1

Hochiminh City University of TechnologyFaculty of Computer Science and Engineering

Mobile Identity

Present:Nguyen Thi Thuy Loan

2

OUTLINE

• Introduction• Mobile identity authentication• Mobile Identity Management• Q&A

3

Introduction

• Mobile devices– Mobile phones– Smart cards– RFIDs

4

Introduction

• Elements of a mobile identity– Information describe a mobile user’s identity.– Technical access to components of a mobile

identity.– Third parties and exchange information.

5

Introduction

• User Identity– Something I know • username, password or PIN

6

Introduction

• User Identity– Something I know – Something I have • SIM card and mobile device

7

Introduction

• User Identity– Something I know – Something I have – Something I am • location, behavioural profile or biometric parameter

8

Mobile identity authentication

• SIM card:– Tampered resistant module providing strong

authentication to Internet applications and services.

9

Mobile identity authentication

• SIM card:– Include: • International Mobile Subscriber Identity• strong encryption functions

10

Mobile identity authentication

• SIM card:– GSM authentication• Random challenge: RAND• 64-bit session key Kc 128-bit• Response value SRES

11

Mobile identity authentication

• Mobile Digital Signature– Proving your real-world identity to third parties.– Making a legally-binding commitment by sending

a confirmed message to another party.– Solve security problems of the online world with

identity confirmation

12

Mobile identity authentication

• Use RSA private key in SIM card.

13

Mobile Identity Management

• GSM-based Mobile Identity Management– Profile management• the information may be encrypted before it is stored on

the device or transmitted to the network operator.

14

Mobile Identity Management

• GSM-based Mobile Identity Management– Profile management– Exchanging mobile identities• The current legal landscape already limits the way of

how to reveal mobile identity information.

15

Mobile Identity Management

• GSM-based Mobile Identity Management– Profile management– Exchanging mobile identities– Applications for mobile identities• marketing service, disaster service.

16

Mobile Identity Management

• Mobile Identity Management System Target:– Easy identity management & application access– Secure and controlled mobile authentication– Works with native and web based mobile apps

17

Mobile Identity Management

• Mobile Identity Management System

18

Mobile Identity Management

• Authentication in Mobile Identity Management System– 3-factor authentication• Smart cards that store a biometric matching template• Smart cards store the biometric matching template and

the matching algorithm on the card• Tokens provide the full biometric authentication

process (sensors, feature extraction to acquire a query template from the biometric measurement

19

Q&A