Mobile Authentication on the Internet

997 views

Published on

Mobile Authentication on the Internet

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
997
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mobile Authentication on the Internet

  1. 1. Mobile Authentication on the Internet Presented by Paul Lahaije “OpenID Event”, Haarlem, 12 May 2009 1 Extended roles for the SIM C1 14 May 2009 Group R&D
  2. 2. Increasing demand for secure authentication on the Internet • Secure remote access to Corporate IT systems Online –Market value of $608Mn in 2008 governmental services (IDC). • Online banking –A survey of European retail banks identified ID theft as the highest financial crime priority to address User authentication • Online identity “Are you really the –challenge of securely managing person you claim to be?” multiple passwords and online identities • E-government –Filing online tax returns (e.g. DIGID in the Netherlands) 2 Extended roles for the SIM C1 14 May 2009 Group R&D
  3. 3. The added value of Mobile Authentication • Adding security to online services (Second channel for authentication) • Improved user convenience (Single Sign On) • Availability: User’s always carry their mobile phone with them Picture to be added • Mobile phone penetration is close to 100% in many markets • Real-time communication interface to the user • Effective fraud control - customers on average report a stolen mobile phone in 28 minutes and application can be stopped immediately over the mobile network. 3 Extended roles for the SIM C1 14 May 2009 Group R&D
  4. 4. The core value of the SIM • Secure authentication for more than 4 Billion users • As secure as banking cards • Standardized – Global Platform, ETSI-SCP – SIM Toolkit applications / Java clients • Multi application platform – The SIM can host service provider trusted applications (e.g. banking application, NFC ticketing) in separate security domains – Service providers can “rent” their own space in the SIM • Remote Management over the air – Payment providers can remotely manage their own applications via a trusted third party • Portable, terminal independent 4 Extended roles for the SIM C1 14 May 2009 Group R&D
  5. 5. SIM technology evolution • Smart Card Web Server (OMA); an embedded web server on the SIM • USB High Speed Interface, TCP/IP supported • Secure domains on smartcards to support multiple applications • Towards an open internet compatible smart card execution environment: Javacard, .NET, Java Servlet, SCWS The SIM is becoming a secure IP network element 5 Extended roles for the SIM C1 14 May 2009 Group R&D
  6. 6. The SIM as the Identity Token for the Internet Enabling the Mobile Operator to become an Internet Security Provider • Adding Security to the Internet (e.g. PKI based user authentication) • Improving user convenience more more convenience security (no need to remember multiple usernames/passwords) less less • Digital Identity Management (private information stored on the SIM) 6 Extended roles for the SIM C1 14 May 2009 Group R&D
  7. 7. SIM-Based Authentication Architecture Identity Provider: Web Service: -OpenID -Online Banking -Liberty Alliance -E-Government service -Microsoft CardSpace -Social network service - ... -OpenID Consumer Authentication Services: IP/Device -One-Time-Password -Wireless PKI Convergence -.... User Interface: -(Mobile) Web Browser -(Mobile) Widget -SIM Intelligent Client - ... 7 Extended roles for the SIM C1 14 May 2009 Group R&D
  8. 8. Demonstration • Introducing SIM based authentication to OpenID • Supporting different authentication methods – One-Time-Password – WPKI • Could be applied to various online services – Online social network services – Online banking – E-government services • Demonstration movie 8 Extended roles for the SIM C1 14 May 2009 Group R&D
  9. 9. Summary and Conclusions • The SIM can enable Mobile Operators to become Internet Security Providers, offering Security and Identity for online services Let’s join forces to exploit the SIM strength’s to become “The Identity Token” for the Internet. 9 Extended roles for the SIM C1 14 May 2009 Group R&D
  10. 10. Thank you 10 Extended roles for the SIM C1 14 May 2009 Group R&D

×