Cellular Device Versatile personal identification

1
Cellular Device Versatile personal
identification

• Joint workshop on mobile web privacy
• W3C presentation, Dec. 2000

2
This Presentation

• Current challenges
• The cellular perspective
• Proposed action
• About cFORM
• Application example (mSAFE)

3
Current situation

• Lack of effective means of definitive
  identification prevent popular use of
  e-transactions
• Ink-signature available everywhere
• Digital signature is currently restricted

4
Current situation
5
Challenges

• Provide a definitive identification of the user
• Provide sufficient level of security
• Enable non-repudiation
• Provision of cost effective alternative with a
  global spread
• Convenient, easy to use user interface
• Availability across most platforms and devices

6
Cellular perspective

• More cellular users than internet users
• Currently voice-centric rather than data
• Geographically spread with good coverage and
  roaming abilities
• Good means of control over security
• Limited interface

7
Possible methods of identification

• Biometric (price, size,)
• Encryption (software level)
• Smart cards (price, size, interface to ither
  devices)
• Other hardware devices

8
Some drawbacks

• Interface
• Cost
• Security tasks impose load on the cellular device
• Restricted penetration to mass market

9
Possible trends

• A number of cellular OS
• Remote activation of digital signature
• Identification is performed using hardware
  built-in components or software
• Separation of security tasks from main cellular
  processor towards a designated component

10
Proposed action

• Utilize the cellular infra-structure and cellular
  devices as an identification devices
• Creation of a standard method which allow access
  from software (cellular OS) to hardware (built-in
  components in cellular device)

11
cFORM

• Convenient and efficient interface, with
  automated submission of information.
• Personal, secure and accessible information
  repository with external information import
  mechanism low cost, no pain.
• Enable error-free data exchange between
  transacting parties, via unified channels.
• Standard data structure that serves as a basis
  for electronic transactions.

12
Application example - mSAFE

• Strategic partnership with cFORM
• Built-in component
• Handles all security tasks (WTLS, PKI, VPN)
• Has memory to host application software
• Provision of hardware level security
• Gateway to the data streamed to the cellular
  device

13
Internet
Data Encryption
Password protected
Fire Wall
Software Encryption
VPN
WTLS Layer
MSafe Security Technology and hardware
Organizational Information System