2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th

IEEE International Conference On Big Data Science And Engineering

A National Mobile Identity Management Strategy

for Electronic Government Services
Glaidson Menegazzo Verzeletti∗† , Emerson Ribeiro de Mello† and Michelle Silva Wangham∗
∗ FederalInstitute of Santa Catarina (IFSC), SC, BRAZIL
Email: glaidson.verzeletti@ifsc.edu.br, mello@ifsc.edu.br
† University of Vale do Itajaı́ (UNIVALI), SC, BRAZIL

Email: wangham@univali.br

Abstract—The purpose of electronic government (e-Gov) pro-
grams is to promote government transparency and improve
interactions with its citizens. One of the strategies used by
governments for the development and enhancement of e-Gov
services is the adoption of a Mobile Identity Management (IdM)
System. In this context, this paper aims to describe a Mobile eID
solution for a Brazilian IdM Strategy. Our proposed solution
focus on security, privacy, and usability using FIDO UAF, TEE,
and SAML standards. A prototype was developed and evaluated
through functional test cases and an user usability satisfaction
questionnaire. The results showed our proposed mobile eID
system contributes more to user privacy than the currently e-
Gov services. However, we observed in the experiments that
usability could be affected when the user does not understand
alert messages.
Index Terms—National Identity Management Strategy, Elec-
tronic Government, Mobile Identity
I. I NTRODUCTION
Electronic Government (e-Gov) programs are established on
information and communications technologies to democratize
access information, to boost public services and to provide
efficiency and effectiveness of these services [1], [2].
National identity management strategy is a set of proce-
dures, laws, and technologies used by governments to manage
citizens’ electronic identities. The development and implemen-
tation of digital identity management systems are essentials
steps to consolidate the e-Gov program [3].
The Brazilian government has been working with some
initiatives to create a national identity management strategy,
such as National Civil Identity (Registro de Identidade Civil
- RIC) and National Document of Identity (Documento de
Identificação Nacional - DIN), proposed by Ministry of Justice
and Superior Electoral Court respectively [2]. On the one hand,
RIC shows evident signals that the project is going to be
discontinued, on the other, the DIN tends to become a reality
[4].
Torres et al. [5] proposed a national identity management
strategy to boost Brazilian electronic government. Torres’
proposal is a theoretical model based on RIC and follows
a centralized identity model. Service Provider (SP) can have
different Level of Assurance (LoA) over citizen identity proof.
On the citizens’ authentication process SP can request user-
name/password authentication, one-time password (OTP) or
even a mobile eID or eID embedded in a smart card.
This work proposes a Mobile eID Management strategy
aligned with the Brazilian national e-GOV strategy proposed
in [5]. This proposal has the following premises: (1) strong
authentication mechanisms; (2) low operating and implemen-
tation costs; (3) simple to deploy and to use. Our proposed
solution focus on security, privacy, and usability using FIDO
UAF and SAML standards. FIDO UAF [6] is a royalty-free
standard based on public key cryptography, and it provides a
passwordless experience to users. The strategy uses the trusted
execution environment (TEE) available in smartphones as a
secure element, instead of the use of a SIM card [7], having
the same level of usability and security. As a proof of concept,
we developed a software prototype (called MID-BR) to verify
the feasibility and applicability of the proposed model.
The rest of the paper is organized as follows. Section II
presents background concepts. In Section III we present the
related works. Our proposal is explained in Section IV and
the system prototype in Section V. The system prototype
evaluation is presented in Section VI. Finally, in Section VII
we present the conclusion and future works.
II. BACKGROUND
In this section we provide a brief background on electronic
identity (eID), identity management systems (IdM), brazilian
national IdM strategy by Torres et al. [5], mobile identity and
FIDO UAF standard.
A. Electronic Identity (eID)
A person’s identity can be defined as a set of personal infor-
mation used to properly define an individual. This information
can be the person’s name, the biometric record, the mother’s
name, the date and place of birth, etc. [8]. Electronic Identity
(eID) is a set of personal information used in an electronic
context [9].
Identity management is a set of technologies, processes and
policies that aim to assure information quality of an identity
(identifiers, credentials, attributes) and as a consequence, that
this identity is safe to be used by mechanisms that performs
authentication, authorization, accountability and audit [10].
B. Identity Management Systems (IdM)
An identity management system consists of the integration
of technologies, policies and business processes. IdM system

2324-9013/18/31.00 ©2018 IEEE 668

DOI 10.1109/TrustCom/BigDataSE.2018.00098
is composed by three actors: (1) user; (2) identity provider
(IdP); and (3) service provider (SP) [11]. The user has an
electronic identity and he/she makes use of that to access
resources provided by a service provider. The IdP manages
its users’ eID and it performs the authentication of its users.
[12] defines four identity management models: traditional or
silo, centralized, federated and user-centric.
Countries usually opt to deploy a national identity man-
agement strategy based on a physical card. The eID consist
in a multi-application smartcard that is able to store identity
attributes and to execute face-to-face or remote authentication
protocols, which are used to access remote services [13].
doing so, there are some hardware and software requirements
that device manufacturers should meet, i.e., TEE, biometric
sensors, FIDO UAF software stack embedded at manufacture
time, etc.
FIDO Metadata service is used by vendors to publish or up-
date information about their FIDO authenticators. For instance,
vendors can publish information about a new authenticator or
even publish that a vulnerability has been found in a specific
authenticator. In doing so, a service provider (SP) must use
this metadata service to learn about new authenticators that
has been certified or to protect itself against vulnerabilities in
the authenticators it is currently trusting [17].

C. Brazilian National IdM Strategy [5] III. R ELATED W ORK

The national identity management strategy proposed in [5] Aiming to identify the related works that propose the
adopts a centralized IdM model where the Brazilian Federal use of mobile ID within or outside the e-Gov scope, we
Government is the single IdP. The proposal also uses the cur- performed a Systematic Literature Review (SLR) to answer the
rent decentralized state registration structure to gather citizen following research questions: (1) which mobile eID solutions
records for the centralized civil database (RIC). To authenticate can be applied in the context of e-Government? (2) which
the citizens in the SP, the IdP only needs few personal data technologies are being used to provide Mobile eID solution?
stored in an eID database, such as eID number, password, Through the SLR, it was also aimed to identify how the user
and mobile phone number. Other personal citizen data will be attributes storage is done and how the attributes are identified
stored in the RIC database. The access to the personal data by the SP when using its electronic identity.
stored in the RIC database, from eID database, would only be The Table I compares these related works considering the
allowed with the express permission of the citizen. following characteristics: (i) the application scenarios indicat-
In this strategy, there is a link between the two database ing whether it is an IdM National Strategy or a theoretical
records (eID and RIC) ensuring that each user is registered solution proposed by the authors; (ii) the solution name; (iii)
only once in both databases and should have just one eID. the Secure Element (SE) used; (iv) the usage of 3G/4G; and
As part of the strategy, a mobile eID is cited to authenticate (v) public/private partnership establishment.
the user when a high level of assurance is required. However, Table I
authors do not describe a mobile eID management system in C OMPARISON BETWEEN RELATED WORKS AND PROPOSED SOLUTION
detail and do not present practical results of a prototype as Paper Scenario Name SE 3/4G PPP
well. Current work aims to complement this knowledge gap. [18] Estonia Mobiil-ID SIM Card Yes Yes
Theoretical Op. Mob. IDM
[19] SIM Card Yes Yes
D. Mobile Electronic Identity Solution Framework
Theoretical Mobile-ID SIM Card
According to [14], the pervasive use of mobile phones [20] Yes Yes
Solution Protocol + TEE
created the computing platform that most people carries daily. [21]
Theoretical Mobile
eID Card No -
Mobile-ID consists of the integration of mobile phones with Solution Authentication
[22] Azerbaijan Asan Ìmza SIM Card Yes Yes
electronic identity, giving the phone the ability to provide or Skilriki
support the identity of the owner. [23] Iceland SIM Card Yes Yes
Service
Mobile-ID solutions can improve the usability and offers the Mobile Phone
Austria HSM No -
Signature
same level of assurance of eID solutions based on smartcards Norway Bank-ID SIM Card Yes Yes
[15]. The trust model of current Mobile-ID systems relies on: Lithuanian El.
[7] Lithuania SIM Card Yes Yes
a hardware security module (HSM) deployed in an authenti- Signature
Turkey Mobil lmza SIM Card Yes Yes
cation server; or secure element (SE) embedded in the mobile Moldova Mobile e-ID SIM Card Yes Yes
phone; or in a Subscriber Identity Module (SIM) card; or in Swiss
Switzerland SIM Card Yes Yes
a Trusted Execution Environment (TEE). Mobile ID
Mobiilivar-
[24] Finland USIM Card Yes Yes
E. FIDO UAF menne
Our Brazil mID-BR TEE No No
FIDO Alliance is a non-profit organization formed to create
open standards for strong authentication that is also easy Regarding the secure element used, only [20] proposed the
to use [16]. FIDO UAF [6] is an open standard that aims TEE to reinforce security. Most of the related works adopted
a passwordless experience. That is strong authentication by SIM card, however, this forces both governments and citizens
using biometrics to authenticate users to their local devices. to depend on Telecom service carriers [22]. Since the entire
FIDO UAF ecosystem relies on a trust model where devices security infrastructure is provided by the mobile carriers, this
and applications should be certified by FIDO Alliance. In requires the user to have a mobile data plan [24].

669
 Most of mobile ID solutions establish a public-private part-
nership, nevertheless, it is not known the level of relationship
among them [7]. Hence, it is not possible to identify how
far the government dictates business policies and defines
which technological standards should be followed. In PPP
solutions, the citizens must change the SIM card for one with
cryptographic functions [18], as in the case of Iceland. Since
all PKI-enabled SIM Card have some embedded proprietary
technology, the cost of ownership is higher for the final user.
In [19], apart from the usage of SIM card, the authors
also propose multi-factor authentication and biometrics. On
the other hand, [21] propose the use of NFC-enabled mobile
device to read an eID smartcard. Hovewer, both works only
describe theoretical solution and not implementation results.
In general, it can be observed that the usage of the SIM
card as a secure element has been the most widely Mobile
eID solution accepted by the governments. This is possibly
due to its implementation simplicity and its higher adherence
to the e-Gov policies inherent to each country.
However, this implementation generates high costs with
the acquisition of SIM PKI cards. These costs are usually
transferred to the citizens or subsidized by the government
[7]. For a country like Brazil, which has a high number of
potential users, it’s necessary to analyze the financial impact
of a ready-to-use solution, as well as its adherence to the
standards already established by the ePING architecture.
Our proposal (mID-BR) stands out from the related works
because it does not bind the citizens to a mobile data plan. It
relies on TEE and FIDO UAF protocol. Finally, the technolo-
gies used by mid-BR are aligned to ePING [25], which allows
the Brazilian Government to create its own business policies.
IV. NATIONAL M OBILE E ID M ANAGEMENT S YSTEM
This section describes our proposed Mobile eID Manage-
ment System for the Brazilian Electronic Government. The
system is aligned with the interoperability standards defined
by the e-PING architecture [25] and based on the national
Identity Management strategy proposed by Torres et al. in [5].
In order to guarantee adherence to the standards recom-
mended by the Brazilian e-Gov program, the system adopts the
following interoperability standards defined by e-PING: TLS
(Transport Layer Security), to provide secure communication
over a computer network; AES (Advanced Encryption Stan-
dard), for symmetric encryption; X.509 standard, for digital
certificates; SAML (Security Assertion Markup Language),
to exchange authentication and authorization data between
parties; XML (EXtensible Markup Language) and JSON
(JavaScript Object Notation) as data exchange standards.
Some features of the Mobile eID solution can be high-
lighted:
• the usage of a centralized IdP, as defined by the national
IdM strategy proposed in [5];
• the premise that the users mobile devices have been
manufactured with FIDO UAF and SE or TEE;
• the FIDO UAF server should be configured to accept only
a specific group of hardware manufacturers, thus avoiding
670
the usage of mobile devices considered unsafe by the
Brazilian government;
• the citizen’s fingerprint is used as a biometric data to
protect the private key generated in the mobile device;
• the “username” registered in the IdP has to go through an
encryption process before it is sent to the SP, generating
an unique pseudonym by SP; and,
• the premise that the digital certificates used have been
issued by a trusted Certificate Authority (CA). It is
assumed that the trusted CA is the Brazilian Public Key
Infrastructure (ICP-Brasil) [26].
By combining the FIDO UAF standard with technologies
embedded in the users mobile device such as TEE, the pro-
posed solution increases security in the generation and storage
of cryptographic keys used in the authentication protocols.
Since the computational support used in the system is a mobile
device, processing capacity for sensitive information is higher
when compared to traditional secure elements (SIM card).
Regarding solution costs, the user is responsible for the ac-
quisition of the mobile device, something common to all other
mobile eID solutions. For the government, on the other hand,
the option to use open standards allows the implementation of
low cost government SPs.
Figure 1 shows a general overview of mID-BR and illus-
trates the integration between the system and the IdM strategy
proposed in [5]. The following entities are presented in the sys-
tem: mID-BR application; IdP, responsible for identifying the
citizen in the electronic environment; and the SPs, representing
government services that require authentication. The mID-BR
application, installed in a mobile device, consists of an active
client that directly interacts with the FIDO client provided
by the device manufacturer. mID-BR is also responsible for
interacting with the user, the IdP and the SP in the SAML
assertion exchanges.
As shown in Figure 1, the citizen, possessing his/her FIDO
ready mobile device, interacts with the government SP (Ser-
vice Provider A) and with the IdP SAML by using the mID-
BR application. The authentication and issuance of the citizen
attributes assertion is made through the interaction between
the IdP and the eID database.
Apart from what was proposed by the national IdM strategy
[5], the IdP implements the FIDO UAF server but keeps on
querying database identities (eID) and the citizen attributes
database (RIC), according to what has been previously defined.
Even though there is a trust relationship between the entities
(see Figure 1), the citizen attributes are only sent from the
IdP to the government SP after the user approves the release
through a web form. This approach characterizes an user-
centric IdM model, once every interaction with an SP must
start by the citizen identification in the IdP and requires his/her
authorization to release personal attributes.
The system is divided in four phases: (1) Mobile eID on-
site registration at an authorized public agency; (2) e-Gov SP
Mobile eID registration for electronic document signing; (3)
Mobile eID usage to access e-Gov services; and, (4) Mobile
eID revocation.

Figure 1. Mobile eID Management System Overview
In the mobile eID registration phase, shown in Figure 2,
the citizen must go to an authorized public agency, with
his/her FIDO ready mobile device along with an identity
card to confirm his/her identity. After confirming the citizen’s
identity, a government employee generates an “username” so
that the citizen can install the mID-BR software in the device.
The recently installed software will generate an asymmetric
encrypted key pair. The public key is sent to the government
system where it will be associated to the government attributes
database (RIC database shown in Figure 1). After the key
and the attributes are linked, the registration is complete.
According to FIDO specifications, the private key must only
be storage in the citizen’s mobile device.
Figure 2. Mobile eID Registration Phase
The e-Gov SP mobile eID registration phase is required
for providers that have the electronic documents signature
functionality. In this process, a new encrypted key pair is
generated in the citizen’s mobile device right after his/her first
access to the service. The public key is stored in the SP to
confirm the documents signature made by the corresponding
private key.
In the Mobile eID usage phase, all access to a government
SP must go through the citizen identification in the government
671
IdP. In the identification process, mID-BR only requires the
citizen fingerprint to authenticate. After authentication, the
IdP presents the citizen with a web form containing a list
of personal attributes required by the SP. Only after the user
confirms the sent attributes, the IdP will generate a SAML
assertion reply to the SP.
Finally, the Mobile eID revocation phase entails the exclu-
sion of the registered public key in the IdP and in the SP. After
the key exclusion, the citizen will not be able to authenticate in
the IdP nor sign electronic documents. The revocation can be
done from the mID-BR itself, or a a public registration agency.
However, a new Mobile eID registration requires the citizen
on-site attendance, as described in the registration phase.
A. Usage scenario
The current Brazilian voting system requires the citizen to
physically attend the electoral section he/she belongs to in
order to vote. As a example, the usage of the Mobile eID
in Brazil, the Figure 3 presents a hypothetical situation of
electronic voting.
Figure 3. Usage scenario – online voting
In this scenario, the citizen votes for president, state gover-
nors or city mayors from his/her own mobile device, without
physically attending the electoral section. To do so, the citizen
only has to access the TSE (Brazilian Superior Electoral Court)
SP on election day, identify himself/herself by using his/her
Mobile eID and register his/her vote. This process is done as
follows:
• Step 1: The user accesses mID-BR, chooses the TSE SP
and the option to vote;
• Step 2: The SP redirects the user to the IdP for authen-
tication (SAML assertion request);
• Step 3: The user authenticates in the IdP through mID-
BR;
• Step 4: IdP informs the SP that the user has authenticated
successfully (SAML assertion response); and,
• Step 5: The SP releases the voting system for the user
to register the vote.
After voting, the SP is in charge of publicly disclosing the
citizen’s compulsory voting receipt.
V. I MPLEMENTED P ROTOTYPE
In order to evaluate its functionality, usability and perfor-
mance, a prototype was developed for the proposed solution
as a proof of concept. The prototype is composed of an user
agent for mobile phone (mID-BR), an authentication module
for the IdP, and a SP that simulates an eGov service.
The tools and technologies were strategically chosen based
primarily on free softwares since the Brazilian Government
believes that they reduce costs and develop technological
knowledge in the country. The second reason was to meet the
e-PING architecture requirements as to adhere to the ongoing
standards in Brazil.
An IdM testbed, GidLab1 from RNP (Brazilian National
Research Education Network), was used to host IdP and SP
in the experiments.
A. mID-BR App
The mID-BR app was developed for Android. A LG Nexus
5X mobile phone (launched in 2015) was used in the experi-
ments and was chosen for using 7.1.1 Android OS version and
for having fingerprint reader and TEE technology. However,
since this phone is not FIDO certified, a FIDO client [27] was
used to communicate with the FIDO UAF server.
The mID-BR implementation was done in two layers:
• 1st layer - active client: is responsible for the communi-
cation and SAML assertions exchange between IdP and
SP, and for the interaction with the user;
• 2nd layer - FIDO interface: is responsible for the
interaction with the mobile FIDO client allowing the
user registration through an asymmetric cryptography key
pair. It actively participate in the authentication process,
requesting and receiving the information on the FIDO
UAF server interaction from the FIDO client.
B. Identity Provider- IdP
A simpleSAMLphp authentication module, called “authFi-
doUAF”, was developed to authenticate mobile IdM system
users. The “authFidoUAF” was implemented based on SAML
specifications, was defined through an XML Authentication
Context Declaration, and allows to validate the authentication
token from FIDO UAF server. As protection mechanisms, the
following were noted in the prototype:
• The token is invalidated after a pre-defined time from the
creation date;
• The token received by the active client is invalidated if the
token content is different from the last token generated
by the FIDO UAF server for the same user;
• The token is immediately invalidated by the IdP after
used;
• The token is accepted only if created through the user
fingerprint.
PHP REST Interfaces were implemented in the IdP to pro-
vide secure communication between client and FIDO server.
These interfaces also allow the secure communication between
FIDO Server and the authFidoUAF.
1 https://gidlab.rnp.br/
672
VI. R ESULTS
The prototype evaluation was performed in two stages:
functional tests executed by the developer and an external
tester; and the analysis of usability satisfaction questionnaire
results from IT professionals.
For the evaluation of the prototype, functional test cases
were defined and executed. Besides, some test cases have
evaluated the security of the solution. We configured the Nexus
5X phone with a user profile to install the software and to
access the Internet using the wireless network. The seven
test cases were successfully executed, from the mobile eID
registration to its use and revocation.
After the evaluation of the test cases, twenty-six IT pro-
fessionals performed the guided experiment and answered the
usability satisfaction questionnaire during ten days in January
2018. The purpose of this questionnaire was to evaluate their
satisfaction level regarding the use of the mID-BR application
when accessing a fictitious government service provider.
The obtained results indicate that 96.2% of the evaluators
felt comfortable during the execution of the test (use of the
prototype). For 69.3%, performing the mobile eID registration
in person at public entity, is considered an essential factor
to increase the security of the proposed system. The opinion
of 76.9% believe that keeping fingerprint stored on the user’s
mobile device contributes to their privacy. About 46% prefer
to combine more than one factor to authenticate in e-Gov
services, but another 46.2% prefer to use only one biometric
factor. For 84.6%, the eID Mobile solution improves citizen
interaction with the government and helps reduce bureaucracy
in the country. Finally, 88.5% of the evaluators consider that
our proposed mobile eID system contributes more to user
privacy than the currently e-Gov services.
The results also showed that it is possible to guarantee the
citizens‘ privacy through the proposed eID Mobile Manage-
ment system. However, we observed in the experiments that
usability could be affected when the user does not understand
alert messages.
VII. C ONCLUSION
Throughout the years, some countries have been developing
their IdM strategies based on eID cards. However, as observed
in [28], those countries have faced low usage of those cards
in the citizens and e-Gov services interactions. On the other
hand, as Mobile eID solutions rely on the steady increase of
mobile telephony services and user-friendliness, this option
has a better acceptance than the card-based solutions.
SIM card solutions have been widely adopted for the
Mobile eID implementation simplicity and for offering tamper
resistance [29], [7]. However, implementing Mobile eID using
those cards results in high acquisition costs [7] and also costs
with the hiring of data plans [24], since the citizen is identified
through mobile phone networks [29]. This dependance be-
tween the government and the mobile network operators [22]
also creates problems for the government SPs, such as the lack
of confidence in the mobile network operators authentication
infrastructure [18].
 In this scenario, aiming to find a solution to implement a
Mobile eID in Brasil that could bypass the problems faced by
the solutions adopted by other countries, this paper has pre-
sented a proposal of a national eID management system and,
as proof-of-concept, a system prototype has been developed
and tested. The results obtained in the trials show that it is
possible to garantee the Mobile eID security and usability by
the FIDO UAF, TEE standards and SAML specifications.
For future works, we suggest the study of other open-source
secure authentication protocols, comparing those protocols to
the solution presented in this paper which uses the FIDO UAF
standards. We also suggest the study of Mobile eID technology
providers, comparing them to open-source solutions, as well as
promoting security tests in order to find possible vulnerabilities
of those solutions.
ACKNOWLEDGMENT
The authors thank the National Research and Education
Network (RNP) for providing the GIdLab experimentation
environment that was essential for conducting the experiments
and developing the prototype. This work was partially funded
by CAPES (Coordination for the Improvement of Higher
Education Personnel) and Brazilian Ministry of Justice.
R EFERENCES
[1] ONU, “e-government survey,” Economy & Social Affairs, 2014.
[2] J. A. Torres12, H. Peixoto, F. de Deus, and R. de Sousa Junior, “An
analysis of the brazilian challenges to advance in e-government,” in
Proceedings of the 15th European Conference on eGovernment 2015:
ECEG 2015. Academic Conferences Limited, 2015, p. 283.
[3] OECD, National strategies and policies for digital identity management
in OECD countries. OECD Publishing, 2011.
[4] GOV.BR, “Projeto de lei da câmara n. 19, de 2017,”
2017. [Online]. Available: https://www25.senado.leg.br/web/atividade/
materias/-/materia/128224
[5] J. A. Torres, G. Verzeletti, R. Távora, R. T. de Sousa Júnior, E. de Mello,
and M. Wangham, “A national identity management strategy to
enhance the brazilian electronic government,” CLEI Electronic
Journal, vol. 20, no. 3, pp. 8:1–8:21, 2017. [Online]. Available:
http://www.clei.org/cleiej-beta/index.php/cleiej/article/view/37
[6] S. Srinivas, J. Kemp, and F. Alliance, “Fido uaf architectural overview,”
2014.
[7] T. Zefferer and P. Teufl, “Leveraging the adoption of mobile eid
and e-signature solutions in europe,” in Electronic Government and
the Information Systems Perspective. Springer, 2015, pp. 86–100.
[Online]. Available: http://dx.doi.org/10.1007/978-3-319-22389-6 7
[8] NSTC, “Identity management task force report,” Sub-
comiittee on Biometrics and Identity Management, 2008.
[Online]. Available: https://www.whitehouse.gov/sites/default/files/
microsites/ostp/nstc-identitymgmt-2008.pdf
[9] S. Clauß and M. Köhntopp, “Identity management and its support
of multilateral security,” Computer Networks, vol. 37, no. 2, pp.
205–219, 2001. [Online]. Available: http://dx.doi.org/10.1016/S1389-
1286(01)00217-1
[10] T. ITU, “Series Y,” Rec. ITU-T Y, vol. 2720, 2009. [Online]. Available:
https://www.itu.int/rec/T-REC-Y/en
[11] A. Bhargav-Spantzel, J. Camenisch, T. Gross, and D. Sommer, “User
centricity,” Journal of Computer Security, vol. 15, no. 5, pp. 493–527,
2007. [Online]. Available: http://dx.doi.org/10.3233/JCS-2007-15502
[12] A. Jøsang and S. Pope, “User centric identity management,” in AusCERT
Asia Pacific Information Technology Security Conference. Citeseer,
2005, p. 77.
[13] I. Naumann and G. Hogben, “Privacy features of european eid card
specifications,” Network Security, vol. 2008, no. 8, pp. 9–13, 2008.
[Online]. Available: http://dx.doi.org/10.1016/S1353-4858(08)70097-7
673
[14] C. Bangdao and A. Roscoe, “Mobile electronic identity: securing pay-
ment on mobile phones,” in IFIP International Workshop on Information
Security Theory and Practices. Springer, 2011, pp. 22–37.
[15] C. Rath, S. Roth, M. Schallar, and T. Zefferer, “A secure and flexible
server-based mobile eid and e-signature solution,” in The Eighth Inter-
national Conference on Digital Society, 2014, pp. 7–12.
[16] FIDO Alliance, “About the fido alliance,” 2016. [Online]. Available:
https://fidoalliance.org/about/overview/
[17] ——, “The fido uaf metadata service,” 2016. [Online].
Available: https://fidoalliance.org/wp-content/uploads/FIDO Alliance
Metadata Service White Paper 02122016.pdf
[18] T. Martens, “Electronic identity management in estonia between
market and state governance,” Identity in the Information Society,
vol. 3, no. 1, pp. 213–233, 2010. [Online]. Available: http:
//dx.doi.org/10.1007/s12394-010-0044-0
[19] B. En-Nasry and M. D. E.-C. El Kettani, “Towards an open framework
for mobile digital identity management through strong authentication
methods,” in FTRA International Conference on Secure and Trust
Computing, Data Management, and Application. Springer, 2011, pp.
56–63. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-22365-
5 8
[20] K. Bicakci, D. Unal, N. Ascioglu, and O. Adalier, “Mobile authentication
secure against man-in-the-middle attacks,” in Mobile Cloud Computing,
Services, and Engineering (MobileCloud), 2014 2nd IEEE International
Conference on. IEEE, 2014, pp. 273–276, http://dx.doi.org/10.1109/
MobileCloud.2014.43.
[21] X. Wu, Y. Fan, X. Zhang, and J. Xu, “Research of eid mobile identity
authentication method,” in International Conference on Trustworthy
Computing and Services. Springer, 2014, pp. 350–358. [Online].
Available: http://dx.doi.org/10.1007/978-3-662-47401-3 46
[22] J. Krimpe, “Mobile id,” in Proceedings of the 2014 Conference on
Electronic Governance and Open Society: Challenges in Eurasia.
ACM, 2014, pp. 187–194. [Online]. Available: http://dx.doi.org/10.
1145/2729104.2729133
[23] J. Prusa, “E-identity,” in IST-Africa Conference, 2015. IEEE, 2015,
pp. 1–10. [Online]. Available: http://dx.doi.org/10.1109/ISTAFRICA.
2015.7190586
[24] E. Kerttula, “A novel federated strong mobile signature service—the
finnish case,” Journal of Network and Computer Applications, vol. 56,
pp. 101–114, 2015. [Online]. Available: http://dx.doi.org/10.1016/j.jnca.
2015.06.007
[25] GOV.BR, “Portaria slti/mp no 92, de 24 de dezembro de 2014.”
[Online]. Available: http://eping.governoeletronico.gov.br/,year=2014
[26] I. Brasil, “Infra-estrutura de chaves públicas brasileira,” 2016. [Online].
Available: http://www.iti.gov.br/icp-brasil
[27] E. R. De Mello, “A dummy fido uaf client suitable to conduct
development tests on android smartphones that are not fido ready,”
Mar. 2017. [Online]. Available: https://doi.org/10.5281/zenodo.375567
[28] A. Ruiz-Martı́nez, D. Sánchez-Martı́nez, M. Martı́nez-Montesinos, and
A. F. Gómez-Skarmeta, “A survey of electronic signature solutions
in mobile devices,” Journal of Theoretical and Applied Electronic
Commerce Research, vol. 2, no. 3, p. 94, 2007.
[29] T. van Do, T. Jonvik, I. Jorstad, and T. Van Do, “Better user protection
with mobile identity,” in IT Convergence and Security (ICITCS),
2013 International Conference on. IEEE, 2013, pp. 1–4. [Online].
Available: http://dx.doi.org/10.1109/ICITCS.2013.6717809