As organizations conduct increasing amounts of business processes online, ever greater numbers of documents are being communicated across networked environments while maintaining the integrity and confidentiality of individual document contents. Document control in digital environments often uses digital signatures to establish and maintain the confidentiality, authorization, and accountability of documents in these online business processes. Digital signatures may have documents being subject to cryptographic processes involving key-based encryption/decryption, as well as hashing functions and authentication code generation. Many business documents contain large amounts of data causing significant amounts of data processing to provide the encryption and other capabilities involved in support of the control processes depended upon in the online business processes.
The digital signature solution for document control provides assurance that the document has not been altered since it was sent and verification of the signer's digital identity. A digital signature computation for a document involves a hashing calculation, authenticated and unauthenticated attributes creation, and collateral information collection and inclusion within an encryption process involving the signer's private key in order to produce a signed content. Since the private key is a highly guarded property of a specific user residing on a specific computer, this sequence of steps presumes that the to-be-signed content and the infrastructure involved to compute the digital signature reside on the same computer.
For mobile devices, this presumption does not hold. The to-be-signed content may not reside on the mobile device, but rather, it may reside on a remote server. Mobile devices may not have sufficient infrastructure and processing resources to complete the computation of a digital signature in a reasonable amount of time, if at all. If document signing with a digital signature is expected to occur on the server hosting the to-be-signed content, the user cannot practically send their private key to the server because of security risks and possible compromise of the private key. Even with a mobile device having the infrastructure necessary for the digital signature computation, transmission of large documents between the mobile device (having the private key) and the server (hosting the large document) places a significant demand on the bandwidth of the network between the devices. Current digital signature processes do not consider these practical constraints for digitally signing large documents from mobile devices.