GSM phones get digital signatures

The coalition for the Mobile Electronic Signature (mSign) consortium has announced the launch of the first version of an interface protocol for digital signature technology for GSM (Global System for Mobile communication) hand phones.

The mSign protocol version 1.0, based on the XML (Extensible Markup Language) standard, establishes the data flow and interface between the mobile service provider and primary service provider, and the quality of the connection between the mobile service provider and the consumer.

The objective is to ensure that an interoperable service for authentication and authorization exists between the various market participants, including mobile communication providers, software and hardware vendors.

In town recently to marshal support for the new protocol among the local community was Jozsef Bugovics, chairman of mSign, and executive vice-president of business development at Brokat.

“We saw the need for a solution that would integrate mobile handphones into the e-business value chain … using today’s architecture and infrastructure to close the loop,” said Bugovics.

“Companies are convinced that a common standard is needed to define in order to deliver critical authentication and non-repudiation of mobile transactions,” he said. “The demand for secure e-business processes has been overwhelming.”

To address the problem, the consortium examined the existing payment infrastructure. “What we found was a gap between convenient, but not secure payment methods, such as credit cards, or very secure solutions but too complex, such as certificates,” he said.

A recent survey conducted by International Data Corp. (IDC) across 10 Asia-Pacific markets support this view. The report found that the concerns over using credit cards online and fears of dealing with disreputable merchants were key factors inhibiting e-commerce among Asian Internet users.

Bugovics is confident that this will change as the mobile device market develops into an e-business enabler. He added that with the updated SIM (subscriber identity module), users would not be limited by their choice of mobile device, and will be able to transact securely anywhere and at anytime.

“Unlike the current procedure, where the smart card reader is attached to the PC, mobile phones now become the card reader … with the user’s credentials and digital signature stored in the phone’s SIM card,” he explained.

Using mobile banking to illustrate his point, Bugovics said that the bank’s customer seeking to transfer funds, only needs to enter his or her PIN (personal identification number) into the mobile phone to activate the digital signature capability stored in the phone’s SIM card. The customer then waits for the bank to verify and to acknowledge the validity of the signature before carrying out the transaction.

Depending on the size of the payment, the information could be exchanged either via short message (SMS) or voice input. The technology can also be made to conform to WAP (Wireless Application Protocol), he added.