Mobile identity management
|This article needs additional citations for verification. (March 2011) (Learn how and when to remove this template message)|
Mobile identity is a development of online authentication and digital signatures, where the SIM card of one’s mobile phone works as an identity tool. Mobile identity enables legally binding authentication and transaction signing for online banking, payment confirmation, corporate services, and consuming online content. The user's certificates are maintained on the telecom operator's SIM card and in order to use them, the user has to enter a personal, secret PIN code. When using mobile identity, no separate card reader is needed, as the phone itself already performs both functions.
In contrast to other approaches, the mobile phone in conjunction with a mobile signature-enabled SIM card aims to offers the same security and ease of use as for example smart cards in existing digital identity management systems. Smart card-based digital identities can only be used in conjunction with a card reader and a PC. In addition, distributing and managing the cards can be logistically difficult, exacerbated by the lack of interoperability between services relying on such a digital identity.
There are a number of private company stakeholders that have an inherent interest in setting up a mobile signature service infrastructure to offer mobile identity services. These stakeholders are mobile network operators and, to a certain extent, financial institutions or service providers with an existing large customer base, that could leverage the use of mobile signatures across several applications.
The Finnish government has supervised the deployment of a common derivative of the ETSI-based mobile signature service standard, thus allowing the Finnish mobile operators to offer mobile signature services. The Finnish government certificate authority (CA) also issues the certificates that link the digital keys on the SIM card to the person’s real world identity.
In the Nordic region, governments, public sector and financial institutions are increasingly offering online and mobile channels to access their services. In Sweden the WPK consortium, owned by banks and mobile operators, specifies a mobile signature service infrastructure that is used by banks to authenticate online banking users.
Telenor Sverige has provided technology for the company's mobile signature services in Sweden since 2009. Telenor enables its customers a secure login to online services using their mobile phone for authentication and digital signing.
The Estonian government issues all citizens with a smart card and digital identity called the Estonian ID card. Additionally, Sertifitseerimiskeskus, the certificate authority of Estonia issues special SIM cards to mobile phones which act as national personal identification method. The service is called m-id.
The mobile operator Turkcell has bought a mobile signature service infrastructure and has now signed up eight Turkish banks[which?] to enable them to use mobile signatures for online user authentication.
Other services relying on mobile signatures in Turkey include securing the withdrawal of small loans from an ATM, and processing custom work flow processes by enabling applicants to use mobile signatures.
The Austrian government allows private sector companies to propose means for storing the government-controlled digital identity. Since 2006, the Austrian government has explicitly mentioned mobile phones as one of the likely devices to be used for storing and managing a digital identity. Eight Austrian saving banks will launch[when?] a pilot allowing online user authentication with mobile signatures.
- "News / press". Valimo. Archived from the original on July 26, 2011. Retrieved 4 November 2014.
-  Archived July 20, 2011, at the Wayback Machine.
- "Mobiilivarmennus käynnistyi Suomessa". Ficom.fi. Retrieved 4 November 2014.
- "News / press". Valimo. Archived from the original on August 2, 2013. Retrieved 4 November 2014.
- "News / press". Reuters.com. Retrieved 13 February 2009.
- "Archived copy". Archived from the original on April 10, 2016. Retrieved May 29, 2016.
- "Hrriyet - e-imzas olana bankaya gitmeden ATMden kredi". Hurriyet.com.tr. Retrieved 4 November 2014.
-  Archived September 28, 2007, at the Wayback Machine.
- [dead link]