Providing security to remote digital signature systems in case of semi-trusted secure environment

The task of providing security to remote digital signature systems (“cloud” signature) for cases of end user running client-side components on devices without potential of ensuring trusted environment (most common examples of such devices are smartphones with iOS or Android operation systems) is considered. This task has become particularly topical recently: users are used to performing (or at least confirming) their operations with smartphones, however, such usage of digital signature is still evolving.  Main issues and functional requirements are dealt with, ways to construct systems employing devices with cryptographic software running in weakly secure environment are discussed. The task of remote issuance of digital certificates is also considered: such a process can make completely remote usage of digital signature (from the very beginning, without even one personal appearance to a certification authority) possible. Taking functional and information security requirements into account, a scenario is developed in the current paper to solve the mentioned task.