The mobile evolution of the employee and student pass
10
Click here to load reader
Transcript of The mobile evolution of the employee and student pass
The mobile evolution of the employee and student pass
Frans Panken, Joost van Dijk (SURFnet)
Mark van der Laan (Aspider-NGI)
Carlos Serratos (AET Europe)
The student / employee pass
New SIM design
Telco level
General Keys
Applet level
MN
O 1
MN
O 2
MN
O 3
AP
P1
AP
P2
AP
P3
Mark van der Laan(Aspider-NGI)
Carlos Serratos(AET Europe)
Dividing the card into two parts
Part #1 : Mobile operator profiles
a) Mobile infrastructure:- Voice- 3G/4G data- SMS/M2M
b) Indoor communication- Wi-Fi calling- Distributed Antenna System (DAS)- Unified Communications
Part #2 smart card management
a) Design employee / student cardb) Security keys within corporate
HSMc) Over-the-air provisioningd) Institution’s security domaine) Applet management for secure
apps on device or machine
Smartphone as an interface around employee and student pass
• No more SIM swaps
• Use the SIM to access eduroam
• Applets on SIM alternative for one-time-password
• Use phone to access buildings/laboratories/…
• Use phone to access the parking lot
• …The true merit lies in realizing a common future-proof architecture for a hardware-based isolated environment that can be used in various devices (including plastic cards) and allows building a common and tamper-resistant security solution that can be audited.
Benefits of a pass in your phone
• The phone will give the pass a user interface;
• The connectivity of the phone will allow for remote, central provisioning and management;
• Apps on the phone can share the security of the SIM/pass;
• The main downside is the dependency on your telecom provider for these SIMs.
The is answer is the eSIM
Independency and investment protection
• With the eSIM the ownership of the SIM moves to the user;
• The telecom provider is ‘guest’ on your SIM, meaning:
• No more SIM swaps
• No dependency on telecom provider
• No impact from procurement processes
• Effective tendering processes
• The eSIM is based on global standards (GSMA, Global platform) and is modular;
• Sustainable model to exceed typical lifetime of a telco-contract or SmartCard’s life cycle.
Therefore the eSIM is a sustainable and long-term investment
eSIM applications
• The segregation of the Telco domain and the security domain allow for installation and control of your own private applets.
• The security domain is accessed via a TSM, which allows for delegated access and management for multiple parties.
• Possible applications on the eSIM would be:
• Secure Element; two-factor authentication
• Centrally controlled WiFi access
• NFC cards for door access, printing & copying, library card, student card etc.
• Real-time QoS measurements
• …. and many more
Reduce risk and liability
Full eIDAS compliance. PSD2 and NIS directive strong authentication. GDPR binding consent. Audit trails.Non-repudiation assures legal accountability. Compliance by design.
Flexible and future proof
Designed to evolve with technology and regulations. Quick deployment and scalability. Independent from browser plugins. Coexistence, scalability and migration from current solutions
Independency and ownership
Based on global standards. The best of breed. Put the business back in control of their infrastructure and cost control.
convenience and accessibilityAccess from anywhere, any time. Easy to use. Multiple cards, one device, multiple applications.
security and confidenceNo need to share personal information. The user is in control of its operations. Privacy by design.
Access from personal devicesRunning on Android devices. APPs secured by smartcard. Mobile device: THE smartcard with user interface. Security by design.
Benefits
PSD2 – GDPR – eIDAS – NIS Compliance in one click
