menu.

In the drop-down menu of your iOS type device select the „e-Szignó key provider” option. For this you have to possess an authentication certificate on your iOS type mobile device, as well as a signing certificate and its private key stored in the HSM (Hardware Security Modul) controlled by the „e-Szignó Key Provider” application (a service of our company). The use of the key stored in tthe HSM is only possible after identification by the authentication certificate on your iOS device. This is the so called stored key signing based on authentication solution.

On your Android type mobile device running MicroSEQR application, both the „e-Szignó Key Provider” or the „installed on mobile phone” options may be selected, assuming you dispose of the appropriate certificates.

The use of web-Szignó software is free, no previous registration is required. Open web-Szignó

Signing and Encryption of E-mail Messages

iPhone and iPad mobile devices (iOS 5.0 and higher) are manufactured to feature a mail client allowing for the electronic signing and encryption of your outgoing mail. The certificates issued for your iOS device are suitable both for the electronic signing and encryption of your e-mail messages.

Setup of VPN Connection

Authentication certificates installed on mobile devices are suitable for VPN connections after the appropriate configuration of the VPN (CISCO, OpenVPN) applications installed on the mobile device. This requires an appropriately configured server VPN (company) endpoint. Our experts are at your disposal to install such a server, please contact our help desk.