2010 MSWG Report
Asia PKI Consortium
Wei-Chung Hwang
Co-Leader of MSWG
Taipei
Oct. 27, 2010
1
Agenda
 2010 Work Report
 Survey on Mobile PKI/e-Authentication
 Scope of survey
 Results of survey
 Case study
 Summary & Conclusions
 2011 Work Plan
 Feasibility study of “Common PKI Framework” for
Trusted Service Manager of Mobile NFC
 Joint Conference with APSCA (Asia Pacific Smart
Card Association)
 New Business & Other Business
 Adjournment
2
PKI & Mobile Security in ICT Security
According to IDC，among the market of ICT Security，the “mobile security”
shows to has to highest growth rate， in 2008 th CAGR is 17.0%，and in
2011the CAGR will hit 32%，market size approaches 4 billion USD
0912CAGR
20%
Vendor
Alcatel-Lucent
Kaspersky
McAfee
Microsoft
Mobile Security
Sophos
CAGR=17.0%
Vendor
Cisco/IBM
Secure Computing
SonicWALL
CheckPoint
2009 worldwide ICT Security Market
Mkt Size=$1,312M
15%
Others
10%
CAGR=11.1%
Mkt
Size=$719M
Vulnerability
Mgt
CAGR=12.1%
Vendor
Vendor
ArcSight/CA
Symantec/NetIQ/
netForensics
Symantec
McAfee
Trend Micro
WebSense
Mkt Size=$2,781M
Auth & Access
Control
CAGR=7.6%
Market
Size=$3,589M
Vendor
CA/IBM
VeriSign
RSA/SafeNet
$5,000 M
Security Service
Content Security &
Threat Mgt
CAGR=9.7%
Market
Size=$18,938M
$20,000 M
3
Scope of Survey
India
11 Operators
Chinese Taipei
4 Operators
Korea
3 Operators
China
3 Operators
Hong Kong
5 Operators
Survey on Mobile
PKI/e-Authentication in
Asia Area
APEC TEL PKI/e-Authentication
Training Program
Other Asia Countries
4 countries/
22 Operators
Middle America
3 countries/
9 Operators
East Europe
3 countries/
9 Operators
4
Results of Survey – APKIC (1)
Country/
Region
Operator Name
Chinese
Taipei
CHT
9,181K
VIBO
1,300K
Taiwan Mobile
6,390K
FareastTone
6,250K



-

SK Telecom
23,830K

Password, NFC
KT
14,712K

Password, NFC
8,527K

Password, NFC
Security Trading
Korea
LG Telecom
Doorikey
China
Hong Kong
# of
subscribers
Usage of Mobile
PKI
*
CSL
1,350K





SmartTone
1,139K
*
497,000K
China Unicom
141,000K
China Telecom
41,000K
Peoples
3
HKT
493K
12,000K
1,601K
STK, OTP, Password, NFC*
NFC, STK, Password
STK, Password
STK, Password
OTP
-
China Mobile
Other e-Auth Mobile App


STK, Password, NFC
STK, Password, NFC
STK, OTP, Password, NFC
5
Results of Survey – APKIC (2)
Country/
Region
Operator Name
India
BSNL
Reliance
Tata Indicom
Tata Docomo
Airtel
Vodafone
IDEA Mobile
UNINOR
Aircel
MTS
MTNL
# of
subscribers
Usage of Mobile
PKI
Other e-Auth Mobile App
STK,OTP, Password
550,000,000

6
Results of Survey - Other Asia Countries
Country/
Region
Operator Name
Thailand
TOT
CAT
True Move
DTAC
AIS, …
Vietnam
FPT
Viettel
VNPT
Vietnam Mobile
Brunei
DSTCom
B-Mobile
# of
subscribers
-
>130,000,00
0
400,000
>100%
Usage of Mobile
PKI

Other e-Auth Mobile App
OTP, Password
STK, OTP


OTP, Biometric
7
Results of Survey (Middle America)
Country/
Region
Operator Name
# of
subscribers
Usage of Mobile
PKI
Other e-Auth Mobile App
Nicaragua
1. Movistar
2. Claro
2,500,000

STK, Password
Dominican
Republic
1. Orange
2. Claro
3. Viva
3,000,000
4,500,000
1,000,000

Password
Panama
1. Movistar
2. Cable & Wireless
3. DIGITEL
4. Claro
1,500,000

OTP, Password
8
Results of Survey (East Europe)
Country/
Region
Operator Name
# of
subscribers
Bulgaria
1. MobilTel
2. GloBul
3. VivaCom
5,000,000
2,300,000
3,200,000
Czech
Republic
1. Telefonica O2
2. C2
5,257,000
Poland
1. Polkomtel
2. Orange
3. ERA
4. PLAY
Usage of Mobile
PKI
Other e-Auth Mobile App


STK, Biometric, Password,
NFC, RFID
45,000,000

9
Summary of Survey
Password
9
8
7
STK
6
5
4
NFC/
RFID
PKI
OTP
3
2
1
0
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
Password
STK
OTP
NFC/
RFID
PKI
Mobile e-Authentication by
countries/regions
Mobile e-Authentication by
Operators
(APKIC/APEC TEL Training
Members)
(Only APKIC Members,
exclude India)
10
Conclusions
 Expense in 2010
 No
 Mobile e-Authentication in Asia Areas
 Methods for Mobile e-Authentication
• STK and Password is still the major e-authentication method
for mobile applications
• Mobile NFC application is getting more and more popular
among APKIC members
• Biometric Identification is mostly used in e-passport
• Mobile PKI applications is still not mature, because there is no
common standard to enable PKI in mobile handset
₋ For users, not so convenient to use PKI over handset
₋ For service provider, it’s hard to support so many handset in
market
₋ But actually some of the other methods already use PKI as
it’s fundamental infrastructure (E.g. TSM in NFC)
 Payment (wallet, banking, credit card) is the most popular
mobile application
11
2011 Work plan (1)

Study the Feasibility of a “Common PKI Framework” for
Trusted Service Manager of Mobile NFC in Asia
CA1
CA2
CA n
Common PKI Framework for Mobile TSM
 Need participants (mobile operators, payment service
providers, …) to work together
 Chinese Taipei: Chunghwa Telecom, Bankers Association, …
 The project will not kick off unless we have participants from
other members
12
2011 Work plan (2)
 Joint conference with APSCA
 Title: Mobile eID & Security
 Objective
to discuss new applications for digital online transactions
explore applications for eGovernment services &
financial services
search for new potential mobile applications that can
utilize PKI infrastructure
 Tentative Venue & schedule
The week of 3/28 or 4/4, 2011@Taipei
 Total budget
20,000 USD
 One kick-off meeting and one work group meeting for the
“Trusted Service Manager” project (if needed)
 “Mobile eID & Security” joint conference
13
New Business &
Other Business?
14
Thank You!
For any further inquiry and discussion,
please contact:
Wei-Chung Hwang
+886-3-5914604
[email protected]
15