Post on 03-Apr-2018
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 1/8
Application of the U(SIM) card assecure device for electronicsignature
Mr. Pedro Fuertes
Head of Business Development and Innovation
Vodafone Spain
8th International Common Criteria Congress
Rome, September, 26th
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 2/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature2
Goals
• To introduce the Mobile Digital Signature
from Vodafone Spain
• To show the business opportunities for
secure SIM based products
• To propose the CC world to develop a specific
approach for SIM Certification
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 3/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature3
Mobile Electronic Signature from Vodafone Spain
• Signature of documents from the mobile
• Based on PKI, secure, robust
• Under EU regulations
• Multi CA
• Allows:
– Introduction of new services – Substitution of existing Authorization
and Authentication methods
• Easy to use
• Large customer base
• HW and Basic SW certified at EAL 4+ (1)
Vodafone’s Mobile Digital Signature solution
takes PKI security to the mobile world
How do you s ign,
pen or m obi le?
(1) Cert i f icat ions ID BSI-DSZ-CC-0353-2005
And TUVIT-DSZ-CC-9253-2006
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 4/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature4
Why the mobile, why in the SIM?
HANDSET WITHMOBILE
ELECTRONIC
SIGNATURE
- PC
- INTERNET CONNECTION- SCREEN
- KEYBOARD
- CARD + READER or
- SW CERTIFICATE
=
1999 2001 2003 2005 2007
Directive 1999/93/CERD 14/1999
34/2002 IS Law59/2003 ES Law
Apps withoutcertificate Mono CA applications Multi CA applications
CA’s set up
DNIe
Coordinates cards
Certificate’s usage
MobileElectronic
Signature
PIN as
secure
method
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 5/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature5
Transaction flows
END
USERVODAFONE ENTITY
or
“SERVICE
PROVIDER”
(Bank,
Public Ad,
Corp)
CA
(Trusted
Third
Party)
END
USERVODAFONE ENTITY
or
“SERVICE
PROVIDER”
(Bank,
Public Ad,
Corp)
CA
(Trusted
Third
Party)
1
1
1
1
2
2
4
4
5
5
3
3
3
3
MES Sign in by Entity
Economic Flows
Customer sign in
Service usage (transactions)
B2BC usage by the Entity
MES Sign in by Entity
Economic Flows
Customer sign in
Service usage (transactions)
B2BC usage by the Entity
• Certificate strength resides in the CA
• Vodafone acts as a intermediate between the Service Provider and theCA, adding the mobility value
• The Service Provider builds its own services on top of the MobileElectronic Signature
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 6/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature6
Is it worth to work on SIM Security?
• High penetration (> 107% in Spain)
• Intrinsically secure at Operator’s degree
• Room for several certificates
• Increasing processing capacity, Java
Cards and crypto-coprocessors
• Increasing importance for Operators
– m-Payment
– Mobile TV
– Trusted applications
– DRM
– Access to other networks
7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro
http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 7/8
8th ICCC, Rome, 26th Sept 2007
Versión 1.0
Mobile Electronic Signature7
Proposals for Mobile Digital Signature ramp up
We propose the CC World to define a specific
approach to the SIM Certification in order to realise
all the business opportunities that are ahead
• In order to realise the business opportunities for the
Digital Signature in the mobile world, we recommend the
Common Criteria Forum to work on:
• Speed up the certification process and time
• Adapt and make more flexible the certification process