Calling up mobile security

Research from the IST could make mobile phone fraud a thing of the past by using biometric data to confirm a caller’s identity.

The IST SecurePhone project employs physical attributes to enable the user to digitally sign audio, text or image files, providing proof of their origin and authenticity.

SecurePhone technical coordinator Roberto Ricci said, “Because biometric data never leaves the device’s SIM card and cannot be accessed, except by the verification module which also runs on the SIM card, the user’s biometric profile is completely safe. This is important to meet the highest privacy requirements.”

Currently, text, audio and image files can be sent by anyone to anyone with no authentication. This makes data exchanged over mobile devices of limited use for legally binding transactions. However, a digitally signed and authenticated voice recording during a telephone conversation would, for example, give the speaker’s words legal value.

The system developed by the SecurePhone project partners consists of two main elements. The first, an authentication module, uses biometric security applications to verify the user’s identity. That in turn gives them access to the second module which digitally signs the data using a Public Key Infrastructure (PKI).