Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro

7/28/2019 Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro

http://slidepdf.com/reader/full/application-of-the-usim-card-as-secure-device-for-eletronic-signaturenfuertes 1/8

Application of the U(SIM) card assecure device for electronicsignature

Mr. Pedro Fuertes

Head of Business Development and Innovation

Vodafone Spain

8th International Common Criteria Congress

Rome, September, 26th



8th ICCC, Rome, 26th Sept 2007

Versión 1.0

Mobile Electronic Signature2

Goals

• To introduce the Mobile Digital Signature

from Vodafone Spain

• To show the business opportunities for

secure SIM based products

• To propose the CC world to develop a specific

approach for SIM Certification




Versión 1.0


Mobile Electronic Signature from Vodafone Spain

• Signature of documents from the mobile

• Based on PKI, secure, robust

• Under EU regulations

• Multi CA

• Allows:

– Introduction of new services – Substitution of existing Authorization

and Authentication methods

• Easy to use

• Large customer base

• HW and Basic SW certified at EAL 4+ (1)

Vodafone’s Mobile Digital Signature solution

takes PKI security to the mobile world

How do you s ign,

pen or m obi le?

(1) Cert i f icat ions ID BSI-DSZ-CC-0353-2005

And TUVIT-DSZ-CC-9253-2006




Versión 1.0


Why the mobile, why in the SIM?

HANDSET WITHMOBILE

ELECTRONIC

SIGNATURE

- PC

- INTERNET CONNECTION- SCREEN

- KEYBOARD

- CARD + READER or

- SW CERTIFICATE

=

1999 2001 2003 2005 2007

Directive 1999/93/CERD 14/1999

34/2002 IS Law59/2003 ES Law

Apps withoutcertificate Mono CA applications Multi CA applications

CA’s set up

DNIe

Coordinates cards

Certificate’s usage

MobileElectronic

Signature

PIN as

secure

method




Versión 1.0


Transaction flows

END

USERVODAFONE ENTITY

or

“SERVICE

PROVIDER”

(Bank,

Public Ad,

Corp)

CA

(Trusted

Third

Party)

END

USERVODAFONE ENTITY

or

“SERVICE

PROVIDER”

(Bank,

Public Ad,

Corp)

CA

(Trusted

Third

Party)

1

1

1

1

2

2

4

4

5

5

3

3

3

3

MES Sign in by Entity

Economic Flows

Customer sign in

Service usage (transactions)

B2BC usage by the Entity

MES Sign in by Entity

Economic Flows

Customer sign in

Service usage (transactions)

B2BC usage by the Entity

• Certificate strength resides in the CA

• Vodafone acts as a intermediate between the Service Provider and theCA, adding the mobility value

• The Service Provider builds its own services on top of the MobileElectronic Signature




Versión 1.0


Is it worth to work on SIM Security?

• High penetration (> 107% in Spain)

• Intrinsically secure at Operator’s degree

• Room for several certificates

• Increasing processing capacity, Java

Cards and crypto-coprocessors

• Increasing importance for Operators

– m-Payment

– Mobile TV

– Trusted applications

– DRM

– Access to other networks

http://www.openmobilealliance.org/index.html

http://www.spectre-online.co.uk/images/products/Vodafone/vodafone_sim_card.jpg




Versión 1.0


Proposals for Mobile Digital Signature ramp up

We propose the CC World to define a specific

approach to the SIM Certification in order to realise

all the business opportunities that are ahead

• In order to realise the business opportunities for the

Digital Signature in the mobile world, we recommend the

Common Criteria Forum to work on:

• Speed up the certification process and time

• Adapt and make more flexible the certification process



Thanks.

Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro

Documents

Transcript of Application of the U(Sim) Card as Secure Device for Eletronic Signaturen_Fuertes Pedro