Mobile Identity Overview
Mobile Identity is at the heart of the digital economy. It is an extension of digital identity provided via mobile networks or devices. It is not just an enabler for logging in and transacting – it can also play a central role in communication and interaction with people and things.
Current Mobile Identity Solutions
A number of mobile operators have already recognised the importance of taking a role in identity and have deployed services and solutions in response. The primary services and solutions include:
- Federated Identity – Provides a mechanism for a single set of credentials (a single digital identity) to be used across multiple IT systems or websites, rather than the user having to register and remember credentials for each. Because the user has already registered with their mobile operator, logging in becomes a simple one-click process: the user selects their operator as their chosen identity provider and the login process takes place automatically.
- Second Factor Authentication– Mobile is used as a second factor overlay for more secure access to content, locations and services, and to boost the security of online transactions. The security of an identity authentication system or process is increased by using mechanisms or parameters from more than one of the following categories:
- Something I know (e.g. username, password or PIN)
- Something I have (e.g. SIM card and mobile device)
- Something I am (e.g. location, behavioural profile or biometric parameter)
- Mobile Digital Signature – The SIM already provides a secure environment for running cryptographic operations (for authenticating the user on the network) so is an apt tool for supporting digital signatures. By establishing a Wireless Public Key Infrastructure (WPKI) and providing digital certificates to users via the SIM, a digital identity can be established and used across a wide range of services, especially where there is a high level of contingent risk or potential loss. A number of governments around the world have found mobile digital signature methodologies to be secure enough for them to be afforded the same rights, in law, as a handwritten signature on a piece of paper. In Turkey, Moldova, Estonia, Finland and elsewhere, it is possible to sign contracts via mobile, arrange a loan, buy a property or even vote.
- Identity Attribute Brokerage – There can be considerable benefit to users and service providers when basic information about the user (pertaining to that individual’s identity) can be shared, selectively. For example the individual’s name and address can be automatically provided for an online purchase or personalised information is presented to the individual based on their location. Mobile operators are especially well placed to act on the user’s behalf in brokering this type of information to third parties.