Mobile signature

From Wikipedia, the free encyclopedia

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card.


Contents

[edit] Origins of the term

mSign

The term first appeared in articles introducing mSign (short for Mobile Electronic Signature Consortium). It was founded in 1999 and comprised 35 member companies. In Oct. 2000, the consortium published an XML-interface defining a protocol allowing service providers to obtain a mobile (digital) signature from a mobile phone subscriber.

In 2001, mSign gained industry-wide coverage when it came apparent that Brokat (one of the founders company) also obtained a process patent in Germany for using the mobile phone to generate digital signatures.

MoSign project and standardization attempt

The MoSign project (short for Mobile Signature) initiated by the companies Deutsche Bank, Ericsson, Materna, Microsoft, Sema Group, Siemens and TC TrustCenter was meant to demonstrate the deployment of electronic signatures using a "mobile signing device".

The mobile signing device comprised a Siemens IC35 organizer with an integrated WAP browser and a Smart card reader. The user was meant to connect the IC35 via the IrDA interface to an internet-enabled mobile device, that would enable the IC 35's WAP browser to view WAP pages from a a remote server. To generate a mobile signature the user inserted a Smart card into the IC35's card slot. The digital keys are stored on the Smart card and the signing application was based on the WAP 1.2 Crypto SignText implementation in the WAP browser stack.

In March 2001, four German banks - Deutsche Bank, Commerzbank, Dresdner Bank and Hypovereinsbank announced that they would use the findings from the MoSign project and would develop it into a single standard for electronic signatures used in conjunction with mobile devices and financial services.

ETSI-MSS standardization

The term was then used by Paul Gibson (G&D) and Romary Dupuis (France Telecom) in their standarisation work at the European Telecommunications Standards Institute (ETSI) and published in ETSI Technical Report TR 102 203.

The ETSI-MSS specifications define an XML interface and Mobile Signature Roaming for systems implementing mobile signature services.

[edit] Mobile signatures today

Currently, GSM phones and WAP phones are mostly supporting this technology. Those mobile signature services on sim cards can be supported by almost all GSM phones, regardless of their capacity. In the near future, 3 G-phones and other portable devices will feature a similar mobile signature application.

The mobile signature is the legal equivalent of your own wet signature. The mobile signature is created by typing a secret code (i.e. your signing PIN) into the signing device (for example: your mobile phone). This secret code in combination with your key storage token (for example: SIM card) and a chosen text triggers a cryptographic algorithm to generate the (digital) signature.

Each of your mobile/digital signatures can be linked to a digital certificate (an electronic record) that vouches for your real-world identity.

Thus, the mobile signature is a unique feature for:

  • Proving your real-world identity to third parties without face-to-face communications
  • Making a legally-binding commitment by sending a confirmed message to another party
  • Solve security problems of the online world with identity confirmation.

[edit] Mobile Signature with On Board Key Generation

Turkcell is the first provider of a mobile signature service with "On Board Key Generation" functionality, which enables customers to create their signing and validation key pair, after they get the simcard. In this way GSM operators does not need to distribute signing PINs to customers. Customers can create their PIN anew, on their own.

[edit] Sources for the origins of the term

mSign: Announcement of MSign formation (in German only), 17.10.2000 http://www.golem.de/0010/10335.html

MoSign: Materna Monitor - company magazine, Dec. 2004 http://www.materna-tmt.de/.../Monitor/DE/2000/2000-4,templateId=raw,property=publicationFile.pdf/2000-4

MoSign: International Herald Tribune tech brief, 26.3.2001 http://www.iht.com/articles/2001/03/26/techbrief_ed3__67.php

MobilImza: Turkcell Mobil Imza (in Turkish), 10.3.2008 http://www.turkcell.com.tr/bireysel/servisler/asistan/Turkcell_mobil_imza

ETSI-MSS: See ETSI-MSS

[edit] External links

Mobile Signature

Qualified Mobile Signature Service providers:
Elisa (Finland)
TeliaSonera (Finland)
Avea (Turkey)
Turkcell (Turkey)
Mobitel (Slovenia)

Certificate Authorities providing Qualified Certificates to Mobile :
Population Register Center (Finland)
Halcom-CA (Slovenia)
Turktrust (Turkey)
E-Guven (Turkey)

Companies offering Mobile Signature Service infrastructure:
Valimo (Finland)
SmartTrust (Sweden)
Methics (Finland)

Companies offering Mobile Signature Applications:
Aradiom (United States)
EGA (Turkey)
BizNet (Turkey)
Eczacibasi (Turkey)

Companies offering Mobile Signature based Mobile Applications:
Aradiom (United States)

Languages