Mobile ID

© Kyivstar, 2015 | 2

Mobile ID infographics

© Kyivstar, 2015 | 3

Levels of AssuranceLevel of

assuranceConfidence and

Asserted IdentityAuthentication Factors Mobile Operators

OptionsLoA1 Little or no confidence Single Factor Authentication

“Something I have”MSISDN default authentication

LoA2 Some confidence Single Factor Authentication“Something I know”

SMS, USSD, APP

LoA3 High confidence Multifactor Authentication“Something I know”“Something I have”

PIN or Password

LoA4 Very High confidence Multifactor Authentication“Something I know”“Something I have”+ PKI for Digital signature

Mobile Signature

© Kyivstar, 2015 | 4

What is Mobile Signature or Mobile ID?

Public and Private KeysRSA1024,RSA2048,ECC256

Secured OTA Protocol

Mobile Operator GSM Network Internet

© Kyivstar, 2015 | 5

Mobile ID use casesSubscriber with secured sim

Banking E-Government E-Health Corporate

Transaction or Authentication, Digital Signature

• Single-sign on• Doc Flow• VPN• Mobility

• Internet shopping• Bidding shopping

• Driver license• Car registration• Income reporting• Taxes• E-Voting• Social declaration

E-Commerce Gaming

• Account open• Transfer orders• Insurance

Subscription• Loans• Bill Payment

• Mobile and internet

transactions• Secure Gambling

• Health records• Data exchange with

doctors• Real-time

monitoring

© Kyivstar, 2015 | 6

E-government portal

Kyivstar

Government Authentication Portal

Certificate Authority

WEB, SMS, IVR, APP1

8 Authentication Signature verification6

7 Verification Result2 5Signing Request

Signed Data

3

4

E-Government services using Mobile ID

Signing request + Info

Signed Data

Agree? Input PIN to confirm

E-Government Service 1

E-Government Service 2

E-Government Service 3

MSSP Protocol

oAuth/Saml

© Kyivstar, 2015 | 7

Mobile operators use cases

• Corporate application• Consumers Portal• Government Services

• Certificate center• Launched in 2013• Solution Provider - Valimo

• Financial Services• Online bidding• Document sign• E-Government• E-commerce

• Launched in 2009

• E-ID, • Bank services• Government Services

• Launched in 2009• Solution Provider - Methics

© Kyivstar, 2015 | 8

Norwegian Bank ID Use CaseTypes Private Key stored Access to Sign

Bank Stored Bank ID Bank Login/Password, PIN

Bank ID on Mobile phones

SIM PIN

Bank Axess (a payment service for online shopping) Log-in and payment via internet bank Change of address with the postal service Placing a bid when buying property Login on municipal websites Purchasing units in equities funds

“The Mobile Bank ID story is not about the technology. This story is about

getting two industries to work together to bring about mutual benefits for all of

our customers.”

© Kyivstar, 2015 | 9

Norwegian Bank ID Key Facts

© Kyivstar, 2015 | 10

Open Questions

• Впровадити міжнародні стандарти захисту даних: RSA, ЕСС (компетенція Державної Служби

Спеціального Зв'язку та Захисту Інформації);

• Розробити дорожню карту легалізації Mobile ID (компетенція Міністерства юстиції);

• Впровадити цифровий паспорт (e-ID картку) (компетенція Міністерства юстиції та Держагенції

з питань електронного урядування.

Thank you!