Boost PC performance: How more available memory can improve productivity
Mobile Authentication on the Internet
1. Mobile Authentication on the Internet
Presented by Paul Lahaije
“OpenID Event”, Haarlem, 12 May 2009
1 Extended roles for the SIM C1 14 May 2009
Group R&D
2. Increasing demand for secure authentication on the
Internet
• Secure remote access to Corporate
IT systems Online
–Market value of $608Mn in 2008 governmental
services
(IDC).
• Online banking
–A survey of European retail banks
identified ID theft as the highest
financial crime priority to address
User authentication
• Online identity “Are you really the
–challenge of securely managing person you claim to
be?”
multiple passwords and online
identities
• E-government
–Filing online tax returns (e.g. DIGID in
the Netherlands)
2 Extended roles for the SIM C1 14 May 2009
Group R&D
3. The added value of Mobile Authentication
• Adding security to online services
(Second channel for authentication)
• Improved user convenience
(Single Sign On)
• Availability: User’s always carry their
mobile phone with them Picture to be
added
• Mobile phone penetration is close to
100% in many markets
• Real-time communication interface to
the user
• Effective fraud control - customers on
average report a stolen mobile phone in
28 minutes and application can be
stopped immediately over the mobile
network.
3 Extended roles for the SIM C1 14 May 2009
Group R&D
4. The core value of the SIM
• Secure authentication for more than 4 Billion users
• As secure as banking cards
• Standardized
– Global Platform, ETSI-SCP
– SIM Toolkit applications / Java clients
• Multi application platform
– The SIM can host service provider trusted applications (e.g. banking application,
NFC ticketing) in separate security domains
– Service providers can “rent” their own space in the SIM
• Remote Management over the air
– Payment providers can remotely manage their own applications via a trusted third
party
• Portable, terminal independent
4 Extended roles for the SIM C1 14 May 2009
Group R&D
5. SIM technology evolution
• Smart Card Web Server (OMA); an embedded
web server on the SIM
• USB High Speed Interface, TCP/IP supported
• Secure domains on smartcards to support
multiple applications
• Towards an open internet compatible smart
card execution environment: Javacard, .NET,
Java Servlet, SCWS
The SIM is becoming a secure IP
network element
5 Extended roles for the SIM C1 14 May 2009
Group R&D
6. The SIM as the Identity Token for the Internet
Enabling the Mobile Operator to become an
Internet Security Provider
• Adding Security to the Internet
(e.g. PKI based user authentication)
• Improving user convenience more
more
convenience
security
(no need to remember multiple
usernames/passwords) less
less
• Digital Identity Management
(private information stored on the SIM)
6 Extended roles for the SIM C1 14 May 2009
Group R&D
7. SIM-Based Authentication Architecture
Identity Provider:
Web Service:
-OpenID
-Online Banking
-Liberty Alliance
-E-Government service
-Microsoft CardSpace
-Social network service
- ...
-OpenID Consumer
Authentication Services:
IP/Device -One-Time-Password
-Wireless PKI
Convergence -....
User Interface:
-(Mobile) Web Browser
-(Mobile) Widget
-SIM Intelligent Client
- ...
7 Extended roles for the SIM C1 14 May 2009
Group R&D
8. Demonstration
• Introducing SIM based authentication to OpenID
• Supporting different authentication methods
– One-Time-Password
– WPKI
• Could be applied to various online services
– Online social network services
– Online banking
– E-government services
• Demonstration movie
8 Extended roles for the SIM C1 14 May 2009
Group R&D
9. Summary and Conclusions
• The SIM can enable Mobile Operators to become Internet Security
Providers, offering Security and Identity for online services
Let’s join forces to exploit the SIM strength’s to become
“The Identity Token” for the Internet.
9 Extended roles for the SIM C1 14 May 2009
Group R&D
10. Thank you
10 Extended roles for the SIM C1 14 May 2009
Group R&D