Mobme brings mobile SIM based digital signatures to India – Three things you must know
Kerala based mobile startup, Mobme is bringing mobile based digital signatures to India. The company has partnered with Gemalto, the Dutch security leader and Valimo Wireless Oy of Finland to roll out mobile digital signatures for secure logins and transactions.
The deal was announced in Paris at the Cartes 2012 conference earlier this week.
Once a signature is created on a SIM, end users are only 4 digits away from signing up to new services and contracts. The service is being branded as Mobile Express. We think that this is a big deal (Read the quick Q&A with CEO of Mobme’s VAS and Netsol division, Sony Joy below to find out why) but a lot of the non existent partner ecosystem will have to be built before we see end use of this technology.
Here’s how its supposed to work:
We asked MobMe’s Chief Executive Office Sony Joy three questions and here are the edited excerpts
Pi: What is the underlying technology?
Sony Joy: Underlying technology is Wireless PKI. Basically there is an application embedded on the SIM which generates & stores the Key Pair
of the Digital Signature. The SIM is also different from the normal ones, in fact it has got a Crypto Processor that essentially keeps the environment completely independent of the Mobile Handset. The SIM acts as the secure element. All communication happens over Binary Encrypted text messages that interact directly & only with the SIM. From a user perspective, all you need is a 4 digit personal identification number, to digitally sign anything. And that PIN is stored only on your SIM & not uploaded into the cloud, keeping it out of reach from even the telecom operator, bank, certifying authority, us or any other entity connected to this infra. It is 100% handsets supported & no need of internet. And SIM acts as a hardware secure element. In Estonia, voting is enabled over this & in Finland you can apply for home loans over this.
Pi: What are the use cases?
Sony Joy: Use cases are only limited by your imagination. Essentially anything that you can do or authorize in real world with your signature, we can implement over this. The advantages are non-repudiation & legal validity as per IT acts 2000. In a digital world, everyone needs a digital identity. An average American internet user today has 26 different online accounts & 5.5 different passwords. This is definitely not a scalable model especially when huge central password repositories are getting hacked every other month!
Imagine being able to login into your social networks, your mailbox, your online banking portal, e-commerce websites etc with just your Mobile Number entered on the computer, a signing request comes on your phone & just a 4 digit PIN needs to be entered on your mobile.
This will have applications in mHealth where Doctors can now sign prescriptions digitally & remotely, which was the whole bottleneck for tele-medicine till date, in a country where there is shortage of millions of doctors.
Anything in Government system needs signature, so the possibilities there are endless. Everything from applying for a Passport to filing Birth Certificates in Hospitals to Digital File Management in Offices.
Non-repudiation is the need of the hour for m-trading to take off on tablets/mobile devices. In Banking, signing an e-cheque is as good as NEFT. A mobile handset will double up as the PoS machine capable of receiving payments.
Today RSA Tokens are used to login to Corporate VPNs by all major enterprises. The need to carry around that extra device & additional cost to the employer can be avoided. That too with more security.
The ‘I agree to Terms & Conditions’ check-box on web pages is not exactly legally valid in a court of law. You will need Digital Signatures in this context as well.
For the telecom operator, just like Voice, SMS & Data, a 4th core service is going to open up which is Mobile Identity (Authentication) & Authorization.
Pi: Aren’t there already players providing digital certificates like e-mudhra and others?
Sony Joy: Yes, but not on SIMs. Currently on USB’s the total Digital Signature penetration in India is around 3.5M. Putting it on the SIM is the only scalable way to reach out to 100s of Millions of prospective users. We’ll be partnering with leading Certifying Authorities in India to issue Class-3 Digital Signatures.