Mobile Electronic Identity: Securing Payment on Mobile Phones Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication

The pervasive use of mobile phones has created a dynamic computing platform that a large percentage of the population carries routinely. There is a growing trend of integrating mobile phones with electronic identity, giving the phone the ability to prove or support the identity of the owner by containing, for example, a tuple of name, ID, photo and public key. While this helps phone owners prove who they are, it does not prove to them that they are giving their identities to intended parties. This is important in its own right for reasons of privacy and avoiding cases of “identity theft”, but all the more important when identity is being provided to support the transfer of value (e.g. in mobile payment) or information. In this paper we show how Human Interactive Security Protocols can support this type of authentication in cases where PKIs are inappropriate, misunderstood or too expensive, concentrating on the case of payment.