This is the first blog of our three part blog series, check out our second and third blog of the series as well.
In the fast-evolving landscape of digital identity, the demand for secure, efficient, and user-centric solutions has never been greater. Enter MUSAP (Multiple SSCDs with Unified Signature API Library), an EU funded NGI Trustchain project backed by NGI community and developed by Methics, which provides an easy integration of Secure Signature Creation Devices (SSCDs) into smartphone applications.
In this first blog of our three part blog series, we talk about the motivation for MUSAP and current need of the ecosystem, potential use cases and the critical areas it addresses.
Understanding the Need
Digital signatures play a pivotal role in applications requiring high levels of assurance, such as person authentication, identity verification, legal document signing, to show user’s consent or approve a transaction. When a user wants to sign any payload or a digital document, SSCD generates a digital signature using the private key and the data digest.
From Methics’ extensive experience in the digital identity sector, it’s evident that core problems such as privacy, security, interoperability, usability, and adoption among the masses persist. The emergence of eIDAS2 and the European Digital Identity Wallet (EDIW) has brought renewed focus to digital wallets and their architecture. MUSAP, designed to complement existing state-of-the-art identity systems, aims to address these challenges by providing a standardized, user-centric solution.
Traditionally, implementing SSCDs has been complex and platform-specific, hindering widespread adoption and interoperability. Developers often have to deal with different interfaces, limited functionality, and fragmented ecosystems, leading to higher costs and slower time-to-market for new services.
Methics deployed it’s Unified Signature solution in Armenia, Vietnam, Mongolia, etc. i.e. Solution allowing user to authn/sign with two options such as SIM based Mobile ID and eIDAS based App (remote signing). Now user has to choose if they want to use SIM client or APP client. Despite offering two clients, end-user cannot use both from one device at same time. Despite these two clients being available, users often asked about unified way to use both APP and SIM.
As EDIW progressed, ENISA (European Cybersecurity Agency) has been releasing recommendations related to a need for harmonized interface that allows access to cryptographic operations. Image below highlights ENISA points justifying a need for an API/Library to harmonize cryptographic operations.
MUSAP’s Objectives
Through its comprehensive approach, MUSAP tackles key challenges faced by developers and stakeholders in the digital identity landscape, offering universal key identification and selection, robust authentication mechanisms, integration with existing identity systems, and supporting diverse cryptographic algorithms. MUSAP strives to harmonize digital identity technologies with emerging regulations.. MUSAP’s interface provides a standardized and flexible approach for applications to request signatures of varying levels of assurance, irrespective of the underlying SSCD technology or private key location. Objectives/goals can be categorized as below:
- Streamlined Integration: MUSAP aims to develop an open-source API library that simplifies the integration of various SSCDs into smartphone applications, thereby facilitating robust authentication and signature solutions.
- Interoperability: By seamlessly integrating with both centralized and decentralized identity management systems, MUSAP empowers end-users to access services without being constrained by specific identity management models.
- User-Centric Approach: MUSAP allows support for multiple certificates/credentials in one device, giving users the flexibility to choose how they want to manage their private keys and ensuring various levels of assurance.
MUSAP will provide 4 standardized key store / sscd technologies i.e phone keystore (HW based), Yubikey, eIDAS Remote Signing and UICC/eUICC based Mobile ID. MUSAP abstracts the complexities of various Secure Signature Creation Devices i.e SSCDs (key stores/ secure elements or security technologies, etc).
MUSAP aims to harmonize current digital identity secure key technologies with the context of emerging eIDAS2 regulations, while affording end-users flexible control over their credentials management. In simpler terms letting users choose how they want to store/access their private keys. MUSAP addresses both security and convenience aspects, offering a resilient and adaptable implementation for end-user-app(s) requiring high level of trust. MUSAP offers end-users methods to diversify their key storage and use existing SSCD (from already deployed Digital ID system). Eventually avoiding the concentration of all keys in a single basket. As EDIW progressed, ENISA (European Cybersecurity Agency) has been releasing recommendations related to a need for harmonized interface that allows access to cryptographic operations. Image below incorporates MUSAP scope to act as a secure component API to enable SSCD for end-user.
User Stories which defined MUSAP functionality
During MUSAP implementation, project will provide ten core functionalities. As an NGI project, MUSAP is developed from user-centric perspective. Following user stories were matured to cover various functionalities of the MUSAP, providing a comprehensive understanding of the features and benefits it offers to developers and users.
Functionality 1: Integration of multiple SSCDs into MUSAP library
- As an app developer, I want to be able to add multiple SSCDs to the MUSAP library so that I can offer users more ways to log in securely.
- As an end user, I want to be able to select from multiple SSCDs in my end-user app, so I can choose from multiple ways to log in to online service.
Functionality 2: Open Interface for integrating new and multiple SSCDs for use with APP
- As an app developer, I want a simple way to connect SSCD keys to my Wallet app through MUSAP, so I can make it secure for users, whether they’re using new or existing SSCDs.
- As an end user, I want a simple way to see and select the SSCD linked to my Wallet app through MUSAP, so I choose which SSCD I want to use
Functionality 3: Digital Signatures with different LoAs (High, Substantial)
- As an app developer, I want to use MUSAP Library to support different levels of secure signatures, like for important documents or simple ones. Users should also be able to sign documents with their PIN.
- As an end user, I want to use my end-user app to support different types of Digital Signatures without much hassle.
Functionality 4: Key discovery
- As an app developer, I want MUSAP to help me find and list SSCDs that meet specific criteria during setup, so that users can pick how they want to log in.
- As an end user, I want my end user app to tell me which LoA criteria SSCD do I have enabled currently so I can pick through which LoA criteria I present my credentials.
Functionality 5: Key lifecycle management (do defined key operations)
As an app developer, I should be able to easily use MUSAP library in my app to handle key related operations, such as keeping them safe, backing them up, and checking their status.
As an end user, I should be able to manage my SSCD keys using MUSAP. This includes keeping them safe, backing them up, and checking their status.
Functionality 6: Key Attestation
- As an app developer. I need to use MUSAP’s key attestation feature to get confirmations with signatures or keys used to create signatures.
- As an end user, when I sign with my Keys, the signature created should provide information on key material and whether it is trusted or not.
Functionality 7: Key metadata definition and import/export
- As a user of end-user application, I want to easily share my SSCD information between different apps on my phone, without having to set them up again. I should also have control over what gets shared.
- As an end user, I want to easily share my SSCD information between different apps on my phone, without having to set them up again. I should also have control over what gets shared.
Functionality 8: Sign data and cryptographic formats
- As an app developers should be able to let users sign various things like certificates, documents, and data. They should also support different signature types and certificate-related features.
- As an end user I should be able to sign all data formats from my end user app, whether they are X.509 certificates,. DID or VCs.
Functionality 9: MUSAP Link library (Servlet component)
- As an app developers want to use the MUSAP server to make their web-wallet apps secure and work with different types of SSCDs.
- As an end user I want to use MUSAP with web based services along with my App to approve signatures.
- As an end user, when I sign with my Keys, the signature created should provide information on key material and whether it is trusted or not.
Functionality 10: URI Scheme
- As an app developers I want to store and identify each key in a unified way.
- As an end user I want to select proper key by myself.
Methics team has been demonstrating to NGI coaches and different MUSAP demos. Currently MUSAP pilot in underway in Mongolia which is allowing end-users to use either UICC based authn/sign or App based authn/sign for their use.
Next Steps
MUSAP will provide following use cases, which will be covered in detail in upcoming blogs of the series.
- Enable Type 1 (High) and Type 2 (Substantial) configurations of EUDIW in one device
- Sign any data format (X.509, VC, DID, etc.)
- Provide multiple keystores/sscds to end-user to sign/auth
- Handling Key Management methods and operations
As MUSAP continues to evolve during the Trustchain NGI OC1 project, it aims to provide a holistic approach for the NGI community and the digital identity landscape. By enhancing user-centric decentralized identity solutions, bridging the gap between centralized and decentralized identities, enhancing security, and improving user control and privacy, and enabling multiple LoA identities in one device, represents a significant step in the evolution of interoperable digital identity solutions.
In conclusion, MUSAP stands as a library package which can be used by smartphone apps for various purposes. Stay tuned for the next installment of our blog series, where we’ll delve deeper into the technical intricacies of MUSAP and its potential impact on the digital identity ecosystem.
Publish Date: 15th February 2024, Updated 11th April Written and Edited by: Ammar Bukhari
MUSAP is a NGI TRUSTCHAIN funded project aiming to deliver an Open-Source Unified Signature API Library. MUSAP github repository can be viewed Here. This project has received funding from the European Union’s Horizon 2020 research and innovation program through the NGI TRUSTCHAIN program under cascade funding agreement No. 101093274. MUSAP project is expected to be completed in April 2024.
- ENISA outlined the necessity of Secure Component API within wallet. MUSAP can fit in the scope to provide API for Secure Components (SSCDs) to offer relevant LoAs. So if a ‘Secure component API’ is needed, it needs to be defined, tested, implemented and open to public.In July 2023, ENISA released their work to support EUDI Wallets and eIDAS2. Enisa identified standards and building blocks needed to provide wallet to end users. In recently published report on Digital Identity standards, ENISA gave recommendation to “develop a unique API from the mobile application to the security anchor provided by the secure element certified by the EU cybersecurity certification scheme. This is crucial for the provision of full interoperability by various smartphone manufacturers.” ↩︎