Mobile signature

Mobile signature

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card.


Contents

Origins of the term

mSign

The term first appeared in articles introducing mSign (short for Mobile Electronic Signature Consortium). It was founded in 1999 and comprised 35 member companies. In October 2000, the consortium published an XML-interface defining a protocol allowing service providers to obtain a mobile (digital) signature from a mobile phone subscriber.

In 2001, mSign gained industry-wide coverage when it came apparent that Brokat (one of the founders company) also obtained a process patent in Germany for using the mobile phone to generate digital signatures.

MoSign project and standardization attempt

The MoSign project (short for Mobile Signature) initiated by the companies Deutsche Bank, Ericsson, Materna, Microsoft, Sema Group, Siemens and TC TrustCenter was meant to demonstrate the deployment of electronic signatures using a "mobile signing device".

The mobile signing device comprised a Siemens IC35 organizer with an integrated WAP browser and a Smart card reader. The user was meant to connect the IC35 via the IrDA interface to an internet-enabled mobile device, that would enable the IC 35's WAP browser to view WAP pages from a remote server. To generate a mobile signature the user inserted a Smart card into the IC35's card slot. The digital keys are stored on the Smart card and the signing application was based on the WAP 1.2 Crypto SignText implementation in the WAP browser stack.

In March 2001, four German banks - Deutsche Bank, Commerzbank, Dresdner Bank and HypoVereinsbank announced that they would use the findings from the MoSign project and would develop it into a single standard for electronic signatures used in conjunction with mobile devices and financial services.

ETSI-MSS standardization

The term was then used by Paul Gibson (G&D) and Romary Dupuis (France Telecom) in their standardisation work at the European Telecommunications Standards Institute (ETSI) and published in ETSI Technical Report TR 102 203.

The ETSI-MSS specifications define an XML interface and Mobile Signature Roaming for systems implementing mobile signature services.

Mobile signatures today

Currently, GSM phones and WAP phones are mostly supporting this technology. Those mobile signature services on sim cards can be supported by almost all GSM phones, regardless of their capacity. In the near future, 3 G-phones and other portable devices will feature a similar mobile signature application.

The mobile signature is the legal equivalent of your own wet signature. The mobile signature is created by typing a secret code (i.e. your signing PIN) into the signing device (for example: your mobile phone). This secret code in combination with your key storage token (for example: SIM card) and a chosen text triggers a cryptographic algorithm to generate the (digital) signature.

Each of your mobile/digital signatures can be linked to a digital certificate (an electronic record) that vouches for your real-world identity.

Thus, the mobile signature is a unique feature for:

  • Proving your real-world identity to third parties without face-to-face communications
  • Making a legally-binding commitment by sending a confirmed message to another party
  • Solve security problems of the online world with identity confirmation.

Authentication may still be vulnerable to man in the middle attacks and trojan horses, depending on the scheme employed.[1] Schemes like one-time-password-generators and two-factor authentication does not completely solve man in the middle attacks on an open network like the Internet. However, supporting the authentication on the Internet with a parallel closed network like mobile/GSM and a digital signature enabled SIM card is the most secure method today against the man in the middle attack. If application provider provides a detailed explanation of the transaction to be signed both on its Internet site and signing request to mobile operator, the attack can easily be recognized by the individual by comparing both screens. Since operators do not let anonymous third parties to send signing request, normally the cost and technicality of intrusion between the application provider and the mobile operator, makes it an improbable attack target.

Mobile Signature with On Board Key Generation

Turkcell is the first provider of a mobile signature service with "On Board Key Generation" functionality, which enables customers to create their signing and validation key pair, after they get the simcard. In this way GSM operators do not need to distribute signing PINs to customers. Customers can create their PIN anew, on their own.[2]

Sources for the origins of the term

  • mSign: Announcement of MSign formation (in German only), 17.10.2000[3]
  • MoSign: Materna Monitor - company magazine, December 2004[4]
  • MoSign: International Herald Tribune tech brief, 26.3.2001[5]
  • MobilImza: Turkcell Mobil Imza 10.3.2008[6][7]

References

  1. ^ http://www.schneier.com/essay-083.html
  2. ^ (Turkish) Turkcell.com
  3. ^ Golem.de
  4. ^ Materna-tmt.de
  5. ^ IHT.com
  6. ^ (Turkish) Turkcell.com
  7. ^ (English) Turkcellmobilesignature.com

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Mobile Signature Roaming — The concept of Mobile signature Roaming is: an Access point (AP) should be able to get a Mobile Signature from any enduser, even if the AP and the enduser have not contracted a commercial relationship with the same MSSP. Otherwise, an AP would… …   Wikipedia

  • Mobile identity management — The mobile phone in addition to a wallet and house keys has become one of the essentials to take with you when leaving the house. By storing all the technical necessary applications on a SIM card, the mobile phone has turned into a device for… …   Wikipedia

  • Signature — A signature (from Latin signare , sign ) is a handwritten (and sometimes stylized) depiction of someone s name, nickname or even a simple X that a person writes on documents as a proof of identity and intent. The writer of a signature is a… …   Wikipedia

  • Mobile Electronic Signature Consortium — (referred to as mSign ) was founded in 1999 and comprised 35 member companies. In Oct. 2000, the consortium published an XMl interface defining a protocol allowing service providers to obtain a mobile (digital) signature from a mobile phone… …   Wikipedia

  • Mobile Suit Gundam Wing — North American DVD cover of Gundam Wing Volume 1, featuring the protagonist Heero Yuy and his original mobile suit, Wing Gundam 新機動戦記ガンダムW (New Mobile Report Gundam Wing) …   Wikipedia

  • Mobile software — is designed to run on handheld computers, personal digital assistants (PDAs), enterprise digital assistants (EDAs), smartphones and cellphones. Since the first handheld computers of the 1980s, the popularity of these platforms has risen… …   Wikipedia

  • Mobile Fidelity Sound Lab — (MFSL or MoFi) is a company known as an innovator in the production of audiophile quality sound recordings. All releases are advertised as being produced from the first generation analog master recordings, and using proprietary technology, which… …   Wikipedia

  • Mobile Assisted Language Learning — Contents 1 Definition 2 History 3 Current Trends 4 The Future of MALL 5 MALL Professional Organi …   Wikipedia

  • Mobile submarine simulator — The mobile submarine simulator (MOSS) MK70 is a sonar decoy used by submarines of the United States Navy. It was a 10 inch vehicle, without an explosive warhead, but able to generate both an active sonar echo and a passive sound signature… …   Wikipedia

  • mobile electronic signature — mobilusis elektroninis parašas statusas T sritis informatika apibrėžtis ↑Elektroninis parašas, kuriuo galima pasirašyti duomenis naudojantis mobiliuoju telefonu, neturint papildomos elektroninio parašo aparatinės arba programinės įrangos.… …   Enciklopedinis kompiuterijos žodynas

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”