Skip to content

New in Kiuru MSSP 5.0 – HMAC Based Wireless Authenticators

Kiuru MSSP 5.0 introduces symmetric key HMAC based wireless authenticator support. This enables mobile user authentication with symmetric key authentication mechanisms. Kiuru MSSP supports standard keyed-hash message authentication code (HMAC) based symmetric key authentication (Triple-DES or AES) including challenge-response authentication (OCRA, IETF RFC 6287) developed by the Initiative for Open Authentication (OATH).

Benefits to deployment

Using symmetric cipher resources in the SIM cards simplifies authentication applet implementation and the applet is easier to deploy on-line over OTA/GlobalPlatform. No RSA or ECC algorithm hardware accelerator support is needed, and standard compliant applet size can be less than 8 kB.

Mobile Signature Service interface is based on the standard ETSI TS 102 204 SOAP interface. The same interface can be used for all identity assurance levels. This will speed up mobile signature service application integration and it will enable roaming between mobile operators.

New Identity Assurance Levels

The key material is a shared secret between the HomeMSSP and the SIM card. The HomeMSSP makes a decision on whether an authentication response is valid or not. User creates an authentication PIN, SIM card validates it locally and the PIN is not exposed to any other party. The HMAC message authentication code created on SIM card is a strong identifier of the correct device being in the hands of person who knows the correct PIN.

New assurance levels based on symmetric keys and HMAC provide an extended user experience and new use cases. They allow one-click authentication for applications where high confidence is not needed. Commonly users and application providers need stable long term identities which do not necessarily tell who the user is, only that they are the same person as the last time they logged in.