Using Digital Signature As Strong Authentication Method

Digital signature has been rarely known as authentication method so far. Yesterday, Turkcell announced new strong authentication service, mobile signature. Turkcell also provide as a service to big banks such as Garanti, Akbank,and Isbankasi.

Turkcell has been using Sun Java System Access Manager to provide Single-Signle On  to the subscribers using web based VAS services. Local Sun Professional Services team developed a custom authentication module for Access Manager to be integrated with mobile signature infrastructure. Consequently, the subscribers enjoys accessing VAS services using their digital signature.

Posted on: Şub 21, 2007

Posted by: orhan

Category: OpenSSO

Tags:

Permanent link to this entry

Comments:

Hi Orhan, how is the digital signature generated on the handset, is Java being user at all? Is the handset owner challenged at all during the digital signature generation? cheers

Posted by Paul Walker on Şubat 22, 2007 at 09:22 AM EET #

[Trackback] From Orhan Alkan comes this report of Turkcell deploying mobile strong authentication with Sun Java System Access Manager . Orhan and his colleagues in the Sun Turkey Professional Services team developed a custom authentication module to handl...

Posted by Superpatterns on Şubat 22, 2007 at 11:51 PM EET #

Paul, Yes, the digital signature is generated on handset. Both digital certificate and the digital signature application are stored on the SIM card. I am not sure the application is java.

Posted by orhan alkan on Şubat 26, 2007 at 10:24 PM EET #

Unfortunately the explanation is not entirely correct. The signature key-pair and the signing process is entirely handled on Common Criteria EAL 4+ simcard with On Board Key Generation functionality. It is not dependent on phone or java! It is the sim, not the handset.

Posted by Expert on Mart 04, 2007 at 11:12 PM EET #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by orhan