The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Wireless' Mobile Signatures Provide Anonymous Age Verification With Certification on Demand

The financial sector is searching for better authentication methods and mobile signatures are increasingly accepted as the most convenient and secure choice to work across different banks. Mobile signatures also provide age verification and anonymous access control. Proof that these partial authentication processes are in demand is the German government's announcement that their electronic ID cards will feature a function to use pseudonyms to authenticate oneself to an online service without revealing one's full identity.

These online services comprise gaming, betting, adult entertainment or even just an authenticated login for role playing games, where you don't need to reveal your full identity, but only make sure that nobody is pretending to login under several nick names.

Tapio Vailahti, CEO of Valimo says: "Anonymous authentication or age only verifications are one of the key future services we foresee for Mobile Signature Service Providers. There is an increasing need to ensure a range of authentication services that enable consumers to take control of their digital identity. The mobile signature in combination with a Certification on Demand service provides a sound basis to serve these partial authentication needs."

Certification on Demand combines the issuing of short-lived and anonymous digital certificates based on a person's full digital identity.

When using Valimo's mobile signature solution: Consumers receive authentication requests to the mobile phone. Valimo uses public key cryptography and an authorization process that allows only a bona-fide service provider to reach the user's mobile phone. Consumers do not need to manually copy text out of the received short message. They confirm the login or transaction by returning a digitally signed message via SMS. For each authentication event, there is an electronic record (i.e. digital signature) that can be verified by a third-party process.

The basis for verifying and validating an authentication or signing event is the temporary and anonymous digital certificate, the text that was sent to the phone, the digital signature itself.

"Valimo's mobile signatures also enables an IDP (Identity Service Provider) to issue anonymous session identities." continues Mikko Virtanen, CTO of Valimo "In this case consumers log into an IDP's website, authenticate themselves via mobile signature and then receive an anonymous session ID for continuing their browsing." This type of scenario puts the IDP in a position to leverage existing standards such as SAML and Liberty Alliance to ensure that their anonymous identities are issued to a bona fide person.

Valimo was a finalist in the category of Most Innovative Consumer Application for the GSMA Mobile Innovation Global Awards, sponsored by Ericsson during the GSMA Mobile World Congress 2008 in Barcelona.

Read the complete press release from Valimo. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I