OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [id-cloud] Mobile ID


Hi Dominique,

The device authentication is done by using the hash combination which establishes the secure connection.

Once the connection is secured, user authentication is done.

Regards,

Chris Kappler
PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click
here




From:        "Nguyen, Dominique V" <dominique.v.nguyen@bankofamerica.com>
To:        "'chris.kappler@pwc.be'" <chris.kappler@pwc.be>, "'id-cloud@lists.oasis-open.org'" <id-cloud@lists.oasis-open.org>
Date:        14/05/2013 12:07
Subject:        Re: [id-cloud] Mobile ID




Per your description if I read it correctly, the sequence of authentication is as follows:
1. Device authentication occurs first
2. When device authentication validated, user authentication follows.

Is this correct?

Regards,
Dominique


From: chris.kappler@pwc.be [mailto:chris.kappler@pwc.be]
Sent
: Monday, May 13, 2013 01:47 PM Central Standard Time
To
: id-cloud@lists.oasis-open.org <id-cloud@lists.oasis-open.org>
Subject
: [id-cloud] Mobile ID


All,

As requested a short description of the mobile authentication we use.


The goal is to identify a user using a secure channel.


The channel itself is set up by sending a hash consisting of the combination of the phoneID and the simcard serial number.

The reason we picked those attributes is because they are common to all manufacturers and all carriers. They can also be obtained in the same manner independent to a manufacturer and carrier.

The hashing is done so none of the info is send into clear text over a carrier.


There's 2 ways of provisioning:

* Either the device is company owned and then the hash result is directly inserted in the system

* Either the device is not company owned and then the hash is sent out at first installation by a secure channel.


Once a secure channel is established user authentication is done by means of a certificate and pin.


Regards,


Chris Kappler

PwC | Manager
Direct: +32 2 7104176 | Mobile: +32 477 520606 | Fax: +32 2 7104299
Email: chris.kappler@pwc.be
Ascure nv
Firm legal information, click
here


*Professional Mail*
------------------------------------------------------------------------------------------
This e-mail is intended only for the person to whom it is addressed.
If an addressing or transmission error has misdirected this e-mail,
please notify the author by replying to this e-mail. If you are not
the intended recipient you must not use, disclose, copy, print or
rely on this e-mail.

PwC may monitor outgoing and incoming e-mails and
other telecommunications on its e-mail and telecommunications systems.
------------------------------------------------------------------------------------------

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.


*Professional Mail*


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]