Social Icons

twitterfacebookgoogle pluslinkedinrss feedemail

Pages

Wednesday, August 28, 2013

3 models of mobile electronic signature that will fail

The experience is a plus, and as I have over 10 years seeing and hearing about models for electronic signature in mobile, I have some perspective.

It has been invested much time and money on implementing models of electronic and digital signatures on mobile devices ignoring basic issues such as the interests of the parties or to who are intended these solutions.

The models doomed to failure are:

  • Cryptographic keys on the SIM.
  • Cryptographic keys on MicroSD.
  • Protocols defined ad hoc and universal solutions.

In future posts will explore models that they can be successful.


Hands on. As said before, the experience is a plus and from the @DAN project (project, article -ES-) I've been seeing attempts and failures of models for mobile signature, so I'm not guru, because in retrospect it is easier to see what is which fails.

The subject is complex enough for multiple post, but serves this post as initial synthesis and, if the subject arouses interest, I'll get to detail the particulars of the rest.

Cryptographic keys in the SIM


This model fails because:

  1. one needs to negotiate with each operator and they are very jealous of what you put in "their" SIM (yes, you pay, but the operator owns the SIM.)
  2. additionally, as in the past (ES), operators will want to cash in the matter, although they do not add value, and that greatly complicates the implementation of the model.

We spent something like in @DAN: between operators and banks do not agreed to what was whose and for what concept they had to charge (because to charge, they had!)

Cryptographic Keys on microSD


It's a shame that since European companies make great efforts to innovate, as the case of G&D and its cryptographic MicroSD (PDF), a few years ago seemed the manna of mobile signature and then will market and turns counterclockwise.

The solution, however it was mortally wounded at birth, since Apple terminals in its line of "open solutions" (note the irony), do not have expansion slot for memory cards.

And then comes +Google  with its Nexus 4 and, the same, no expansion slot (and for that matter, without access to the battery, aligned with Apple's approach).

Whether we like about this model of "closed devices", the fact is that has destroyed the chances of cryptographic microSDs.

Ad hoc protocols and universal solutions


As we have seen, the above solutions suffered from lack of universality, and fleeing from this point, we go to the other extreme: to develop electronic signature  models that allow us to sign on any device, even in a Nokia 5110. It is an exaggeration, but the expression "legacy mobile phones" applies. There is more to see what is proposed by Valimo on their website:
Make regular phone to an authentication and signing tool for the user

This makes no sense. Consider the cases and profiles of people who really need to sign wherever they are. Certainly these people do not carry a Nokia 5110. Moreover, they may not carry a Nokia at all ...

And you can not ignore that "new technologies lead us to old PKIs (ES)".

Besides the fact that this system will not reach the intended users, it needs to use ad hoc protocols due to the poor capacities of these terminals, compared with current Smartphones.

Sometimes these protocols imply that there is an additional player: not enough the operator and the certification services provider, that we also have, to name it in a way, a "mobile credentials manager", which would be, in the case referred above, Valimo.

In summary, there are models for the mobile electronic signature that most worth not to invest more on them and focus on those that do have a future, of which I will discuss in upcoming posts.

--
Do you think this is an interesting post? Just help me sharing it by clicking one of the buttons below.