Improved Authentication in Information Systems through a Mobile Identity Management Scheme (MoIdM-MSS) Utilizing Mobile Signature Service

Mohammadjavad Sharifpour; Mehdi Shajari; Seyyed Amir Asghari Tochae

doi:10.4108/eetsis.9014

Authors

Mohammadjavad Sharifpour Amirkabir University of Technology
Mehdi Shajari Toronto Metropolitan University
Seyyed Amir Asghari Tochae Kharazmi University

DOI:

https://doi.org/10.4108/eetsis.9014

Keywords:

Mobile Identity Management, Mobile IdM, Mobile ID, Mobile Signature Service, MSS, Information Systems, Technology Acceptance Model, TAM

Abstract

In today's digital economy, work processes are increasingly digitized using computer information systems. An essential aspect of employees' reliance on these systems is trust in their reliability. Mobile devices and apps play a vital role in this digital landscape, with Mobile Identity at the forefront. Mobile Identity extends the concept of digital identity through mobile networks, acting as a tool for login and transactions and as a crucial element in communication and interaction. This paper introduces a Mobile Identity Management Scheme based on the Mobile Signature Service for information systems. The scheme enables digital signatures on mobile devices for various purposes, enhancing security by leveraging the user's private key and the system's authentication challenge. Through this approach, authentication is ensured by permitting only users with the correct private key to sign the challenge, eliminating the necessity for traditional authentication methods such as usernames and passwords.

Furthermore, the scheme leverages mobile device security features like secure computing environments and biometric authentication to bolster authentication. By adding an extra layer of protection and focusing on user convenience, security is heightened without introducing unnecessary complexity. Evaluations conducted in local signing scenarios have demonstrated the scheme's effectiveness, acceptance, and potential, indicating promising results for its application in enhancing work process security.

References

[1] Funke H. Digital and mobile identities. In: Open Identity Summit 2020 [Internet]. Copenhagen, Denmark; 2020. p. 27–33. Available from: https://doi.org/10.18420/ois2020_02

[2] Khan AR. National Identity Card: Opportunities and Threats. Journal of Asian Research. Journal of Asian Research. 2018 Mar 7;2(2):77. https://doi.org/10.22158/jar.v2n2p77

[3] Reddy AG, Suresh D, Phaneendra K, Shin JS, Odelu V. Provably secure pseudo-identity based device authentication for smart cities environment. Sustainable Cities and Society. 2018 Aug; 41:878–85. https://doi.org/10.1016/j.scs.2018.06.004

[4] Habib S, Hamadneh NN. Impact of Perceived Risk on Consumers Technology Acceptance in Online Grocery Adoption amid COVID-19 Pandemic. Sustainability. 2021 Sep 13;13(18):10221. https://doi.org/10.3390/su131810221

[5] Pöhn D, Grabatin M, Hommel W. eID and Self-Sovereign Identity Usage: An Overview. Electronics [Internet]. 2021 Jan 1;10(22):2811. Available from: https://www.mdpi.com/2079-9292/10/22/2811/html. https://doi.org/10.3390/electronics10222811

[6] SLA Digital Ltd. What is Mobile Identity? - SLA Digital [Internet]. SLA Digital. 2021. Available from: https://sla-digital.com/blog/what-is-mobile-identity/.

[7] Fatoni A, Adi K, Widodo AP. PIECES Framework and Importance Performance Analysis Method to Evaluate the Implementation of Information Systems. Warsito B, Sudarno, Triadi Putranto T, editors. E3S Web of Conferences. 2020; 202:15007. https://doi.org/10.1051/e3sconf/202020215007

[8] Dai HN, Maharjan S, Zheng Z, Hung PCK, Xu Q, Sun W. IEEE Access Special Section Editorial: Blockchain-Enabled Trustworthy Systems. IEEE Access. 2021; 9:67680–3. https://doi.org/10.1109/ACCESS.2021.3075115

[9] ETSI SR 019 020 V1.1.2: The framework for standardization of signatures; Mobile Signature Service; Standards for AdES digital signatures in mobile and distributed environments. ETSI; 2016. Available from: https://www.etsi.org/deliver/etsi_sr/019000_019099/019020/01.01.02_60/sr_019020v010102p.pdf

[10] The Mobile Economy 2023. GSMA and GSMA Intelligence; 2023 p. 1–50.

[11] Digital Identity: Solutions Assessment, Regional Analysis & Market Forecasts 2023-2027. Juniper Research Ltd; 2023 Feb.

[12] M. Singh, H. Kaur, A. Kakkar. Digital signature verification scheme for image authentication. In: 2015 2nd International Conference on Recent Advances in Engineering & Computational Sciences (RAECS), IEEE; 2015, p. 1–5. https://doi.org/ 10.1109/RAECS.2015.7453277

[13] FiCom’s (The Finnish Federation for Telecommunications and Tele informatics) application guideline for ETSI’s MSS standards: V2.1. FiCom; 2012.

[14] ETSI TR 102 203 V1.1.1: Mobile Commerce (M-COMM); Mobile Signatures; Business and Functional Requirements. ETSI; 2003.

[15] ETSI TS 102 204 V1.1.4: Mobile Commerce (M-COMM); Mobile Signature Service; Web Service Interface. ETSI; 2003.

[16] ETSI TR 102 206 V1.1.3: Mobile Commerce (M-COMM); Mobile Signature Service; Security Framework. ETSI; 2003.

[17] ETSI TS 102 207 V1.1.3: Mobile Commerce (M-COMM); Mobile Signature Service; Specifications for Roaming in Mobile Signature Services. ETSI; 2003.

[18] ETSI EN 319 122 (all parts): Electronic Signatures and Infrastructures (ESI); CAdES digital signatures. ETSI.

[19] ETSI EN 319 132 (all parts): Electronic Signatures and Infrastructures (ESI); XAdES digital signatures. ETSI.

[20] ETSI EN 319 142 (all parts): Electronic Signatures and Infrastructures (ESI); PAdES digital signatures. ETSI.

[21] Do T van, Feng B, Swafford C, Do VT, Khuong LH. Mobile Identity as a Tool to Develop Society. 2015 5th International Conference on IT Convergence and Security (ICITCS). 2015 Aug. https://doi.org/10.1109/ICITCS.2015.7292997

[22] Fritsch L. Identification collapse - contingency in Identity Management. In: Open Identity Summit 2020 [Internet]. Copenhagen, Denmark; 2020. p. 15–26. Available from: https://doi.org/10.18420/ois2020_01

[23] Alamillo I, Mouille S, Röck A, Soumelidis N, Tabor M. Digital Identity Standards [Internet]. ENISA; 2023 [cited 2024 Nov 30]. Available from: https://www.doi.org/10.2824/28598

[24] Kubach M, Leitold H, Heiko Roßnagel, Schunck CH, Talamo M. SSEDIC.2020 on mobile eid. Open Identity Summit. 2015 Jan 1;29–41. Available from: https://subs.emis.de/LNI/Proceedings/Proceedings251/29.pdf

[25] Alpern NJ, Shimonski RJ. Wireless Networking. Elsevier eBooks [Internet]. 2010 Jan 1;55–72. Available from: https://www.sciencedirect.com/topics/computer-science/authentication-capability.

[26] Ping Identity [Internet]. Pingidentity.com. 2024. Available from: https://www.pingidentity.com/en/resources/identity-fundamentals/centralized-identity-management/authentication-authorization-standards.html.

[27] ID Austria [Internet]. oesterreich.gv.at - Österreichs digitales Amt. 2023 [cited 2024 Nov 30]. Available from: https://www.oesterreich.gv.at/en/id-austria.html.

[28] Mobile-ID - ID.ee [Internet]. ID.ee. 2024 [cited 2024 Nov 30]. Available from: https://www.id.ee/en/mobile-id/.

[29] Etusivu - Mobiilivarmenne [Internet]. Mobiilivarmenne. 2024 [cited 2024 Nov 30]. Available from: https://mobiilivarmenne.fi/.

[30] itsme®, your digital ID [Internet]. itsme®. 2024 [cited 2024 Nov 30]. Available from: https://www.itsme-id.com/en-BE/.

[31] Mobile Identity Enabling the Digital World 2020 [Internet]. GSMA; [cited 2024 Nov 30]. Available from: https://www.gsma.com/solutions-and-impact/technologies/mobile-identity/wp-content/uploads/2020/07/Mobile-Identity-enabling-the-digital-world-report-Final-1.pdf.

[32] Introducing Windows CardSpace [Internet]. Microsoft.com. 2010 [cited 2024 Nov 30]. Available from: http://msdn.microsoft.com/en-us/library/aa480189.aspx.

[33] OpenID - OpenID Foundation [Internet]. OpenID Foundation - Helping people assert their identity wherever they choose. [cited 2024 Nov 30]. Available from: http://openid.net.

[34] Core NFC | Apple Developer Documentation [Internet]. Apple Developer Documentation. [cited 2024 Nov 30]. Available from: https://developer.apple.com/documentation/corenfc#overview.

[35] Machine Readable Travel Document High-Level Guidance: Explaining the ICAO Digital Travel Credentials [Internet]. 2024 [cited 2024 Nov 30]. Available from: https://www.icao.int/Security/FAL/TRIP/Documents/High%20Level%20Guidance%20explaining%20ICAO%20DTC.pdf

[36] ETSI TS 119 441 V1.1.1: Electronic Signatures and Infrastructures (ESI); Policy requirements for TSP providing signature validation services [Internet]. ETSI; 2018 [cited 2024 Nov 30]. Available from: https://www.etsi.org/deliver/etsi_ts/119400_119499/119441/01.01.01_60/ts_119441v010101p.pdf

[37] eIDAS compliant eID Solutions | ENISA [Internet]. Europa.eu. ENISA Report; 2020 [cited 2024 Nov 30]. Available from: https://www.enisa.europa.eu/publications/eidas-compliant-eid-solutions.

[38] Secure Enclave [Internet]. Apple Support. Apple Platform Security; 2024 [cited 2024 Nov 30]. Available from: https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web.

[39] Mobile ID: Realization of Mobile Identity Solutions by GlobalPlatform Technologies. GlobalPlatform [Internet]. 2015 Nov [cited 2024 Nov 30]; p. 1–52. Available from: https://globalplatform.wpengine.com/wp-content/uploads/2018/04/GlobalPlatform_White_Paper_MobileID.pdf

[40] Statt N. Google’s Pixel 2 phones are the first to use built-in eSIM technology [Internet]. The Verge. 2017 [cited 2024 Nov 30]. Available from: https://www.theverge.com/2017/10/4/16424740/google-pixel-2-xl-esim-technology-project-fi-first-ever.

[41] Differences between SIM types - which SIM to choose? — 1oT [Internet]. 1oT. 2019 [cited 2024 Nov 30]. Available from: https://1ot.mobi/resources/blog/differences-between-sim-types-which-sim-to-choose.

[42] Mondato. eSIM: Fresh Paint for Mobile, Payments and Identity [Internet]. Mondato Insight. 2019 [cited 2024 Nov 30]. Available from: https://blog.mondato.com/esim-fresh-paint/.

[43] Fatoni A, Adi K, Widodo AP. PIECES Framework and Importance Performance Analysis Method to Evaluate the Implementation of Information Systems. Warsito B, Sudarno, Triadi Putranto T, editors. E3S Web of Conferences. 2020; 202:15007.

[44] Carlbäck J, Wong A. A Study on Factors Influencing Acceptance of Using Mobile Electronic Identification Applications in Sweden [Internet]. [JÖNKÖPING UNIVERSITY]; 2018 [cited 2024 Nov 30]. Available from: http://hj.diva-portal.org/smash/get/diva2:1214313/FULLTEXT01.pdf

[45] A. Berisca, S. Clive, J.A. Hardani, A.S. Hutabarat. Development of the TAM model of factors that influence the acceptance of mobile payments. JIMEA J.; 2024; Vol. 8; No. 2; pp. 42-66. https://doi.org/10.31955/mea.v8i2.3967

[46] Almaiah MA, Ayouni S, Hajjej F, Lutfi A, Almomani O, Awad AB. Smart Mobile Learning Success Model for Higher Educational Institutions in the Context of the COVID-19 Pandemic. Electronics. 2022 Apr 18;11(8):1278. https://doi.org/10.3390/electronics11081278

[47] Almaiah MA, Hajjej F, Lutfi A, Al-Khasawneh A, Shehab R, Al-Otaibi S, et al. Explaining the Factors Affecting Students’ Attitudes to Using Online Learning (Madrasati Platform) during COVID-19. Electronics. 2022 Mar 22;11(7):973. https://doi.org/10.3390/electronics11070973

[48] Mohd Thas Thaker H, Mohd Thas Thaker MA, Khaliq A, Allah Pitchay A, Iqbal Hussain H. Behavioural intention and adoption of internet banking among clients of Islamic banks in Malaysia: an analysis using UTAUT2. Journal of Islamic Marketing. 2021 Feb 1; ahead-of-print(ahead-of-print). https://doi.org/10.1108/jima-11-2019-0228

[49] Patil P, Tamilmani K, Rana NP, Raghavan V. Understanding consumer adoption of mobile payment in India: Extending Meta-UTAUT model with personal innovativeness, anxiety, trust, and grievance redressal. International Journal of Information Management. 2020 Oct; 54:102144. https://doi.org/10.1016/j.ijinfomgt.2020.102144

[50] Ramos-de-Luna I, Montoro-Ríos F, Liébana-Cabanillas F. Determinants of the intention to use NFC technology as a payment system: an acceptance model approach. Information Systems and e-Business Management. 2015 May 29;14(2):293–314. https://doi.org/10.1007/s10257-015-0284-5

[51] Rodrick SS, Islam H, Sarker SA, Tisha FF. Prospects and Challenges of using Credit Card Services: A Study on the users in Dhaka City. AIUB Journal of Business and Economics. 2021 Dec;18(1):161–86.

[52] Lutfi A, Al-Khasawneh AL, Almaiah MA, Alshira’h AF, Alshirah MH, Alsyouf A, et al. Antecedents of Big Data Analytic Adoption and Impacts on Performance: Contingent Effect. Sustainability. 2022 Nov 22;14(23):15516. https://doi.org/10.3390/su142315516

[53] Trinh HN, Tran HH, Vuong DHQ. Determinants of consumers’ intention to use credit card: a perspective of multifaceted perceived risk. Asian Journal of Economics and Banking. 2020 Aug 20;4(3):105–20. https://doi.org/10.1108/ajeb-06-2020-0018.

[54] Alhumaid K, Habes M, Salloum SA. Examining the Factors Influencing the Mobile Learning Usage During COVID-19 Pandemic: An Integrated SEM-ANN Method. IEEE Access. 2021; 9:102567–78. https://doi.org/10.1109/access.2021.3097753