Trust in Digital Identities Managed by Mobile Devices (L11b)
This talk introduces the work of international standardization in the field of digital identities managed by an application of a mobile device. The project ISO/IEC 23220 aims at specifying protocols and services for verification of digital identities and credentials either by a remote party or by an on-site verifier. It also specifies data formats and protocols for issuing digital identities into a compliant application of a mobile device. Trust by the verifier as well as by an issuing authority into security mechanisms offered by such an application is crucial for cross-border recognition. The trust model is based on the specification of secure areas and its certifications as well as on confidence levels. The work of ISO/IEC 23220 is also reflected in the ongoing work of the specification of the EU-DI Wallet. Finally, the presentation gives a practical example of the implementation and certification of German Smart-eID using an embedded secure element of mobile devices.