id-cloud message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [id-cloud] Mobile ID
- From: chris.kappler@pwc.be
- To: Anil Saldhana <Anil.Saldhana@redhat.com>
- Date: Mon, 13 May 2013 21:09:11 +0200
The official name for the attribute is
IMEI number. This is a unique number
Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click here
From:
Anil Saldhana <Anil.Saldhana@redhat.com>
To:
id-cloud@lists.oasis-open.org
Date:
13/05/2013 21:00
Subject:
Re: [id-cloud]
Mobile ID
Sent by:
<id-cloud@lists.oasis-open.org>
On 05/13/2013 01:47 PM, chris.kappler@pwc.be
wrote:
All,
As requested a short description of the mobile authentication we use.
The goal is to identify a user using a secure channel.
The channel itself is set up by sending a hash consisting of the combination
of the phoneID and the simcard serial number.
What would the phoneID be? Similar to Apple iPhone UDID?
I was told that there really is no unique id for a mobile device.
The reason we picked those attributes
is because they are common to all manufacturers and all carriers. They
can also be obtained in the same manner independent to a manufacturer and
carrier.
The hashing is done so none of the info is send into clear text over a
carrier.
There's 2 ways of provisioning:
* Either the device is company owned and then the hash result is directly
inserted in the system
* Either the device is not company owned and then the hash is sent out
at first installation by a secure channel.
Once a secure channel is established user authentication is done by means
of a certificate and pin.
Regards,
Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click here
*Professional Mail*------------------------------------------------------------------------------------------
This e-mail is intended only for the person to whom it is addressed.
If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not
the intended recipient you must not use, disclose, copy, print or
rely on this e-mail.
PwC may monitor outgoing and incoming e-mails and
other telecommunications on its e-mail and telecommunications systems.
------------------------------------------------------------------------------------------
*Professional Mail*
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]