OpenID is an industry initiative to allow individuals to use the same username
and password at many different websites. In the concept application, Gemalto and
Vodafone combined the ease of use of OpenID, which does not require any software
installation on the end-user`s computer, and the security of smart card-based
two-factor authentication.
The innovative concept provides for greater personal identity protection when
accessing websites. The user has the ability to prove their identity (i.e.,
authenticate) by entering their username and password or using two-factor
authentication with a physical device (e.g., a mobile phone or a USB token). The
identity application provides remote strong authentication services over IP
networks, wired or wireless, to allow secure access to the federated websites.
For example, the authentication can be provided by the Universal Integrated
Circuit Card (UICC), a high performance smart card that can host GSM SIM and 3G
UMTS applications together with additional value generating applications. | The
identity application located in the UICC enables the end-user to access the
Internet using a PC and obtain strong authentication of his/her OpenID from the
UICC, which can be either located in a cell phone or in a Gemalto smart dongle
connected to the Internet.
The identity application communicates with the UICC service using SIP (the
Session Initiation Protocol, an industry standard broadly used in
Voice-Over-Internet communications, in Internet chat and in other Internet
Multimedia applications) to authenticate users with either a public key
infrastructure (PKI) or a one-time password (OTP).
"Remote authentication is a new idea leading to great opportunities for
operators, such as the possibility to offer digital signature as a service to
Internet providers using the secure UICC platform already present inside our
customer`s mobile phones," said Patrick Waters, head of enterprise research
program, Vodafone Group R&D. "We see many possibilities for its everyday use."
"This application enables innovative digital | security solutions to take
advantage of personal identity features while at the same time better protecting
these personal identities," said Jean-Louis Carrara, vice president of Gemalto`s
North American telecommunications business unit. "Wireless operators can now
take advantage of their formidable identity management capability and of their
customer-centric infrastructure built around UICC cards, using them as
IP-networked cryptographic computers that enable secure services, with single
sign-on for their converged services and authentication-as-a-service for
corporations and external service providers."
Gemalto`s and Vodafone`s IDDY award was announced at CSO magazine`s Digital ID
World 2009 in Las Vegas, Nevada. Previous winners of the IDDY include Aetna,
Citi, Deutsche Telekom and NTT Labs. The IDDY program is part of the Kantara
Initiative, a global identity community working to solve harmonization and
interoperability challenges among identity-enabled enterprise, Web 2.0 and cloud
applications and services. |
