Transcript Vodafone PowerPoint template
Application of the U(SIM) card as secure device for electronic signature
Mr. Pedro Fuertes Head of Business Development and Innovation Vodafone Spain 8th International Common Criteria Congress Rome, September, 26th
Goals
•
To introduce the Mobile Digital Signature from Vodafone Spain
•
To show the business opportunities for secure SIM based products
•
To propose the CC world to develop a specific approach for SIM Certification
2 Mobile Electronic Signature 8th ICCC, Rome, 26th Sept 2007 Versión 1.0
Mobile Electronic Signature from Vodafone Spain
•
Signature of documents from the mobile
How do you sign, pen or mobile?
•
Based on PKI, secure, robust
•
Under EU regulations
•
Multi CA
•
Allows:
–
Introduction of new services
–
Substitution of existing Authorization and Authentication methods
•
Easy to use
•
Large customer base
•
HW and Basic SW certified at EAL 4+ (1) Vodafone’s Mobile Digital Signature solution takes PKI security to the mobile world
Mobile Electronic Signature 3 8th ICCC, Rome, 26th Sept 2007 Versión 1.0
(1) Certifications ID BSI-DSZ-CC-0353-2005
And
TUVIT-DSZ-CC-9253-2006
Why the mobile, why in the SIM?
HANDSET WITH MOBILE ELECTRONIC SIGNATURE =
-
PC
-
INTERNET CONNECTION - SCREEN - KEYBOARD - CARD + READER or - SW CERTIFICATE
4
Directive 1999/93/CE RD 14/1999 34/2002 IS Law 59/2003 ES Law
DNIe Apps without certificate PIN as secure method
1999
Mobile Electronic Signature Mono CA applications CA’s set up
Mobile
Multi CA applications
Electronic Signature
Coordinates cards Certificate’s usage
2001 2003 2005
8th ICCC, Rome, 26th Sept 2007 Versión 1.0
2007
Transaction flows
or “SERVICE PROVIDER ”
• • • 5
Certificate strength resides in the CA
The ENTITY signs with VODAFONE for the service and pays a connexion fee to the Platform, as a variable entrance gate to the service; the fee includes a number of transactions
Vodafone acts as a intermediate between the Service Provider and the
The END USER signs with Vodafone for the service and pays an entrance fee
CA, adding the mobility value
The ENTITY pays Vodafone for each sign transaction. The END USER pays VODAFONE for each
The Service Provider builds its own services on top of the Mobile Electronic Signature
The END USER has a commercial relationship with the ENTITY or is an employee or citizen Mobile Electronic Signature 8th ICCC, Rome, 26th Sept 2007 Versión 1.0
Is it worth to work on SIM Security?
•
High penetration (> 107% in Spain)
•
Intrinsically secure at Operator’s degree
•
Room for several certificates
•
Increasing processing capacity, Java Cards and crypto-coprocessors
•
Increasing importance for Operators
–
m-Payment
– –
Mobile TV Trusted applications
–
DRM
–
Access to other networks
Mobile Electronic Signature 6 8th ICCC, Rome, 26th Sept 2007 Versión 1.0
Proposals for Mobile Digital Signature ramp up
•
In order to realise the business opportunities for the Digital Signature in the mobile world, we recommend the Common Criteria Forum to work on:
•
Speed up the certification process and time
•
Adapt and make more flexible the certification process We propose the CC World to define a specific approach to the SIM Certification in order to realise all the business opportunities that are ahead
7 Mobile Electronic Signature 8th ICCC, Rome, 26th Sept 2007 Versión 1.0