A novel federated strong mobile signature service—The Finnish case

Abstract

This paper describes the legal framework, architecture with standards and signature services of the new public Finnish federated strong mobile signature scheme. Mobile signatures are used, for example, for user identification and authentication, the message authentication, non-repudiation of transactions and verifying the information integrity. The service is based on mobile PKI and on the federation of security assertions using ETSI MSS standards. The service provider needs an agreement only with one operator. Then all services in the Circle of Trust may request authentication and digital signing from user even if a service provider has made an agreement with other competing operator than the home operator of the user. The signature service platform is extremely secure using strong two-factor and two-channel model. All personal security credentials are stored and the crypto-operations run in the mobile operator׳s tamper-proof secure element, UICC. The Finnish mobile signature service fulfils the strong identification in the Finnish ‘Identification’ Act. The service platform offers potentially to millions of Finnish citizens and the participating Finnish businesses convenient to use and trusted signature services on various service channels for applications hosted on the premises or in the cloud. Signature services can be used also abroad where SMS services are provided and where user׳s operator has a roaming agreement.