• Home

  • Documents

  • Finnish Mobile ID: A Lesson in Interoperability · 2013. 7. 30. · Finnish Mobile ID: A Lesson in...
1
Finnish Mobile ID: A Lesson in Interoperability An Executive Summary In Finland, an advanced LTE market with mobile penetration and internet penetration both over 90%, the three leading mobile operators – TeliaSonera, DNA and Elisa – developed an interoperable mobile identity service called Mobile ID. Known as “Mobiilivarmenne” in Finnish, the service was launched in 2011 and offered a shared, common platform for the authentication of users to third party service providers, irrespective of the network operator to which they subscribe. This unique interoperable structure has been held as a model by operators in other markets looking to launch similar services. A number of key lessons enabled the Finnish operators to refine the service to the successful model that exists today: Mobile ID is a third generation service in Finland. Early service attempts failed due to lack of capable handsets and SIM cards, and later due to a complex registration process (only the police department could issue strong identification). With this third attempt, the mobile operators believe they have the process right with better coordination among themselves and with other ecosystem players, clarified legislation, new mobile service standards, a greater number of interested service providers, better pricing (earlier variants of the service charged consumers and were too expensive) and a more efficient registration process (end users can now register in-store in approximately 8 minutes or use their Bank ID to register online in approximately 3 minutes). Today’s Mobile ID service is the result of a Finnish consortium made up of government and public services authorities, mobile operators and the Finnish Federation for Communications and Teleinformatics (FiCom), which came together to develop the terms for such a new authentication and authorisation service in order to better serve the diverse needs of businesses and provide secure authentication for eGovernment services. TeliaSonera, DNA and Elisa formed a unique “circle of trust” – an agreement under which the operators accept digital identities created by each other and, by allowing signature “roaming” across their networks, make use of the single agreements that each individual operator has with third party service providers. The mobile PKI infrastructure and productised APIs used in the Mobile ID are uniform across the three operators, enabling them to offer an identical experience for both service provider clients and end users. In 2009, Finnish legislation clarified the legal validity of electronic signature to be equivalent to a “wet signature,” meaning that the mobile signature element of Mobile ID can be used in a wide range of everyday transactions, including secure banking, insurance, legal contract signing and permissions, online commerce and many more. Since then, PKI-capable SIMs have been issued across Finland and the law has evolved to make it possible for private sector businesses to act as issuers of strong identification tokens and services, as well as allow new eID credentials to be created based on other existing strong eID credentials. More than 200 service providers have partnered with mobile operators to use Mobile ID. The service is viewed by its users as far more convenient and user friendly than existing Bank ID or Citizen ID card authentication solutions. Utilising the secure environment of the SIM to store the signing PKI application and mobile SMS channel for credential transmission, the user is able to receive digital signing requests and to produce the signed response by entering their unique user PIN code. The service works on 99% of mobile phones (both feature and smartphones) and can be used anywhere with a mobile signal. It also uses spam prevention codes and event (transaction) IDs to protect users from being disturbed by unwanted spam requests. Mobile ID is currently offered as a free service to individuals, while third party service providers are charged for the service on a per-transaction basis, with prices stratified based on the frequency, volume and value of the transactions being made . Mobile operators compete based on service provider partnerships and pricing packages. Despite active uptake among users and businesses in its first few years since launch, Mobile ID continues to experience some challenges in reaching scale, mostly as a result of the “chicken and egg” problem – subscribers resist taking up mobile identity services until they are integrated by a broad range of third party service providers for everyday use, and service providers are unwilling to integrate Mobile ID until a large percentage of operators’ customers have adopted the service. In particular, banks have been slow to adopt the new operator-driven Mobile ID solution and allow Bank ID to be used for registration due in part to competitive concerns and a lack of region-wide solutions covering their other markets. The three mobile operators believe that enabling pre-registration through Bank ID is a key milestone for facilitating scale and uptake among users. They also believe that scale will be driven by the availability of more public services as well as more daily, high-value services, such as internet banking and payment approvals, as opposed to those used less frequently such as insurance and government services. Studies are currently being conducted on the potential for Mobile ID to be used by medical professionals for signing prescriptions and securely sending essential health records during specialist referrals. In addition, the multi-channel capabilities of Mobile ID (e.g. voice and video) are expected to aid in enticing service providers through the opportunity to build a wide array of value- adding services in the future. Read about the case study in full and find out more about the Mobile Identity Programme on our website: www.gsma.com/mobileidentity/ 1 There are currently approximately 3 million Bank ID users in Finland. Bank ID uses a combination of a PIN code and a One Time Password from a paper list, which must be carried by the user at all times. It can be used for services beyond banking such as e-commerce and government services. 2 National Citizen ID Cards require the individual to be present at the point of sale and tend to be primarily used as a travel document. As of the end of 2012 there were only 400,000 eID certificates in circulation. 3 There is debate as to whether consumers should be charged, with some believing that once 25% penetration is reached mobile operators can start charging consumers via billing or a subscription-based payment scheme.

Finnish Mobile ID: A Lesson in Interoperability · 2013. 7. 30. · Finnish Mobile ID: A Lesson in Interoperability An Executive Summary In Finland, an advanced LTE market with mobile

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Finnish Mobile ID: A Lesson in Interoperability · 2013. 7. 30. · Finnish Mobile ID: A Lesson in Interoperability An Executive Summary In Finland, an advanced LTE market with mobile

Finnish Mobile ID: A Lesson in Interoperability An Executive Summary

In Finland, an advanced LTE market with mobile penetration and internet penetration both over 90%, the three leading mobile operators – TeliaSonera, DNA and Elisa – developed an interoperable mobile identity service called Mobile ID. Known as “Mobiilivarmenne” in Finnish, the service was launched in 2011 and off ered a shared, common platform for the authentication of users to third party service providers, irrespective of the network operator to which they subscribe. This unique interoperable structure has been held as a model by operators in other markets looking to launch similar services.

A number of key lessons enabled the Finnish operators to refi ne the service to the successful model that exists today:

■ Mobile ID is a third generation service in Finland. Early service attempts failed due to lack of capable handsets and SIM cards, and later due to a complex registration process (only the police department could issue strong identifi cation). With this third attempt, the mobile operators believe they have the process right with better coordination among themselves and with other ecosystem players, clarifi ed legislation, new mobile service standards, a greater number of interested service providers, better pricing (earlier variants of the service charged consumers and were too expensive) and a more effi cient registration process (end users can now register in-store in approximately 8 minutes or use their Bank ID to register online in approximately 3 minutes).

■ Today’s Mobile ID service is the result of a Finnish consortium made up of government and public services authorities, mobile operators and the Finnish Federation for Communications and Teleinformatics (FiCom), which came together to develop the terms for such a new authentication and authorisation service in order to better serve the diverse needs of businesses and provide secure authentication for eGovernment

services. TeliaSonera, DNA and Elisa formed a unique “circle of trust” – an agreement under which the operators accept digital identities created by each other and, by allowing signature “roaming” across their networks, make use of the single agreements that each individual operator has with third party service providers. The mobile PKI infrastructure and productised APIs used in the Mobile ID are uniform across the three operators, enabling them to off er an identical experience for both service provider clients and end users.

■ In 2009, Finnish legislation clarifi ed the legal validity of electronic signature to be equivalent to a “wet signature,” meaning that the mobile signature element of Mobile ID can be used in a wide range of everyday transactions, including secure banking, insurance, legal contract signing and permissions, online commerce and many more. Since then, PKI-capable SIMs have been issued across Finland and the law has evolved to make it possible for private sector businesses to act as issuers of strong identifi cation tokens and services, as well as allow new eID credentials to be created based on other existing strong eID credentials. More than 200 service providers have partnered with mobile operators to use Mobile ID.

■ The service is viewed by its users as far more convenient and user friendly than existing Bank ID or Citizen ID card authentication solutions. Utilising the secure environment of the SIM to store the signing PKI application and mobile SMS channel for credential transmission, the user is able to receive digital signing requests and to produce the signed response by entering their unique user PIN code. The service works on 99% of mobile phones (both feature and smartphones) and can be used anywhere with a mobile signal. It also uses spam prevention codes and event (transaction) IDs to protect users from being disturbed by unwanted spam requests.

■ Mobile ID is currently off ered as a free service to individuals, while third party service providers are charged for the service on a per-transaction basis, with prices stratifi ed based on the frequency, volume and value of the transactions being made . Mobile operators compete based on service provider partnerships and pricing packages.

Despite active uptake among users and businesses in its fi rst few years since launch, Mobile ID continues to experience some challenges in reaching scale, mostly as a result of the “chicken and egg” problem – subscribers resist taking up mobile identity services until they are integrated by a broad range of third party service providers for everyday use, and service providers are unwilling to integrate Mobile ID until a large percentage of operators’ customers have adopted the service. In particular, banks have been slow to adopt the new operator-driven Mobile ID solution and allow Bank ID to be used for registration due in part to competitive concerns and a lack of region-wide solutions covering their other markets.

The three mobile operators believe that enabling pre-registration through Bank ID is a key milestone for facilitating scale and uptake among users. They also believe that scale will be driven by the availability of more public services as well as more daily, high-value services, such as internet banking and payment approvals, as opposed to those used less frequently such as insurance and government services. Studies are currently being conducted on the potential for Mobile ID to be used by medical professionals for signing prescriptions and securely sending essential health records during specialist referrals. In addition, the multi-channel capabilities of Mobile ID (e.g. voice and video) are expected to aid in enticing service providers through the opportunity to build a wide array of value-adding services in the future.

Read about the case study in full and fi nd out more about the Mobile Identity Programme on our website: www.gsma.com/mobileidentity/

1 There are currently approximately 3 million Bank ID users in Finland. Bank ID uses a combination of a PIN code and a One Time Password from a paper list, which must be carried by the user at all times. It can be used for services beyond banking such as e-commerce and government services.

2 National Citizen ID Cards require the individual to be present at the point of sale and tend to be primarily used as a travel document. As of the end of 2012 there were only 400,000 eID certifi cates in circulation. 3 There is debate as to whether consumers should be charged, with some believing that once 25% penetration is reached mobile operators can start charging consumers via billing or a subscription-based payment scheme.

Public Multi-Vendor Mobile Backhaul Interoperability Test

Public Multi-Vendor Mobile Backhaul Interoperability Test

Documents
Interoperability of Mobile Devices for Crisis Management - GDACS

Interoperability of Mobile Devices for Crisis Management - GDACS

Documents
The impact of mobile money interoperability in Tanzania · 2020. 3. 16. · interoperability in Tanzania that is the focus of this publication. After more than a decade of mobile

The impact of mobile money interoperability in Tanzania · 2020. 3. 16. · interoperability in Tanzania that is the focus of this publication. After more than a decade of mobile

Documents
GSMA Mobile-Identity Finnish Case Study

GSMA Mobile-Identity Finnish Case Study

Documents
Building Pivo, the Finnish mobile wallet - Nordkapp - #sda15

Building Pivo, the Finnish mobile wallet - Nordkapp - #sda15

Services
Mobile Virtual Networks opening in China – Business opportunities for Finnish companies

Mobile Virtual Networks opening in China – Business opportunities for Finnish companies

Software
Mobile Storage Designs for Compliance and Interoperability

Mobile Storage Designs for Compliance and Interoperability

Documents
Mobile Consumer 2015: The Finnish Perspective Consumer 2015: The Finnish Perspective 5 Tablets have surpassed smartphones as the rising star in today’s mobile devices ecosphere

Mobile Consumer 2015: The Finnish Perspective Consumer 2015: The Finnish Perspective 5 Tablets have surpassed smartphones as the rising star in today’s mobile devices ecosphere

Documents
Mobile Interoperability: Untangling the Wireless World

Mobile Interoperability: Untangling the Wireless World

Technology
ADOPTING MOBILE CLOUD APPLICATIONS · Android, Apple iPhone, Research in Motion BlackBerry, Symbian, Windows Mobile, Working with Mobile Web Services: Mobile interoperability, Performing

ADOPTING MOBILE CLOUD APPLICATIONS · Android, Apple iPhone, Research in Motion BlackBerry, Symbian, Windows Mobile, Working with Mobile Web Services: Mobile interoperability, Performing

Documents
eHealth - Medical Systems Interoperability & Mobile Health

eHealth - Medical Systems Interoperability & Mobile Health

Technology
Open Mobile Alliance Application Layer Interoperability in a Converged World IMOBICON

Open Mobile Alliance Application Layer Interoperability in a Converged World IMOBICON

Documents
A2A InteroperAbIlIty · a2a interoperaBility makinG moBile money scHemes interoperate For a2a interoperability, the most directly comparable banking sector payment network is probably

A2A InteroperAbIlIty · a2a interoperaBility makinG moBile money scHemes interoperate For a2a interoperability, the most directly comparable banking sector payment network is probably

Documents
Mobile IPv6: A Key Enabler for WLAN to GPRS Interoperability

Mobile IPv6: A Key Enabler for WLAN to GPRS Interoperability

Documents
"End-to-end Interoperability and Mobile Services"

"End-to-end Interoperability and Mobile Services"

Technology
Interoperability - Realizing the Full Potential of Mobile Money

Interoperability - Realizing the Full Potential of Mobile Money

Technology
EHealth Partners Finland Finnish Agency for Technology and Innovation Tekes grants no. 40140/06 and 70030/06 Architecture, Interoperability,

EHealth Partners Finland Finnish Agency for Technology and Innovation Tekes grants no. 40140/06 and 70030/06 Architecture, Interoperability,

Documents
Tracking the journey towards mobile money interoperability...Tracking the ourney towards mobile money interoperability 7 Over a decade ago, mobile money emerged as a standalone service

Tracking the journey towards mobile money interoperability...Tracking the ourney towards mobile money interoperability 7 Over a decade ago, mobile money emerged as a standalone service

Documents
Enterprise Mobility Cluster – Finnish SMEs VAMOS - Value Added Mobile Solutions

Enterprise Mobility Cluster – Finnish SMEs VAMOS - Value Added Mobile Solutions

Technology
the success factors of the finnish mobile game industry: a - Theseus

the success factors of the finnish mobile game industry: a - Theseus

Documents
ITU Conformity and Interoperability Guidelines · PDF fileConformity and Interoperability Training ... (telecom operator). Third ... Mobile 3GPP Power; frequency stability, frequency

ITU Conformity and Interoperability Guidelines · PDF fileConformity and Interoperability Training ... (telecom operator). Third ... Mobile 3GPP Power; frequency stability, frequency

Documents
Interoperability Standards:The Key to Mobile Data

Interoperability Standards:The Key to Mobile Data

Health & Medicine
The impact of mobile money interoperability in Tanzania · PDF file · 2016-10-04The impact of mobile money interoperability in Tanzania ... For more information, ... Risk mitigation

The impact of mobile money interoperability in Tanzania · PDF file · 2016-10-04The impact of mobile money interoperability in Tanzania ... For more information, ... Risk mitigation

Documents
Global Mobile Consumer Survey The Finnish Perspective 2016€¦ · Global Mobile Consumer Survey The Finnish Perspective 2016. 2 Global Mobile Consumer Survey Global Mobile Consumer

Global Mobile Consumer Survey The Finnish Perspective 2016€¦ · Global Mobile Consumer Survey The Finnish Perspective 2016. 2 Global Mobile Consumer Survey Global Mobile Consumer

Documents
MWC Mobile Interoperability and Business Productivity (Yury Buluy)

MWC Mobile Interoperability and Business Productivity (Yury Buluy)

Mobile
Unlocking Interoperability in Mobile Payment Systems

Unlocking Interoperability in Mobile Payment Systems

Technology
Understanding Interoperability through Mobile Phones

Understanding Interoperability through Mobile Phones

Technology
MOBILE SERVICES and FINNISH CONSUMERS

MOBILE SERVICES and FINNISH CONSUMERS

Documents
Public Multi-Vendor Mobile Backhaul Interoperability Test Mobile … · 2 Mobile World Congress 2008 Mobile Backhaul Interoperability Event A few words from the Metro Ethernet Forum

Public Multi-Vendor Mobile Backhaul Interoperability Test Mobile … · 2 Mobile World Congress 2008 Mobile Backhaul Interoperability Event A few words from the Metro Ethernet Forum

Documents
Pulse Secure Mobile Client · deployment options. This document describes Pulse Secure mobile client interoperability with mobile platforms (operating systems), mobile hardware devices,

Pulse Secure Mobile Client · deployment options. This document describes Pulse Secure mobile client interoperability with mobile platforms (operating systems), mobile hardware devices,

Documents