You are here: Resources > FIDIS Deliverables > HighTechID > D3.3: Study on Mobile Identity Management > 

D3.3: Study on Mobile Identity Management

Privacy Risk of User Agent Systems in WAP based Systems  Study on Mobile Identity Management
 Studies on Usability of P3P for Mobile Phones


Usability and Security for Mobile Identity Management Systems

The security of a system vastly depends on the willingness of the user to use security mechanisms (Waidner, 1998; Whitten and Tygar, 1999). Users underestimate the consequences of insufficient security. Thus they are not willing to invest a lot of effort in order to learn how to use these security mechanisms (Müller and Stapf, 1998). It can be shown that the main reason for this is the incomprehensible presentation of the security mechanisms and not the ergonomic design of their user interface (Müller and Stapf, 1998; Gerd tom Markotten and Kaiser, 2000). For example, the evaluation of the security software “SignTrust Mail”, developed by the Deutsche Post AG, has identified 120 usability problems. 89% of these identified problems have a negative effect of the system’s security (Gerd tom Markotten, 2004). Thus a test person could not reach his protection goals and broke his task off. 75% of the test persons did not understand asymmetric cryptography and therefore could not use it correctly. 

A solution is self-explanation, where two options can be followed (Simon, 1957; Balfanz, 2003). Either one develops new user-consistent metaphors or one hides security from the user altogether. The first option will be addressed by style guides to enhance the user interface and by testing security tools in order to ascertain its comprehensibility and integration. The limits for the second option have been laid by analysing the interdependency of protection goals, discovered and classified in multilateral security (Jendricke and Gerd tom Markotten, 2000). The differentiation into system-controlled and user-controlled protection goals is shown in figure 4-1. Only user-controlled protection goals and mechanisms cannot be automated while system-controlled protection goals can be hidden from the user interface. 


Figure 4-1: Implications of Protection Goals 


In the following section results on studies on P3P for mobile phones will be described as an example of the usability of security tools for mobile devices. The ongoing research on usability of identity management systems for the mobile user will be introduced by identity management mock-ups for mobile phones. 


Privacy Risk of User Agent Systems in WAP based Systems  fidis-wp3-del3.3.study_on_mobile_identity_management.final_04.sxw  Studies on Usability of P3P for Mobile Phones
17 / 36