mobile authentication on the internet

1 Extended roles for the SIM C1

10 April 2023

Group R&D

Mobile Authentication on the Internet

Presented by Paul Lahaije

“OpenID Event”, Haarlem, 12 May 2009

C1

Group R&D

Extended roles for the SIM2 10 April 2023

Increasing demand for secure authentication on the Internet

• Secure remote access to Corporate IT systems–Market value of $608Mn in 2008 (IDC).

• Online banking–A survey of European retail banks identified ID theft as the highest financial crime

priority to address

• Online identity–challenge of securely managing multiple passwords and online identities

• E-government–Filing online tax returns (e.g. DIGID in the Netherlands)

Online governmental

services Online

bankingCorpo

rate

acce

ss (V

PN)

Online social

networks

Sing

le S

ign O

n

Mob

ile

serv

ices

on

the

PC

“Are you really the person you claim to

be?”

Age check

User authentication

C1

Group R&D


The added value of Mobile Authentication

• Adding security to online services (Second channel for authentication)

• Improved user convenience (Single Sign On)

• Availability: User’s always carry their mobile phone with them

• Mobile phone penetration is close to 100% in many markets

• Real-time communication interface to the user

• Effective fraud control - customers on average report a stolen mobile phone in 28 minutes and application can be stopped immediately over the mobile network.

Picture to be added

C1

Group R&D


The core value of the SIM

• Secure authentication for more than 4 Billion users

• As secure as banking cards

• Standardized– Global Platform, ETSI-SCP– SIM Toolkit applications / Java clients

• Multi application platform– The SIM can host service provider trusted applications (e.g. banking application,

NFC ticketing) in separate security domains– Service providers can “rent” their own space in the SIM

• Remote Management over the air– Payment providers can remotely manage their own applications via a trusted third

party

• Portable, terminal independent

C1

Group R&D


SIM technology evolution

• Smart Card Web Server (OMA); an embedded web server on the SIM

• USB High Speed Interface, TCP/IP supported

• Secure domains on smartcards to support multiple applications

• Towards an open internet compatible smart card execution environment: Javacard, .NET, Java Servlet, SCWS

The SIM is becoming a secure IP network element

C1

Group R&D


The SIM as the Identity Token for the Internet

Enabling the Mobile Operator to become an Internet Security Provider

• Adding Security to the Internet (e.g. PKI based user authentication)

• Improving user convenience (no need to remember multiple usernames/passwords)

• Digital Identity Management (private information stored on the SIM)

security conveniencemore

less

more

less

C1

Group R&D


SIM-Based Authentication Architecture

Web Service:- Online Banking- E-Government service- Social network service- OpenID Consumer

Identity Provider:- OpenID- Liberty Alliance- Microsoft CardSpace- ...

Authentication Services:- One-Time-Password- Wireless PKI- ....

User Interface:- (Mobile) Web Browser- (Mobile) Widget- SIM Intelligent Client- ...

IP/Device Convergence

C1

Group R&D


Demonstration

• Introducing SIM based authentication to OpenID

• Supporting different authentication methods– One-Time-Password– WPKI

• Could be applied to various online services– Online social network services– Online banking– E-government services

• Demonstration movie

C1

Group R&D


Summary and Conclusions

• The SIM can enable Mobile Operators to become Internet Security Providers, offering Security and Identity for online services

Let’s join forces to exploit the SIM strength’s to become

“The Identity Token” for the Internet.

10 Extended roles for the SIM C1

10 April 2023

Group R&D

Thank you

mobile authentication on the internet

Technology