Project: Virtual Secure Authentication with the Mobile devices: Cost Effective PKI enabled Security with Multi-platform Authentication
The ambition of ViSAM is to provide a virtual functional equivalent to all Smart-Cards: it is a Virtual Smart Card in a Mobile Device. Instead of carrying numerous plastic cards, as many people do, ViSAM, implemented on Smart-Phones, PDAs or any mobile device, will allow for a single device to access all the services available through Smart Cards (One Time Passwords, private PKI keys, etc.). ViSAM intends to be an early player and leader in the present trend leading to digitalize (make virtual) the tools used for transaction authentication._x000D_
_x000D_
The CO present threats are cyber-crime, phishing (the number of incidents has doubled) and identity theft. Institutions (financial, e-health, e-government, etc) need to give their users tools (a Smart Card, or similar) to ascertain their identity, but users hate carrying more cards and tokens with them ._x000D_
ViSAM wants to fulfil these two requirements with the use of Mobile devices to hold all the credentials in a single device the users carry with pleasure (phone or PDA).ViSAM will link a computer, a server and a mobile device through a secure channel, to authenticate the user that intends to access to confidential data or perform a risky operation in a remote server. Mobile devices are a good support: widely used, simple, secure and affordable tools to emulate all functions of the crypto-smartcard and other credential storage devices. _x000D_
_x000D_
ViSAM is in line with:_x000D_
- The future Internet,_x000D_
- The evolution of mobile phones,_x000D_
- The spread of Internet usage in many areas._x000D_
_x000D_
Our goal is to combine the three following technologies to obtain a reliable, user friendly authentication system:_x000D_
- Mobile phones have advanced very quickly, which has enabled the development of technologies that can be used by third party service providers to create new services. _x000D_
- Electronic signature has got the legal recognition and is becoming a reference technology for strong authentication (PKI system). _x000D_
- Multi-modal biometric user identification, this technology will allow authentication of the owner of the mobile phone with the 3rd factor «what I am» in addition to the other two: “what I know” (the mobile device PIN), and “what I have” (the mobile device itself)._x000D_
At the end we will achieve the integration of PKI e-signature certificates and private keys on mobile devices. The CO result of this project is the development and testing of a prototype of a simple application to provide secure access (with e-signature) to Internet services (e-administration, e-government, e-banking …) or local authentication. _x000D_
_x000D_
The impact of the project will be to transform the mobile device into a strong authentication tool that grants users access to a range of value-added services (online payment, signature of documents/forms and encryption of personal data…). _x000D_
_x000D_
Technically it will lead to the specification of a communication protocol between end user PC, trusted application service and mobile phone (authentication and e-signature) at the convergence of the Internet and mobile phones._x000D_
This impact will be highlighted through the participation into standardisation groups. _x000D_
_x000D_
Economically the project will act as an accelerator for services based on e-signature. ViSAM will help to overcome the most important barriers to the wide deployment of e-signature in B2C applications, and enable the emergence of a new economic concept for the distribution of secure value added services via Internet and mobile phone._x000D_
_x000D_
The CO characteristics of the Consortium Ps are the complementarity of their technological and R&D experience in the various technologies to be deployed:_x000D_
1. MEDISCS (LEADER): IT security company with expertise in trust architecture (identity-based PKI, SSO, identity management, 3DSecure payment …), software protection and mobile devices (CD, CD card, DVD, USB key) to protect personal information. It will contribute with its experience in use mobile devices as a secure storage of personal access control credentials. MEDISCS has knowledge in Identity Management and authentication including Liberty Alliance, Shibolleth, OpenID specifications and SmartCard authentication._x000D_
_x000D_
2. SeMarket, Spanish Co in the development of downloadable & portable Midlets, the integration of applications on mobile devices and Multi-modal biometric identification (face, voice, fingerprint, etc.). It will contribute also with its experience in geolocalisation and other web services, Identity management (federated, SSO, etc), Liberty Alliance protocol security, PKI and certificate validation.
|
Acronym
|
ViSAM
(Reference Number: 4807)
|
|
Duration
|
01/06/2009 - 01/06/2011
|
|
Project Topic
|
PKI is an established standard but not widely adopted. Implementing a flexible framework to incorporate PKI and biometry on mobile devices will allow enterprises to provide cost effective and usable means to implement secure authentication channels in e-banking, e-government, e-commerce and e-health
|
|
Network
|
Eurostars
|
|
Call
|
Eurostars Cut-Off 2
|
Project partner
