You are here: Resources > FIDIS Deliverables > HighTechID > D3.3: Study on Mobile Identity Management > 

D3.3: Study on Mobile Identity Management

Scenario of the use of Mobile Identity Management Systems  Study on Mobile Identity Management
 Revenue Models for M-Commerce with Mobile Identity


GSM-based Mobile Identity Management

GSM’s success is very much due to comprehensive identity management based on the Subscriber Identity Module (SIM). The SIM concept, together with the supporting GSM infrastructure, provides both identity and security for accessing mobile voice and data services. With existing GSM roaming functionality, the SIM card is one of the most distributed and technologically adopted identification concepts worldwide, enabling mobile phone users to access telecommunication services in many regions all over the world: 

  1. Subscriber Identity Module (SIM) provides an infrastructure with a reliable technical foundation (e.g. Public Key Infrastructure (PKI)) 

  2. A mobile identity in this definition is inherently related to the mobile network operator business 

  3. Represents contract between subscriber & network operator 

  4. Authorises subscribers to use the network  

  5. Allows subscribers to authenticate themselves 

  6. Over 1 billion GSM subscriptions (IDs) ( 

  7. More countries with SIM infrastructure (197, May 2003) than with McDonald’s restaurants (119, Aug 2003) and more than UN member states (191, Aug 2003) 

In emerging UMTS networks, the Universal Subscriber Identity Module (USIM) will take over the SIM’s functionality and will provide enhanced security features, such as mutual authentication, in 3G networks. In this context, the following issues are part of mobility and identity research: 

Elements of a mobile identity

Mobile communication networks provide a number of services. Among them, new data services in the shape of M-Commerce applications or mobile information services are important future applications. With current mobile identification concepts, the main focus is to provide simple, easy-to-handle identities in order to technically enable secure communication and to cover billing issues. For the named data services, advanced identity concepts are needed. Unlike the static identity already implemented in current mobile networks, dynamic aspects like the user’s position or the temporal context increasingly gain importance for new kinds of mobile applications. Some of the arising questions to be answered in that context are: 

  1. What information is necessary to describe a mobile user’s identity and to represent the current mobile situation and context (e.g. location, personal and general preferences and temporal constraints) 

  2. What technical standards can be applied in order to obtain access to these different components of a mobile identity (mark-up languages, architectures, etc) 

  3. Which parties in addition to the mobile user have to be involved to form a mobile identity and how can they exchange information (e.g. mobile network operators, service or profile providers) 

  4. Will it be necessary to introduce group identities pooling single subscribers, e.g. to simplify administrative tasks 

Profile management

As a result, an advanced mobile identity is a more complex object than current SIM-centric identities. Personal information about users, collected in profiles, is used to determine the mobile identity of users. An exemplary user profile could store a user’s home and workplace locations, his daily schedule (regular trips from and to work) and so on. All this information has to be manageable by the user and must be assembled in a standardised format, such that different service providers are able to understand and utilise the information. The User Agent Profile Drafting Committee of WAP Forum/Open Mobile Alliance created a specification of a framework for conveying user agent profiles containing information on preferences and capabilities associated with users and user agents when accessing resources on Mobile Internet (WAP) sites. User agent profiles enable personalisation of sites, which is an important prerequisite for providing usability for mobile Internet devices with small displays. 

As for the management of that kind of information, there are only a few established editing concepts (they are seldom limited to text). Appropriate new ways to manage that kind of information have to be identified. Another arising question is, where and how these different time or location specific profiles will be stored. Some information may reside at the network operator side while others may be stored directly on the mobile terminal. The information may be encrypted before it is stored on the device or transmitted to the network operator. The question of profile allocation and aggregation has to be discussed. New strategies for profile management also have to include adequate privacy concepts, such as the use of Privacy Enhancing Technologies (PETs). 

Exchanging mobile identities

The current mobile identification infrastructure is used mainly by mobile network operators. As these follow more or less equivalent rules and security regulations, security concerns have only seldom been raised. For new mobile services, the identity of a mobile user is intended to be accessible by any third party that offers mobile services. In that context, new approaches to secure the mobile identity and to exchange identity information have to be outlined and discussed. The current legal landscape already limits the way of how to reveal mobile identity information. Legally compliant ways to exchange that information have to be identified and outlined. One way to address these challenges is the introduction of policies for the negotiation of exchanged information. 

Applications for mobile identities

The main application for a publicly accessible, comprehensive mobile identity is the individualisation and sponsoring of mobile business relations. If mobile network operators in cooperation with the service user are able to supply service providers with a mobile user identity including the user’s geographical, temporal and personal context and preferences, the service provider is able to extensively individualise the provided service and to provide context-aware services. The service provider could also decide to sponsor the data communications costs the user would normally have to pay. In that way, new business models can be applied in order to realise a reverse charging where service providers are paying mobile network operators in order to gain a communication channel to potential customers and to transfer marketing messages. This new business model may find its way from the mobile to the fixed Internet environment and thus have an impact on location based service related identities for this medium. Additionally, mobile government applications such as disaster management (e.g. warning people of flooding or locating them via their mobile for rescue) are based on mobile identities. 


Scenario of the use of Mobile Identity Management Systems  fidis-wp3-del3.3.study_on_mobile_identity_management.final_04.sxw  Revenue Models for M-Commerce with Mobile Identity
7 / 36