All,
As requested a short description
of
the mobile authentication we use.
The goal is to identify a user
using
a secure channel.
The channel itself is set up by
sending
a hash consisting of the combination of the phoneID and the
simcard serial
number.
What would the phoneID be? Similar to Apple iPhone UDID?
I was told that there really is no unique id for a mobile device.
The reason we picked
those attributes
is because they are common to all manufacturers and all
carriers. They
can also be obtained in the same manner independent to a
manufacturer and
carrier.
The hashing is done so none of
the info
is send into clear text over a carrier.
There's 2 ways of provisioning:
* Either the device is company
owned
and then the hash result is directly inserted in the system
* Either the device is not
company owned
and then the hash is sent out at first installation by a secure
channel.
Once a secure channel is
established
user authentication is done by means of a certificate and pin.
Regards,
Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2
7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click here
*Professional Mail*------------------------------------------------------------------------------------------
This e-mail is intended only for the person to whom it is
addressed.
If an addressing or transmission error has misdirected this
e-mail,
please notify the author by replying to this e-mail. If you are
not
the intended recipient you must not use, disclose, copy, print or
rely on this e-mail.
PwC may monitor outgoing and incoming e-mails and
other telecommunications on its e-mail and telecommunications
systems.
------------------------------------------------------------------------------------------
|