Mobile identity management

Mobile Identity Management is viewed as an approach that can address both usability and trust concerns in mobile business. The mobile phone in addition to a wallet and house keys has become one of the essentials to take with you when leaving the house. By storing all the technical necessary applications on a SIM card, the mobile phone has turned into a device for managing each person’s digital identity.

In contrast to other approaches, the mobile phone in conjunction with a mobile signature-enabled SIM card offers the same security and superior ease of use than for example Smart cards in existing Digital identity management systems.

Smart card-based digital identities can only be used in conjunction with a card reader and a PC. In addition, distributing and managing the cards has become a logistical nightmare, exacerbated by the lack of interoperability between services relying on such a digital identity.

With the mobile signature concept, there are a number of private company stakeholders that have an inherent interest in setting up a mobile signature service infrastructure thus offering mobile identity services. These stakeholders are mobile network operators and to a certain extent financial institutions or service providers with an existing large customer base, that could leverage the use of mobile signatures across several applications.

Status quo in different countries

Finland: The Finnish government has supervised the deployment of a common derivative of the ETSI-based mobile signature service standard, thus allowing the Finnish mobile operators to offer mobile signature services. The Finnish government CA also issues the certificates that link the digital keys on the SIM card to the person’s real world identity.

See also:

• http://www.valimo.com/news_and_events/news/2007/87
• http://www.vrk.fi/vrk/home.nsf/pages/9C0B5FFC32EC6AF2C225724400511298?opendo

Sweden: In Sweden a consortium owned by banks and mobile operators (WPK.Net) is specifying a mobile signature service infrastructure that is first used by banks to authenticate online banking users. Later on the mobile signature services is supposed to be available for other applications as well.

See: http://www.wpki.net

Estonia: The Estonian government has issued all citizens with a Smart card, but citizens are using the digital identity sparsely. There is no concerted effort from the private industry to leverage the Estonian CA landscape and deploy mobile signature services, thus enabling Estonian citizens to port their existing digital identity to the mobile phone.

Turkey: The mobile operator Turkcell has bought a mobile signature service infrastructure and has now signed up 8 Turkish banks to enable them to use mobile signatures for online user authentication.

Other services relying on mobile signatures are:

• Securing the withdrawal of small loans from an ATM
• Processing custom work flow processes by enabling applicants to use

mobile signatures. see also: http://www.todayszaman.com/tz-web/detaylar.do?load=detay&link=113484 http://www.hurriyet.com.tr/ekonomi/6307988.asp?gid=196 http://www.turkcell.com.tr/bultenler/2007_02_20_mobile_signature_eng.pdf

Austria: The Austrian government has decided to allow private sector companies to propose means for storing the government-controlled digital identity. Since 2006, the Austrian government has explicitly mentioned mobile phones as one of the likely devices to be used for storing and managing a digital identity. 8 Austrian saving banks will launch a pilot allowing online user authentication with mobile signatures.

See also: https://www.quelle-bausparkasse.de/presse/detail/88/