Mobile identity management

Last updated

Mobile identity is a development of online authentication and digital signatures, where the SIM card of one's mobile phone works as an identity tool. Mobile identity enables legally binding authentication and transaction signing for online banking, payment confirmation, corporate services, and consuming online content. The user's certificates are maintained on the telecom operator's SIM card and in order to use them, the user has to enter a personal, secret PIN code. When using mobile identity, no separate card reader is needed, as the phone itself already performs both functions.

Contents

In contrast to other approaches, the mobile phone in conjunction with a mobile signature-enabled SIM card aims to offer the same security and ease of use as for example smart cards in existing digital identity management systems. Smart card-based digital identities can only be used in conjunction with a card reader and a PC. In addition, distributing and managing the cards can be logistically difficult, exacerbated by the lack of interoperability between services relying on such a digital identity.[ citation needed ]

There are a number of private company stakeholders that have an inherent interest in setting up a mobile signature service infrastructure to offer mobile identity services. These stakeholders are mobile network operators and, to a certain extent, financial institutions or service providers with an existing large customer base, that could leverage the use of mobile signatures across several applications.

By country

Finland

The Finnish government has supervised the deployment of a common derivative of the ETSI-based mobile signature service standard, thus allowing the Finnish mobile operators to offer mobile signature services. The Finnish government certificate authority (CA) also issues the certificates that link the digital keys on the SIM card to the person's real world identity. [1] [2] [3]

Islamic Republic of Iran

Through national mobile register program Iranian customs administration and ministry of ict registers database from IMEI of imported legally phones and allows Iranian citizens to only access full Iranian mobile phone operators national roaming network if they have linked their national ID to both Simcards and also non contraband/smuggled IMEI number. [4]

Sweden

In the Nordic region, governments, public sector and financial institutions are increasingly offering online and mobile channels to access their services. In Sweden the WPK consortium, owned by banks and mobile operators, specifies a mobile signature service infrastructure that is used by banks to authenticate online banking users.

Telenor Sverige has provided technology for the company's mobile signature services in Sweden since 2009. Telenor enables its customers a secure login to online services using their mobile phone for authentication and digital signing. [5]

Estonia

The Estonian government issues all citizens with a smart card and digital identity called the Estonian ID card. Additionally, Sertifitseerimiskeskus , the certificate authority of Estonia issues special SIM cards to mobile phones which act as national personal identification method. The service is called m-id.

Turkey

In 2007, the mobile operator Turkcell bought a mobile signature service infrastructure Gemalto and launched Mobillmza, the world's first mobile security solution. [6] [7] They have partnered up with over 200 businesses, including many banks to enable them to use mobile signatures for online user authentication. [8]

Other services relying on mobile signatures in Turkey include securing the withdrawal of small loans from an ATM, and processing custom work flow processes by enabling applicants to use mobile signatures. [9] [10] [11] [12]

Austria

The Austrian government allows private sector companies to propose means for storing the government-controlled digital identity. Since 2006, the Austrian government has explicitly mentioned mobile phones as one of the likely devices to be used for storing and managing a digital identity. Eight Austrian saving banks will launch[ when? ] a pilot allowing online user authentication with mobile signatures. [13]

Ukraine

In Ukraine, Mobile ID project started in 2015, and later declared as one of Government of Ukraine priorities supported by EU. At the beginning of 2018 Ukrainian cell operators are evaluating proposals and testing platforms from different local and foreign developers. Platform selection will be followed up by comprehensive certification process.

Ukrainian IT and cryptography around Mobile ID topic is mostly presented by Innovation Development HUB LLC with its own Mobile ID platform. This particular solution is the sole, having already passed the certification, and most likely will be implemented in Ukraine.

As of September 2019, all of 'big three' cell operators in Ukraine have launched Mobile ID service.

Vodafone - commercial launch in August 2018.

Kyivstar - commercial launch in December 2018.

Lifecell - commercial launch in August 2019.

Vodafone and Lifecell operators implemented Mobile ID solution of Ukrainian origin designed by Innovation Development HUB LLC.

See also

Related Research Articles

<span class="mw-page-title-main">Smart card</span> Pocket-sized card with embedded integrated circuits for identification or payment functions

A smart card (SC), chip card, or integrated circuit card is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

<span class="mw-page-title-main">SIM card</span> Integrated circuit card for a mobile device

A SIM card is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. Technically the actual physical card is known as a universal integrated circuit card (UICC); this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" refers to the entire unit and not simply the IC.

A SIM lock, simlock, network lock, carrier lock or (master) subsidy lock is a technical restriction built into GSM and CDMA mobile phones by mobile phone manufacturers for use by service providers to restrict the use of these phones to specific countries and/or networks. This is in contrast to a phone that does not impose any SIM restrictions.

<span class="mw-page-title-main">Mobile payment</span> Payment services via a mobile device

A mobile payment, also referred to as mobile money, mobile money transfer and mobile wallet, is any of various payment processing services operated under financial regulations and performed from or via a mobile device, as the cardinal class of digital wallet. Instead of paying with cash, cheque, or credit cards, a consumer can use a payment app on a mobile device to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.

<span class="mw-page-title-main">International Mobile Equipment Identity</span> Cellphone identification code

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

Network switching subsystem (NSS) is the component of a GSM system that carries out call out and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location.

GSM services are a standard collection of applications and features available over the Global System for Mobile Communications (GSM) to mobile phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration and implemented in hardware and software by equipment manufacturers and mobile phone operators. The common standard makes it possible to use the same phones with different companies' services, or even roam into different countries. GSM is the world's most dominant mobile phone standard.

<span class="mw-page-title-main">Electronic identification</span> Digital proof of identity

An electronic identification ("eID") is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payments, etc. Apart from online authentication and login, many electronic identity services also give users the option to sign electronic documents with a digital signature.

Digital identity refers to the information utilized by computer systems to represent external entities, including a person, organization, application, or device. When used to describe an individual, it encompasses a person's compiled information and plays a crucial role in automating access to computer-based services, verifying identity online, and enabling computers to mediate relationships between entities. Digital identity for individuals is an aspect of a person's social identity and can also be referred to as online identity.

<span class="mw-page-title-main">Gemalto</span> International digital security company

Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

Phone cloning is the copying of identity from one cellular device to another.

<span class="mw-page-title-main">Estonian identity card</span> National identity card of Estonia

The Estonian identity card is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for giving one's digital signature. Within Europe as well as French overseas territories, Georgia and Tunisia the Estonian ID Card can be used by the citizens of Estonia as a travel document.

<span class="mw-page-title-main">Generic Bootstrapping Architecture</span>

Generic Bootstrapping Architecture (GBA) is a technology that enables the authentication of a user. This authentication is possible if the user owns a valid identity on an HLR or on an HSS.

OneSpan is a publicly traded cybersecurity technology company based in Boston, Massachusetts, with offices in Montreal, Brussels and Zurich. The company offers a cloud-based and open-architected anti-fraud platform and is historically known for its multi-factor authentication and electronic signature software.

Digital identity is used in Australia by residents to validate who they are over digital media, such as over the Internet.

Mobile Signature Service (MSS) is a high-level service specified by the European Telecommunications Standards Institute that defines the roles participating in mobile identity management and mobile signature transactions, as well as functional and business-related requirements and interfaces. The specification is the governing standard for PKI and enables cross-compatible mobile signature solutions.

The Mobile phone industry in Ukraine started in 1993 in analog, and its digital industry showed rapid growth, although there have been ups and downs.

<span class="mw-page-title-main">BankID (Norway)</span>

BankID is a personal electronic identification system in Norway, that is used for identification and signing. The service is provided by the banks in Norway.

References

  1. "News / press". Valimo. Archived from the original on July 26, 2011. Retrieved 4 November 2014.
  2. Archived July 20, 2011, at the Wayback Machine
  3. "Mobiilivarmennus käynnistyi Suomessa". Ficom.fi. Archived from the original on 4 November 2014. Retrieved 4 November 2014.
  4. "Ban on Contraband Cellphones in Iran Reaches LG". Financial Tribune. 2018-02-18. Archived from the original on 2021-01-24. Retrieved 2021-12-30.
  5. "News / press". Valimo. Archived from the original on August 2, 2013. Retrieved 4 November 2014.
  6. "Turkcell selects Gemalto for large mobile signature rollout". SecureIDNews. Archived from the original on 2020-08-05. Retrieved 2020-11-22.
  7. Toker, Aysegul; Varnali, Kaan; Yilmaz, Cengiz (2011-01-01). "Mobile marketing at Turkcell: Turkey's leading mobile operator". Emerald Emerging Markets Case Studies. 1 (1): 1–9. doi:10.1108/20450621111122309. ISSN   2045-0621. Archived from the original on 2021-12-30. Retrieved 2021-12-30.
  8. "The First Ever Mobile Signature Solution? MobilImza, Made in Turkey". Global Innovation Path. 2018-08-29. Archived from the original on 2021-12-30. Retrieved 2020-11-22.
  9. "News / press". Reuters.com. Archived from the original on 3 February 2016. Retrieved 13 February 2009.
  10. "Turkcell Iletisim Hizmetleri ADRs Edge Lower; Alfa Telecom Plans Sale of 13% Stake: Reuters (NYSE:TKC) - Sonoran Weekly Review". Archived from the original on April 10, 2016. Retrieved May 29, 2016.
  11. "Hrriyet - e-imzas olana bankaya gitmeden ATMden kredi". Hurriyet.com.tr. Archived from the original on 4 November 2014. Retrieved 4 November 2014.
  12. Archived September 28, 2007, at the Wayback Machine
  13. "Archived copy". Archived from the original on 2007-09-27. Retrieved 2007-07-02.{{cite web}}: CS1 maint: archived copy as title (link)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.