OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [id-cloud] Mobile ID

The official name for the attribute is IMEI number. This is a unique number
Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click here



From:        Anil Saldhana <Anil.Saldhana@redhat.com>
To:        id-cloud@lists.oasis-open.org
Date:        13/05/2013 21:00
Subject:        Re: [id-cloud] Mobile ID
Sent by:        <id-cloud@lists.oasis-open.org>



On 05/13/2013 01:47 PM, chris.kappler@pwc.be wrote:
All,

As requested a short description of the mobile authentication we use.

The goal is to identify a user using a secure channel.

The channel itself is set up by sending a hash consisting of the combination of the phoneID and the simcard serial number.
What would the phoneID be? Similar to Apple iPhone UDID?
I was told that there really is no unique id for a mobile device.
The reason we picked those attributes is because they are common to all manufacturers and all carriers. They can also be obtained in the same manner independent to a manufacturer and carrier.
The hashing is done so none of the info is send into clear text over a carrier.

There's 2 ways of provisioning:
* Either the device is company owned and then the hash result is directly inserted in the system
* Either the device is not company owned and then the hash is sent out at first installation by a secure channel.

Once a secure channel is established user authentication is done by means of a certificate and pin.

Regards,

Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click here


*Professional Mail*------------------------------------------------------------------------------------------
This e-mail is intended only for the person to whom it is addressed.
If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not
the intended recipient you must not use, disclose, copy, print or
rely on this e-mail.

PwC may monitor outgoing and incoming e-mails and
other telecommunications on its e-mail and telecommunications systems.
------------------------------------------------------------------------------------------



*Professional Mail*

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]