Seamless Authentication
Download
Report
Transcript Seamless Authentication
Payment and Access through the
Mobile Phone
Josef Noll1,2, Erzsébet Somogyi3, Gyorgy Kalman1, Ola Høiby1
1UniK, 2Telenor
R&D, 3Canaldigital
[email protected], [email protected], [email protected],
[email protected]
1
Payment and Access
2.6.2006 Josef Noll
Payment and Access
2.6.2006 Josef Noll
2
Leading questions
• What do I fear?
– That somebody steals my identity and I can't do anything about it.
– That biometrics takes it all.
• What can I use to make life more comfortable?
– Reduce number of “secure devices” I have to carry (BankID,
Telenor Sharepoint ID, keys, money, credit card, …)
– Have a device which is secure (enough).
• Why is my phone the security infrastructure?
– Because I can ask Telenor to block it, if it gets stolen.
– Because it is not an insecure Microsoft device.
• What challenges does Telenor face, when it comes to
authentication and security?
Payment and Access
2.6.2006 Josef Noll
3
B3G: Device, Networks, Services
original: Eurescom P1145 “Beyond 3G” (2001)
B3G:
Personlised broadband
wireless services
3G:
Multimedia communication
2G:
Mobile telephony, SMS, FAX,
Data
1G:
Mobile telephony
1970
1980
1990
2000
2010
EAP/SIM, Telenor demo at the
GSM world congress
Beyond 3G:
• Personalised Broadband
Wireless Services
• Personal and
Public Devices
• Personal Area
Network (PAN)
• Roaming access
across networks
public
Mobility:
GSM/GPRS/UMTS
GSM/GPRS,
Mobile IP,
n.n.
hot-spot/
corporate
BSC
HA, FA
Wireless
LAN
PrivatSupport
homeNT(1)
xDSL,
cable
Payment and Access
2.6.2006 Josef Noll
Ethernet
Wireless
Ethernet
4
Agenda
“Payment and Access"
• Seamless SIM access in wireless systems:
– Near Field Communication (NFC)
– Bluetooth, Wifi,
– GSM/UMTS
• Service access examples
Seamless access to home content: my pictures, my music
Community services: Contact information
Bank transactions: SIM & PKI
• Supported by demonstrations
Payment and Access
2.6.2006 Josef Noll
5
Device Authentication
SIM with
NFC & PKI
Payment and Access
2.6.2006 Josef Noll
6
New role:
Telenor as authentication provider
Seamless
authentication
Service
access
Physical
access
Payment and Access
2.6.2006 Josef Noll
Home access,
.mp3, .jpg
VPN
7
Example: Picture gallery
“your content, independent of the device”
• Access from “anywhere” and “any device”
• Supports mobile and home network access
• Identifies user through WAP gateway
– Alternative: username/password
• Identifies device through WAP gateway
PC
Payment and Access
2.6.2006 Josef Noll
mobil
8
Banking from the mobile phone
Security considerations
• Equally secure as SMS (get
your account status)
Welcome Josef:
SIM authentication
• Easy to use
• Advanced functionality
through PIN (if required)
Seamless phone (SIM)
authentication
• Advanced security when
required
– BankID or
Advanced
functionality
Information:
Using SIM,
no customer input
required
BankID or PIN
(double security)
Transfer,
payments
Account status
– PIN
Payment and Access
2.6.2006 Josef Noll
9
MyBank example:
Banking from the mobile phone
User incentive:
• “My account is just one
click away”
• “enhanced security for
transactions”
Phone (SIM)
authentication
Level 2 security through
PKI/BankID/PIN?
Payment and Access
2.6.2006 Josef Noll
10
Community service:
Contact info
User incentive:
• “change your phone, and
miss your contacts”
• “my wife has the phone
number, not me”
Contacts database in Wap
• Each member with specific
addresses
– Child: family, friends
– Mother: family,
companies, her friends
– Father: family, companies,
work
Payment and Access
2.6.2006 Josef Noll
11
NFC activities in Telenor R&D
• RFID card in 2007?
• Tests in OSL and
Arlanda
• RFID cards
• Think
• Tromsø life trial: Tromsbuss
• Payment on coffee machine
• Payment, Entrance
• Registration of containers
Payment and Access
2.6.2006 Josef Noll
12
Current prototype:
SMS key access
Service Centre
1) Send SMS
Application
2) Send service
to phone
3) Send info
to recipient
4) Enters house
with NFC access
Payment and Access
2.6.2006 Josef Noll
13
SMS key access
How does it work?
• “Josef” want to gives access
to “Inge” to his home
• He registers Inge as a legal
recipient “reg Inge
90025643”
• Sends Key to Inge’s phone
“rfid number lock date time”
– Access is only granted to
“known” people
– Other formats also okay
• Inge receives welcome
message and key
• Inge opens the door
Payment and Access
2.6.2006 Josef Noll
14
NG interactive TV
It’s me, get my services
(seamless authentication)
Remote control
Extra channels
Payment and Access
Extra information,
IP services:
http://JamesBond.com My personal EPG
2.6.2006 Josef Noll
15
Conclusions
• “The last time we were
connected by a wire was
at birth!” [Motorola]
• All services from your
mobile
– Music
– Pictures, addresses, …
• Seamless service access
– Personalised
– Adapted to device
• Payment and access
through NFC
• Telecom as
authentication provider
Payment and Access
2.6.2006 Josef Noll
16
Authentication
Knowledge based: Username/password
authentication
• Widely used
• Not comfortable
• Bad passwords, not secure
Seamless authentication
Knowledgebased
• Comfortable
• Trusted third party might
be needed
Seamless
authentication
• Security issues
Biometric
Property-based
Payment and Access
2.6.2006 Josef Noll
17
Seamless authentication with WAP
Mobile network
Internet
WAP
gateway
HTTP request
WAP
94815894
byte stream
HTTP request
Hash
Phone
HTTP
cTHG8aseJPIjog==
.wml
.xhtml
Server
Pictures for ’rzso’.
Password:1234
sID: cTHG8aseJPIjog==
Payment and Access
2.6.2006 Josef Noll
18
Challenges:
Standardisation of NFC/SIM connection
• Major challenges
• Communication with
SIM card
NFC
communication
unit
NFC
reader
• Set-up of other
communication (WLAN,
Bluetooth,…)
• Phone compatibility
NFC2SIM
SIM
Smartcard interfaces
ISO/IEC 7816
Payment and Access
2.6.2006 Josef Noll
19
Future ideas:
DRM handling
1. Request for home content
Internet
Internet
4. Request DRM key
for selected content
NFC
communication
unit
NFC2SIM
3. Streaming of
encrypted content
NFC
5. Return DRM key
2. Seamless authentication and
redirect to personalised content
SIM with
DRM keys
Home access,
.mpg, .mp3, .jpg
Payment and Access
2.6.2006 Josef Noll
20