Alauda M2 Applet is a program on the Mobile User’s SIM/UICC card that is at the core of the signature process of Mobile Signature Services. Alauda M2 is currently the only WPKI Client Applet on the market whose source code is available for licensing. This enables completely adaptable integration and auditing as well as disables vendor locking; alterations don’t need to go through Methics. Alauda M2 Applet follows the Alauda WPKI Client specification. More information on the specification can be found here.
In order to enable the User to sign incoming requests, Alauda M2 generates a public/private key pair on the User’s SIM/UICC card. The public key is sent to the User’s HomeMSSP, while the private key stays on the card. When the key pair has been bound to the User’s identity, the User can use Alauda M2 to sign requests with their PIN-protected private key, and the HomeMSSP can verify the signatures with the User’s public key.