Pseudonymous Mobile Identity Architecture Based on Government-Supported PKI
An electronic ID scheme must be usable in a wide range of circumstances, especially in ordinary situations, such as proving your right to a concession ticket on a bus. One of the problems to be addressed is privacy. Indeed, when documents are read by electronic means, a lot of information is not only revealed, but can be copied, stored and processed without our consent. Another issue is ubiquity, reliability and acceptance of the involved technology. In this paper we attempt to address these issues by combining an officially recognised national mobile e-ID infrastructure with identification procedures based on controlled identity revelation. We report a prototype implementation of an identity tool on a mobile phone with a PKI-SIM card.
Unable to display preview. Download preview PDF.
- 1.Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference, pp. 74–88 (2005)Google Scholar
- 2.McEvoy, N.A.: e-ID as a public utility. Consult Hyperion, Guilford, UK (2007), http://www.chyp.com
- 3.CEN/ISSS Workshop eAuthentication: Towards an electronic ID for the European Citizen, a strategic vision. Brussels (2004) (accessed 10.10.2007), http://europa.eu.int/idabc/servlets/Doc?id=19132
- 4.The European Parliament and the Council of the European Union: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal L 013, pp. 0012–0020 (2000)Google Scholar
- 5.Population Register Centre of Finland: What is the citizen certificate? Helsinki, Finland (2005) (accessed 10.10.2007), http://www.fineid.fi/vrk/fineid/home.nsf/en/products
- 6.ICAO: PKI for machine readable travel documents offering ICC read-only access, version 1.1. Technical Report (2004)Google Scholar
- 7.Witteman, M.: Attacks on digital passports. Talk at the What The Hack conference (2005) (accessed 10.10.2007), http://wiki.whatthehack.org/images/2/28/WTH-slides-Attacks-on-Digital-Passports-Marc-Witteman.pdf
- 8.Hoepman, J.H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.: Crossing borders: Security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 9.Roussos, G., Peterson, D., Patel, U.: Mobile identity management: An enacted view. International Journal of Electronic Commerce 8, 81–100 (2003)Google Scholar
- 11.The Royal Academy of Engineering: Dilemmas of privacy and surveillance: Challenges of technological change. The Royal Academy of Engineering, 29 Great Peter Street, London, SW1P 3LW (2007)Google Scholar
- 12.ABI Research: Twenty percent of mobile handsets will include near field communication by 2012. London, UK (2007) (accessed 10.10.2007), http://www.abiresearch.com/abiprdisplay.jsp?pressid=838
- 13.Java Community Process: Contactless Communication API, JSR 257, v. 1.0. Nokia Corporation, Espoo, Finland (2006) (accessed 10.10.2007), http://www.jcp.org/en/jsr/detail?id=257.
- 14.Java Community Process: Security and Trust Services API (SATSA) for JavaTM2 Platform, Micro Edition, v. 1.0. Sun Microsystems, Inc., Santa Clara, CA, USA (2004) (accessed 10.10.2007), http://www.jcp.org/en/jsr/detail?id=177
- 15.IBM Zurich Research Laboratory: JCOP Tools 3.0 (Eclipse plugin). technical brief, revision 1.0 (accessed 10.10.2007), ftp://ftp.software.ibm.com/software/pervasive/info/JCOPTools3Brief.pdf
- 16.Santesson, S., Polk, W., Barzin, P., Nystrom, M.: Internet X.509 public key infrastructure qualified certificates profile. Network Working Group, Request for Comments 3039 (2001) (accessed 10.10.2007)Google Scholar