New White Paper Highlights the Value of Standards-Based Technologies to Mobile ID Deployments

As the use of mobile devices for all kinds of transactions grows on a daily basis, the need for reliable and secure identification of devices and users is growing too, and as a result more and more mobile ID applications are being deployed. The white paper, entitled ‘Mobile ID: Realization of Mobile Identity Solutions by GlobalPlatform Technologies’, discusses the importance of mobile ID applications as a means of enabling  authentication capabilities on mobile devices, alongside the essential role that the secure element (SE) and trusted execution environment (TEE) play in mobile ID architectures. The derivation and deployment of mobile ID across various applications is examined and the paper explains how credentials can be managed and implemented in a SE or in a TEE using GlobalPlatform Specifications.

With security an overarching concern for mobile ID deployments, the paper explores the value of certification schemes when providing assurance in relation to the security requirements of particular markets. It outlines how standard mobile ID applications and protocols like FIDO (online authentication), GSMA Mobile Connect (telecommunication sectors), RADIUS VPN (enterprise sectors), TLS (web authentication), PIV (U.S. government specifications), and eIDAS (EU regulation with respective ISO/IEC, ETSI and CEN standards) can be implemented on a TEE or SE, in order to securely store credentials, protect applications, or secure the mobile device user interface.

The paper concludes with a comparison of different implementation scenarios for mobile ID solutions based on the rich execution environment (REE), SE and TEE. This offers an insight into which platform(s) are the most suitable to meet the needs of specific markets and applications.

“Mobile ID service providers have to make many decisions when shaping a successful deployment. One of the most important is which combination of execution environments will best fulfil the needs of the application in regards to viability, security, deployment, and usability,” says Kevin Gillick, Executive Director of GlobalPlatform.

“GlobalPlatform’s standardized secure components, the TEE and SE, enable mobile ID applications to be implemented in a secure way and are essential to fulfill specific privacy and security requirements. GlobalPlatform technologies can also be used in combination with a REE, controlled by a Rich OS. Depending on the application, the single use or combination of these three elements can address the varying requirements of mobile ID schemes.

“With ongoing growth in mobile ID deployments and use cases, GlobalPlatform provides an established infrastructure for service providers which assures interoperability, consistency and enables implementation of end-to-end solutions in a secure and certified way. Through this paper, we aim to educate relevant stakeholders that standards-based technologies, such as those specified by GlobalPlatform, provide a solid foundation for the realization of further growth in the global mobile ID market.”

Neueste Artikel

Städte und Gemeinden sehen auch nach den Ergebnissen der Neuauflage des Zukunftsradar Digitale Kommune im Jahr 2019 einen hohen Nutzen durch die Digitalisierung. Gleichzeitig werden auch in diesem…

Die Startups in Deutschland werden skeptischer. Aktuell sagen nur noch 39 Prozent der Gründer, dass sich in den vergangenen zwei Jahren die Lage für ihr eigenes Startup verbessert hat….

Seit Mai 2019 stellt das BSI ein zweistufiges Schulungskonzept zum Erwerb eines neuen Nachweises zum IT-Grundschutz-Praktiker und IT-Grundschutz-Berater zur Verfügung. Auf der BSI-Webseite steht nun der Antrag zur Zertifizierung…