The UAE is taking a further step towards enabling secure mGovernment services via the ‘Trusted Security Manager’.
As the Federal Governement embarks on journey to achieve 100 per cent success for implementing mGovernment the road ahead and onus, is to ensure ‘security’ of the data that will be transmitted by users in the UAE to meet its end objective within the assured safety parameters.
Khaleej Times analyses the impact of mobile-goverment, or mGovernment and its strategy to ensure the users adopt the virtual world with ease and comfort. “Our top most priority is to boost the adoption rates from the real world to virtual world and pass on its benefits to customers in terms of saving both cost and time for the users while applying the highest security measures,” Eng Tariq Al Hawi, aeCERT director and the chairman of the consultancy committee for the National Trusted Service Manager, or NTSM, project told Khaleej Times in an interview.
The UAE is taking a further step towards enabling secure mGovernment services via the ‘Trusted Security Manager’. The TSM is the independent, trusted party that facilitates and enables information exchange between service providers (such as governments, banks, transport operators, retailers and others) and mobile network operators.
It facilitates the infrastructure that makes it possible to offer services through a mobile network. This intitiative is currently planned by a consortium of nine members Prime Minister’s Office, Nesa (National Electronics Security Agency), Eida (Emirates Identity Authority), MoF, MoJ, Central Bank, etisalat and du.
TheTelecommunications Regulatory Authority has increased its efforts to ensure a safe and secure transition towards the implementation of mGovernment services for all UAE government entities. The keyword is trust. A TSM is key in creating a trust-worthy infrastructure. There are many stakeholders involved in an TSM ecosystem implementation. Not all components are necessarily visible to all stakeholders, and no direct trust relation exists between all of them. The TSM facilitates trust, and ensures that each stakeholder can deliver their services to their customers in a trustworthy and interoperable way.
The TRA has started holding preliminary workshops where different topics on the strategy, roadmap, business model, technical architect, were discussed in order to ensure that the recommendations put forward by all concerned parties are incorporated into the implementation phase and that a shared vision and clear action plan is established going forward.
The TSM has a main functionality of facilitating the secure loading of personalised data from service providers to Secure Elements in mobile devices. It will allow users to use a wide variety of mobile services in a secure and trusted way, like mGovernment, remote and proximity payments and transport. Further, the national TSM in the UAE will create an interoperable platform between the players in the mobile arena.
Currently the consortium in the preliminary phases of implementation where the blue prints and technical architect are defined and the appropriate implementation vendor to be selected. Centralised TSM is expected to solve integration issues as well. A legal base is to be developed based on required laws and policies.
Benefits
*The end user will be able to make quick and easy NFC (Near Field Communications) payments by simply waving the phone at a payment terminal.
*The end user will be able to access (governmental) services in a secure way that keeps sensitive account data private.
*The end user will be able to collect loyalty points, redeem coupons and enjoy promotional offers straight onto their mobile phone.
*NFC will bring a new dimension to mobile commerce by changing the end user’s shopping experience. This will give a secure infrastructure that allows mobile services to be offered through a mobile phone or device in a secure way.
Roadmap
However, regardless of the model being used TSMs should have following abilities: to involve in high-numbered partnerships and contracts; to maintain good reputation of service security and to have a trusted image within the mobile ecosystem.
The need for a TSM emerges for several reasons. first of all, any application that requires access to personal information should be handled with care. Personal information on mobile devices should be stored in a secure element (sim cards, memory cards).
Provisioning the security of personal information is the major role that the TSM plays. It restricts access to applications and data to only those that have authority to access it. Security of key management processes takes place for data handling.
Critical role of TSM
In the complex environment of mobile sector where numerous parties active involvement and harmonious collaboration is essential, TSM plays a key role of coordinating the interests of different players without interfering in the business procedures and, at the same time, ensuring users’ data security and privacy. To enable Mobile Government and Mobile Payment, virtual cards and information need to be stored in the mobile phone.
From a consumer perspective it is essential that personal information (ID, credit card, licence, etc) in his/her mobile phone cannot be misused (e.g. hackers). So, personal information needs to be stored in a secure chip on the mobile phone. With the use of a Trusted Service Manager, the consumer can trust that his/her personal information is securely stored in his/her mobile phone. When a consumer loses his phone, the Trusted Service Manager can easily block access to the phone and load the data to another phone, the consumer purchases. This is much easier than for instance blocking and replacing cards in his physical wallet.
— sandhya@khaleejtimes.com