Published by: GSM Association

Mobile Signature is an enabling technology that allows for the remote or present authorisation of electronic events using a mobile phone. Mobile Signature can carry legally valid identity information (qualified digital certificates) over a GSM network and provide that information to any authorised application. Mobile signatures are digital signatures that are created using private key data that is stored on the UICC; so it can be used to provide legally binding and ultimately secured transactions.
Essentially Mobile Signatures extends the broader concept of Digital Identity to encompass the mobile phone as the central device for authentication.

, based on the ETSI TR 102.203, 102.204, 102.206 and 102.207 guidelines.

Digital Signatures is an important building block for secure services. Mobile Signatures helps service providers to identify and authenticate users, and also may be used to sign secure transactions. Mobile Signatures can, in principle, be applied to any electronic event that requires authorisation by a nominated individual or by a member of a defined group of individuals.
Modern communications and e-commerce are largely built on a solution, i.e. the internet, that was built without an identity layer that would allow each party to be sure of who they were interacting with. ‘Identity’ leads to the development of trust models that are so important to the functioning of current societies.

By establishing a Public Key Infrastructure (PKI) and providing digital certificates and keys to end users on a mobile phone UICC (Wireless PKI), a digital identity can be established thus enabling the delivery of new and enhanced features and services For example, virtual access to internet resources, financial transaction authorisation or electronic document signing.
This brings the benefits of increased revenue, improved subscriber churn and access to new vertical markets not previously available to the mobile operator.
For the consumer the benefits are: greatly increased security of personal information, convenience and access to services that would previously have not been possible.

Mobile signature enables services that were previously impossible to perform remotely since they required either personal presence or unreasonable risk.
Security levels are greatly increased due to the use of the UICC in the secure chain of events and also due the nature of the services which will typically require two ‘points of presence’ in the transaction chain i.e. an internet portal access on a computer will also require the user to authorise the event from his mobile phone. If the mobile phone user, the phone (UICC) and the originating event are not all present the activity will not be possible. Further, information required to perform an event, for example, account information, can be transmitted over different channels thus disassociating it from the originating service and reducing the risk of fraud.