The prototype of mDNI, recently presented at the Mobile World Congress in Barcelona, allows secure identification of the user by his eID data stored in the mobile phone SIM card. "The SIM cards are like small computers that we carry in our mobile devices allowing us to store information and execute applications, with the advantage of providing a high level security," explained the UC3M Professor from the Telematic Engineering Department, Celeste Campo, the principal researcher for this project which is being carried out in collaboration with Telefónica R+D and Secuware.
The researchers from this Madrid public university have made this application which is executed in a mobile phone and with which the final user interacts through a graphic interface. Its functioning is relatively simple: the system obtains the personal information and allows identification and authorization of the eID stored in the SIM card inserted in the terminal. "These data interact with services offered by the company Secuware and allow us to access the web services through authentication with the eID," explained Professor Campo.
The necessary requisites for use of this system are to have an Electronic ID, a PC with a reader for the same purpose, and an Internet connection. To be installed, the user merely has to indicate his/her telephone number and extract the eID data through a website which verifies its validity with the Internet provider for the police headquarters, checking that it has not been reported as lost or stolen. Following that, a confirmation SMS is sent to the terminal and the information is saved on an SIM card in secure files. In addition, this information is only accessible for applications with a Telefónica certificate, which will prevent access by non-authorized third parties, making it a system that fulfils all the requirements established by Spanish law regarding data protection.
Technologically speaking, this project is viable and the prototype that the researchers have developed demonstrates this fact, the researchers assert. They maintain that for it to become a reality, mainly one thing is needed: that the necessary agreements be signed with the entities which offer web services with authentication based on an electronic ID, chiefly financial companies and government administrations. In addition, this system will serve to authenticate in a secure way access to any web page, especially those of bank services, service companies, and public administrations. In fact, the proponents of this project, which is in the development phase, have already begun conversations to implant it on a global scale before its definitive launching.
A special SIM card has been designed to store new mobile phone applications.
(Photo Credit: Carlos III University of Madrid)
Another obstacle that the researchers have had to overcome involves programming. At the moment, the majority of applications which interact with the SIM card are developed in Java ME, a type of code that is not supported in Android and iPhone OS, the operative systems that have the greatest share in the current smartphones market. "For the generalized utilization of this system which we have developed it is necessary for the application to be transported to the different platforms for mobile devices, principally iPhone OS and Android, and in fact, within the agreement with Telefónica R+D we are already focusing on the latter," Professor Campo revealed. In the long term, the idea presented is that working in a SIM card would be more autonomous, and as a result, less dependent on amobile phone and which would, for example, manage its own communications interfaces.
The UC3M team headed by Professor Campo and Professor Florina Almenarez has been working in this research line since November 2007 with Telefónica R+D, where Luis Miguel Gutiérrez is in charge of the project. In addition, research fellows, Adrián Rodríguez, David Rivero and Patricia de Noriega have also worked on this mDNI prototype for the University. Within the framework of this project, several SIM card technologies have been evaluated. The most important were SCWS (Smart Card Web Server) and NFC (Near Field Communications), in SIM cards from different manufacturers and using different mobile phone operative systems. The results of the agreement between these two institutions go beyond presenting innovative prototypes such as mDNI, because they also have a professional training aspect. This research and development company from the Grupo Telefónica facilitates the complex technological infrastructure that is required to work with SIM cards with the objective of training students who are entering the job market in a way to give them a professional edge. "Proof of this," Professor Campo pointed out, "is that four of the students who had been working with a grant during these past few years are now working for Telefónica R+D on these very technologies. Furthermore, another point to highlight and which motivates many students is being able to participate in SIMagine, an international contest that awards ideas for SIM card applications."
Source: Carlos III University of Madrid