The following description of background art may include insights, discoveries, understandings or disclosures, or associations together with disclosures not known to the relevant art prior to the present invention but provided by the invention. Some such contributions of the invention may be specifically pointed out below, whereas other such contributions of the invention will be apparent from their context.
The amount of web-based services requiring some kind of user authentication has increased rapidly over the last years, thanks to the evolvement of electronic identification schemes and secured communications technologies. Examples of such web-based services include online banking, different payment services, online services provided by state authorities, such as requesting a tax deduction card online, different social medias, etc. Typically each service provider decides how the user is authenticated or his/her identification verified so that the user is allowed to access the service.
One of the newest solutions for secure identification and digital signatures, intended for different web-services, is a SIM-based mobile ID scheme utilizing wireless public key infrastructure. In the mobile ID scheme, also called a mobile certificate scheme, an asymmetric cryptographic keypair is securely stored with a corresponding authentication application on a subscriber identity module (SIM). A person who is in possession of the subscriber identity module can identify himself/herself in different web services with the mobile ID. In the mobile ID scheme, when a user logs in a service, the user gives his/her mobile phone number or a user name by means of which the mobile number may be resolved, and a server providing the service sends an authentication request to a mobile signature service provider (MSSP) which is the user's operator or a trusted third party service provider and associates the keypair with proper personal data of the person. MSSP creates and sends an encrypted flash short message to the user's authentication application in the SIM in the mobile phone, the flash short message informing the user that he/she is trying to log in the service and requesting the user to enter a password the user has himself selected for mobile ID authentication, if the user wants to log in the service indicated in the flash short message. The flash short message is decrypted by the authentication application in the mobile device in which the subscriber identity module is, and the content is shown to the user. The user enters the password via the user interface, the authentication application checks the password, creates a message indicating the outcome of the check, encrypts the message (i.e. signs the received request) and the mobile device sends the message to MSSP. MSSP decrypts the message thereby verifying the user and forwards the authentication outcome to the service. If the outcome is positive, the service is opened for the user. In the process, MSSP uses a public key and the authentication application a corresponding private key.
A problem with the solution is that the mobile ID can be used only for web services, either to log in the service for using the service or for signing documents; there are no mechanisms to use the mobile ID scheme to verify a user's identity to another user (person), for example. A straightforward implementation scenario would be that mobile devices would contain an authentication service to which other users may log in, the service in the mobile device performing the above described functionality of the server and sending after a successful log in some pieces of the mobile device user's personal information to the person using the other device. However, logging in a service that locates in another person's mobile device requires address information of the service in the other person's mobile device and a public key of the other person in the mobile device of a user wanting to obtain trustworthy personal information on the other person. This is a rather complicated solution and very difficult to implement.