Mobile identity management
Mobile Identity is a development of the traditional online authentication and digital signing; the SIM card of one’s mobile phone works as an identity tool. Mobile Identity enables legally binding authentication and transaction signing for online banking, payment confirmation, corporate services, and consuming online content. The user’s certificates are maintained on the telecom operator’s SIM card and in order to use them, the user has to enter a personal, secret PIN code. When using Mobile Identity, no separate card reader is needed, as the phone itself already performs both functions.
In contrast to other approaches, the mobile phone in conjunction with a mobile signature-enabled SIM card offers the same security and superior ease of use than for example Smart cards in existing Digital identity management systems. Smart card-based digital identities can only be used in conjunction with a card reader and a PC. In addition, distributing and managing the cards has become a logistical nightmare, exacerbated by the lack of interoperability between services relying on such a digital identity.
With the mobile signature concept, there are a number of private company stakeholders that have an inherent interest in setting up a mobile signature service infrastructure thus offering mobile identity services. These stakeholders are mobile network operators and to a certain extent financial institutions or service providers with an existing large customer base, that could leverage the use of mobile signatures across several applications.
Status quo in different countries
|This section is empty. You can help by adding to it. (July 2010)|
The Finnish government has supervised the deployment of a common derivative of the ETSI-based mobile signature service standard, thus allowing the Finnish mobile operators to offer mobile signature services. The Finnish government certificate authority (CA) also issues the certificates that link the digital keys on the SIM card to the person’s real world identity.
The need for new authentication solutions like Mobile Identity in the Nordic region is rapidly growing as governments, public sector and financial institutions are increasingly offering online and mobile channels to access their services. These new services require more secure and user-friendly authentication methods.
In Sweden a consortium owned by banks and mobile operators (WPK.Net) is specifying a mobile signature service infrastructure that is first used by banks to authenticate online banking users. Later on the mobile signature services is supposed to be available for other applications as well.
Telenor Sweden has provided technology for the company's mobile signature services in Sweden since 2009. Telenor enables its customers a convenient and secure login to online services using their mobile phone for authentication and digital signing.
The Estonian government has issued all citizens with a Smart card, but citizens are using the digital identity sparsely. There is now a concerted effort from the private industry to leverage the Estonian CA landscape and deploy mobile signature services, thus enabling Estonian citizens to port their existing digital identity to the mobile phone.
Other services relying on mobile signatures are:
- Securing the withdrawal of small loans from an ATM
- Processing custom work flow processes by enabling applicants to use mobile signatures.
http://www.valimo.com/news_and_events/26-02-2009/kenya-turkey-japan-lead-mobile-money-trend http://www.todayszaman.com/tz-web/detaylar.do?load=detay&link=113484 http://www.hurriyet.com.tr/ekonomi/6307988.asp?gid=196 http://www.turkcell.com.tr/bultenler/2007_02_20_mobile_signature_eng.pdf
The Austrian government has decided to allow private sector companies to propose means for storing the government-controlled digital identity. Since 2006, the Austrian government has explicitly mentioned mobile phones as one of the likely devices to be used for storing and managing a digital identity. Eight Austrian saving banks will launch[when?] a pilot allowing online user authentication with mobile signatures.