IDENTIFY CUSTOMERS IN THE DIGITAL WORLD
Our deliverables – card, applet and dedicated OTA features – are a part of a full Mobile ID solution. We work together with our TCP and CA partners whenever required for a turnkey approach or connect to third parties projects as well, in order to work together with MNOs, trusted services providers (TSM) and governments on their mobile identity initiatives.
Valid’s Mobile ID service provides mobile users with a secure mechanism to identify themselves to any participating electronic service providers. The secure procedure includes trusted parties that can authenticate the identity of subscribers through the cryptographic certificate that is embedded on their card.
The card contains strong crypto features, an applet with belonging UI and secured OTA connection to 3rd party Trusted Service Providers.
Among the main features, we will highlight:
- High security
- Standardized Java Card USIM operating system with crypto API
- Wireless PKI applet with support for signature and encryption
- SIM card securely holds keys and certificates
- Applet will prompt user for PIN verification before accessing private keys
- Applet communicates directly with Trusted Service Provider using secure SMS between a card and the OTA while using HTTPS based Interface between the OTA and the TSM.
- On Board Key Generation
- Register OTA Client Action
- Signature and Authentication Action
- Registration Action
- Unblock PIN Action
- Echo Action
- Change PIN Action
- Update ARA-M/ARA-C Action
- Update PKCS#15 Action
- Campaign management – for applet updates needs
As part of Valid’s OTA Connectivity Suite services, the Mobile ID relies on it for common framework features (provisioning, reporting and similar).
Depending on the customer, the experience will differ. Let us therefore elaborate on typical roles and contributions within the Mobile ID ecosystem.
Trusted party services providers relies on Valid’s solution to offer identity verification services. Operates the TSP Solution.
Certification Authority (CA)
The entity that generates and signs the ID certificate for each user. Could be an existing trusted CA in the country of operation. Valid can also supply a CA solution for use specifically with the Mobile ID solution.
Issues the Mobile ID SIM
Note: A single entity can fulfill multiple roles. For example, a MNO could also be a TSP and a CA.
A typical use case can be described as:
- User accesses a web site of a Mobile ID participating service provider
- User is requested to enter their phone number or user name
- The service provider sends the phone number to the TSP
- The TSP checks with the CA if the user has a certificate and that it is valid
- The CA responds with the certificate validity
- The TSP sends an identification enquiry to the MNO
- The user’s mobile displays the identification request
- The TSP sends a verification code to the service provider
- The service provider displays the verification code to the user
- The user checks the verification code and accepts the identification request
- The user enters their PIN to authorize the identification request
- The generated signature is sent to the TSP
- TSP confirms the identity
Depending on the role taken, the benefits might come from different revenue sources:
Earns a fee for each ID verification transaction
Earns a fee for each certificate issued
Mobile Network Operator (MNO)
Earns a fee for each SIM issued. Reduced churn due to service importance.
Main Benefits of this solution to MNOs:
- Trust from subscribers
- Revenue from every authentication
- Revenue from every subscription
- Potential partnership with banks and governments
Main Benefits for end-users:
- Easy and secure banking, election voting, document signing and other electronic identity services
- Simple to use
- Phone authentication (compared to physical identification tokens)
- No need to remember multiple complex passwords