How to authenticate mobile devices in a web environment - The SIM-ID approach

Florian Feldmann, Jörg Schwenk

Open Identity Summit 2013 September 9th - 11th 2013, Kloster Banz, Germany


With the advent of the iPhone AppStore and Google Play, the 'walled garden' approach of telecommunication companies to supply content to their customers using standard GSM/UMTS/LTE authentication has failed: Neither Google nor Apple, nor any other content provider on the mobile internet, uses the SIM card for authentication. This is mainly due to the fact that mobile telecommunication and internet architectures differ substantially.

In this paper, we propose several bridging technologies to fill this gap. We exemplarily show how to use SIM authentication for web-based Single-Sign-On protocols. Starting from simple password replacement in the authentication between User Agent (UA) and Identity Provider (IdP), we show how we can achieve strong channel bindings between all TLS channels and SIM based authentication.

[Paper] [Presentation]

Tags: SIM-ID