Study on Mobile Identity Management THE NEED FOR MOBILE IDENTITY MANAGEMENT

The Need for Mobile Identity Management

Exemplary scenarios illustrate the need of mobile user’s identity and requirements for mobile identity management systems. Various mobile devices, such as mobile phones, smart cards and RFIDs as well as service architectures, such as Web Services, are considered. Ten mechanisms meeting the requirements for identity management systems are introduced and commented on with respect to mobile identity and mobile identity management systems. The first scenario on the use of a mobile identity management system using different profiles in different contexts shows the relevancy of those mechanisms especially related to mobility. In the context of mobile phones, the use of mobile identity for authorisation in GSM networks is illustrated together with a revenue model in which mobile users negotiate with service providers the sponsorship of their data transmission costs versus the disclosure of some attributes of their identity. The following scenario illustrates the conjunction of mobile user’s identity in a GSM / UMTS network for authentication and billing purposes with Web Services. Potential privacy issues and possible solutions are outlined. As part of a mobile identity, the usage of RFID tags to bridge the gap between the physical and digital world and the link with the identity of a mobile user with its consequences for his privacy are outlined in the next contribution. The risk of identity theft by an intruder between this link, is topic of the next two contributions. Various mechanisms for linking a digital identity with a person authentication purposes such as single sign-on are discussed and requirements for mobile identity management systems are derived.