Skip to content

MUSAP

MUSAP – Multiple SSCDs using Unified Signature API Library Project

The MUSAP project aims to develop a new software interface called Unified Signature Application Programming Interface (USAPI) Library. The interface provides a consistent and flexible way for applications to request either low, substantial or high LoA signatures, regardless of the Secure Signature Creation Devices i.e SSCDs (key stores/ secure elements or security technologies, etc) or location of the private key.

The primary objective of the MUSAP is three fold:

  1. To develop an open-source API library that streamlines the integration of various Secure Signature Creation Devices (SSCDs) into smartphone applications, thereby facilitating the creation of robust authentication and signature solutions.
  2. MUSAP aims to seamlessly integrate with both centralized and decentralized identity management systems, allowing SSCD keys to function effectively in both environments. This approach empowers end-users to access services without being constrained by the specific identity management model in use.
  3. To allow support for multiple certificates/credentials in one device. This approach demonstrates MUSAP’s user-centric approach, where giving option to choose which SSCD they want to have their private keys in, and allows end-users to have identities with various level of assurances in use.
MUSAP Overview to implement USAPI

MUSAP addresses both security and convenience aspects, offering a resilient and adaptable implementation for end-user-app(s) requiring high level of trust. MUSAP offers end-users methods to diversify their key storage and use existing SSCD (from already deployed Digital ID system). Eventually avoiding the concentration of all keys in a single basket.

MUSAP Architecture

MUSAP architecture supports both smartphone based apps (local end-user app or eWallet) and web servers (remote web wallets). Smartphone support is defined in Module 1 i.e MUSAP library for smartphones and web server support is defined in Module 2.

Module1: MUSAP Library

MUSAP Library (Java/Swift) can be integrated with any Android or iOS app projects.

Module2: MUSAP Link

Whereas, MUSAP Link Library (Servlet component) is delivered as a library that can be used with a Java-based web server.

MUSAP in NGI Trustchain OC1

Methics will create an open-source implementation that combines multiple SSCD technologies to form a common Signature Profile for the end-user and its device.

During OC1 of NGI Trustchain project, 4 key stores will be enabled for the end-user with MUSAP, i.e TEE (Android Key store or iOS Secure Enclave), eUICC/UCICC (Mobile ID), Dongle (Yubikey via NFC) and eIDAS Remote Signing.

MUSAP as a secure component API to interface multiple SSCDs with Wallet application

MUSAP project has been developed from user-centric perspective to let end-users choose what SSCD they trust more to generate/store their private keys. This will allow end-users to adopt to the new end-user-app such as EDIW.

MUSAP offers end-users methods to diversify their key storage and use existing SSCD (from already deployed Digital ID system). We believe, new identity systems should complement existing state of the art, rather than completely replacing it.

MUSAP can be used for following use cases:

  1. Sign any data format (X.509, VC, DID, etc)
  2. Provide multiple SSCDs for end-users to sign/auth
  3. Handling Key Management methods and operations
  4. Enable EDIW Type 1 and Type 2 config in one device for eIDAS2

MUSAP will provide common set of definitions for a universal taxonomy to enable SSCD/key store/ secure element interaction with identity wallets. 

1. Sign any data format with MUSAP

MUSAP allows end-user to select their preferred SSCD, and sign any data format with SOG-IS agreed signing scheme and algorithm.

2. Provide multiple SSCDs for end-users

MUSAP allows end-user to select their preferred keystore and sign any data type.

MUSAP offers a bridge between Centralized and Decentralized technologies by providing multiple SSCDs

3. Provide Key Management

MUSAP handles operations related to key generation, storing, securing, and to manage and protect identities and its associated data. MUSAP provides a set of cryptographic methods and operations
(Initial release in D2, final version in D4).

4. Enable both types of EDIW configs in one device

MUSAP can enable both configurations of European Digital Identity Wallet (EDIW/EUDIW) i.e Type 1 and Type 2 in one mobile device.

EUDIW/EDIW to enable Type 1 and Type 2 in one device using MUSAP.
MUSAP to enable Type 1 and Type 2 EUDIW configs in one device

MUSAP enabled EUDIW to authenticate/sign with High and Substantial level of assurance. Multiple security technologies (HSM+app, eUICC/UICC, Yubikey via NFC, Phone key store) will be interfaced in OC1. More SSCDs like (eID card, TEEs, etc) can be added in future OCs

Deliverables related to MUSAP

MUSAP will have 4 deliverables as a part of NGI Trustchain requirements.

D1 shared with NGI team on 7th September 23023.

D2 shared with NGI team on 3rd November 2023.

D3 will be shared with NGI team on 26th January 2024.

D4 will be shared with NGI team on 15th March January 2024.

MUSAP Project deliverables across 2023 and 2024

NGI funded MUSAP is expected to have several positive impacts for NGI technologies, TRUSTCHAIN and Digital Identities once successfully implemented.

MUSAP Fact sheet

MUSAP fact sheet can be viewed Here.

MUSAP Github Repository

MUSAP github repository can be viewed Here.

MUSAP is a NGI TRUSTCHAIN funded project aiming to deliver an Open-Source Unified Signature API Library. Methics team applied and won grant under NGI TRUSTCHAIN Open Call 1 process. This project has received funding from the European Union’s Horizon 2020 research and innovation program through the NGI TRUSTCHAIN program under cascade funding agreement No. 101093274.