D3.3: Study on Mobile Identity Management

Study on Mobile Identity Management WORKS

The key element is a set of functional components that are integrated in a personal token, in the shape of a credit card – AXS-ID-Card – that people can carry in their wallet or that can be attached to other personal belongings like a PDA or a Handy. It enables the owner to prove his identity anytime and anywhere at physical gates and inter- or intranet portals through an optical and/or RFID interface. The device also allows him to generate a digital signature code or to get remote access to an encrypted database with personal data, e.g. for E-health applications.

Figure 5-8: The AXS-ID-Card

The AXS-ID-Card works with a simple user interaction protocol:

1. 1. The user requests login to a closed site that is protected by the AXS-authentication scheme. The site sends a message including a crypto-container with the one time password directly on the screen in form of a flickering code.

   2. The user starts the card to authenticate him by sweeping a finger over the sensor. On power up the card displays information that defines the specific finger to sweep for the actual authentication. Only the authorised user can link the displayed information with the right finger (user secret) 

   3. The card verifies the user’s identity matching the acquired fingerprint pattern with the stored template of the requested fingerprint. 

   4. The user reads the message with the encrypted challenge from the screen holding the card over the flickering code. The card links the received crypto-container with the corresponding key in the card that has been allocated for the specific site to decrypt the challenge. 

   5. The card displays the decrypted OTP (One Time Password) on the card display;  

   6. The user returns the OTP to the authentication server of the protected site to get access. 

This authentication protocol can be used independently by different authentication servers. At initialisation of the AXS-ID-Card a set of yet inactive keys are stored inside the card. The physical card represents thus a container for an in principle unlimited number of independent identity credentials that may be used for authentication in different networks. At the time of enrolment the user gets the corresponding certificates for the stored identity credentials. He may deposit these certificates at a certification authority of his choice for later distribution or he may deliver certificates one by one to the authentication servers of the networks he wants to be registered as authorised user. This scheme allows him to realise Single Sign On (SSO) and/or federated identities without compromise on privacy or availability. The network operator that receives a certificate from a user who wants to register for the network services must only trust that the provider of the card runs a proper enrolment process.

Functionality of the

The AXS-Authentication Platform™ builds up on a proprietary technology with open interfaces respecting the upcoming standards in the field (WSS, SAML of OASIS). The AXS-ID-Card is an interface device which identifies, on one side, the authorised user with a two or three factor authentication. On the other side, it connects to digital networks through optical, acoustical, electronic or RFID-NFC (Radio Frequency Identification- Near Field Communication) interfaces. The optical (and optionally the acoustical) interface provides a one way input channel. The return channel goes via an LCD display to the user and then via keyboard back to the server. The implemented functions are:

1. Online authentication of user 

Verification of a user identity (authentication) with a challenge response protocol that provides a unique one-time PIN- or pass-code that can be submitted from any terminal in the world  

1. Server identification, prevention of phishing attacks 

Verification of the server identity through the user with a simple optional add-on to the basic protocol; prevention of phishing or other forms of man-in-the-middle attacks with a simple modification of the basic protocol delivering some additional information to the user enclosed in the crypto-container that is not accessible to the man-in-the-middle attacker. 

1. Provable transaction signature 

Digital transaction code related to a document proofing mutual agreement on a transaction between provider (server) and user (card holder) 

1. Privacy secured database access 

Storage and retrieval of a key giving access to encrypted private data on a centralised database 

1. Privacy protecting roaming between service networks 

Different unlinked pseudonyms for the authorised user on the same card available (actual up to 15 virtual cards enclosed in one physical card, may be extended to much higher numbers), user determined disclosure of identity information 

1. Tracking, licence control etc. 

Several other functions can be implemented on the system without altering the basic technology, e.g. the link of a SW-licence to the user, user controlled passive tracking of the card inside a building with the RFID tag (the default setting for the tag is mute). 

Fulfilment of requirements for mobile identity management

The AXS-ID-Card is an autonomous mobile authentication token (see section 2.8) that fulfils the requirements of section 2.1:

1. Identity Administration (requirement I): The card stores an arbitrary amount of independent unlinked digital identities which can be used with pseudonyms and different profiles. Through the optical transmission channel, a server can also send an application specific credential directly into the card that the user can present in an appropriate situation (e.g. digital ticket in form of a 2D-barcode on the card display) 

2. Notice (requirement II): For each digital identity the card logs the most recent transaction history 

3. Control (requirement III): The user has full control on all interfaces including the RFID communication channel, which can be switched off whenever the user wants to avoid the traceability of the card. The user can prove to a third party that he has been authenticated by his AXS-ID-Card without disclosing any relevant identity information. A trusted anonymity within the set of users that have an AXS-ID-Card can be achieved through this mechanism.

4. Security (requirement IV): The AXS-ID-Card provides authentication and transaction certification protocols that are secure and integer at the level of today’s strong asymmetric cryptography. The availability is achieved with the communication channel over the computer screen to deliver a crypto container into the card and the on card display for the user to be returned over the keyboard.

5. Privacy (requirement V): The user has always the full control over the AXS-ID-Card communication. No personal identity information is ever disclosed by the card. The certificates that are linked with the independent internal identity credentials (keys on card) contain no personal information. The only deliver the proof that a specific credential will represent an identity that is linked with one AXS-ID-Card. The user then is free to deliver additional personal information to the operator.

6. Interoperability (requirement VI): The AXS-ID-Card is a container for multiple digital identity credentials. SSO and federated identities are realised directly on the card

7. Trustworthiness (requirement VII): The editing certification authority provides each card with a number of digital identity certificates. The card hardware will be certified for its tamper resistance. The card allows mutual authentication between server and user. All implementations of the mechanisms follow open standards for Web services (W3C and OASIS standards). 

8. Liability (requirement VIII): There are protocols that allow the generation of digital signatures and non-repudiation transaction codes. Inside the card there is a limited transaction log that may be read out with the explicit consent of the user. 

9. Usability (requirement IX): The user interface of the AXS-ID-Card is reduced to a few key functions. Most of the security functions are hidden from the user. The handling of all credentials are done directly in the card, there is no exchange of identity information between different operators. This reduces the complexity of a federated identity management system tremendously.

10. Affordability (requirement X): The AXS-ID-Card uses no licensed software. Its cost is in the same range as other authentication tokens (SecureID, Vasco cards etc). As far as possible open source building blocks arte used for the AXS-platform and its integration.

Summary

The AXS-authentication scheme is a novel approach to generate a tide link between a physical person and its digital identity. The introduction of a dedicated personal device that serves as a portable electronic identity credential manager in form of a thick credit card allows accomplishing requirements for privacy enhancement, security and availability without compromise. The scheme is flexible to adapt for future needs like large scale federation of identity management or the integration of extranet access management, intranet login and physical access control in one IMS. The risk of identity theft at large scale is reduced as there are no high risk centralised repositories with personal identity information. It also eases the response to future social engineering attacks as an attack has to be executed card by card and thus can not be automated. The AXS scheme hereby shows how biometrics can be included in the authentication process without a high risk for the privacy of the users.