Our solution, Kiuru Mobile Signature Service Provider (MSSP) Platform, is a complete platform for delivering Mobile Identity solutions, providing a cost-efficient, managed digital identification and signature service for customers. The solution supports an ecosystem of mobile identities that enables and supports Advanced Electronic Signatures (AdES) standards for document signatures and authentication for all electronic transactions, including Internet banking, mobile banking, mobile payment, e-commerce and e-government applications. It also offers a standard interface to connect applications and online portals of all kinds to the Mobile ID service.
How Does it Work?
The Mobile User accesses a service which requires strong authentication or digital signatures. To get the user’s digital signature, the Application Provider sends a signature request to an MSSP. The MSSP delivers the request to the Mobile User’s phone, and the User authenticates or signs with their Mobile ID using a PKI Client. The signed request is sent back to the Application Provider through the same channels.
Kiuru MSSP provides a secure, and user-friendly software platform for Trusted Service Providers (TSPs) to implement and deliver managed digital signature services to application providers.
Modular by Design
The MSSP platform binds together the PKI infrastructure including identity registration and verification, certificate management, cryptography operations, wireless communication, monitoring and event recording.
The platform contains a HomeMSSP with built-in OTA, an application facing Acquiring server, a Management server, an app server and a signature activation module (SAM).
Service Oriented Architecture
The Kiuru MSSP platform comprises of two main functions: Connectivity services and MSSP services. Connectivity services provide industry standard RESTful and SOAP APIs to access mobile signature services and service administration. MSSP services provide the digital signature services consumed through the connectivity APIs.
Our PKI clients are available under the Alauda brand. Alauda PKI clients are at the core of the signature process of Mobile ID. A user can access Mobile ID with either the Alauda applet or the Alauda smartphone app.
Alauda P38 Applet
Alauda P38 Applet is an secure signature creation application on the Mobile User’s SIM card.
In order to enable the User to sign incoming requests, the Alauda client generates a PKI key pair on the User’s SIM card. The public key is sent to the User’s HomeMSSP, while the private key stays on the card. When the key pair has been bound to the User’s identity, the User can use Alauda P38 to sign requests with their PIN-protected private key, and the HomeMSSP can verify the signatures with the User’s public key.
Alauda P38 is currently the only PKI Client Applet on the market whose source code is available for licensing. This enables completely adaptable integration and auditing.
Alauda PBY app
Alauda PBY app is a secure signature creation application for smartphones. Signing with the app works in a similar way to the Alauda P38 client.
Alauda PBY app uses a server-side Hardware Security Module (HSM) to manage the signing keys. The signing keys are generated by the HSM and split between the HSM and the app. The app supports using signer defined PIN or biometrics to ensure sole control of the signing keys and to create digital signatures.