mobile identity - assets.kpmg · india ending july 2013 37 per cent growth in global 3g suscribers...

Mobile identity Mobile solutions that

cut through generations

kpmg.com/in

c | Mobile Identity

Mobile Identity

Contents

01

02

03

04

05

06

07

08

Executive Summary

Foreword

Penetration of mobile devices and the increasing usage of mobile internet

Can the mobile phone become a growth vehicle for all generations?

Mobile Identity to digitise services

5.1 The concept of Mobile identity

5.1.1 Mobile Digital Signature (Wireless PKI)

5.1.2 Encrypted SMS

5.1.3 Form Factors - Cryptographic SIM

5.1.4 Form Factors - Cryptographic or Encryption SD Cards

5.1.5 Form Factors - Slim SIMs and SIM Extensions

5.1.6 Form Factors - Secure Element in the Phone

Mobile identity to bridge the technology divide through convenient and mobile solutions

6.1 Simplifying daily routines

6.1.1 Making public transport cashless and hassle free

6.1.2 Mobile devices for authentication

6.1.3 Documentation Related Activities

6.1.4 Enabling access to VPN without proprietary devices

6.1.5 Health Related Services

6.1.6 Providing simple solutions to complex national initiatives

6.1.7 Turning mobile phones into a common delivery outlet

6.1.8 Putting governance in a citizen's pocket?

6.1.9 Reaching out to the Unbanked

6.1.10 Banking with ease where no banking has happened

Other innovations in the mobile authentication space

Takeaways and the way forward

01

02

03

05

09

10

11

13

13

14

14

14

15

17

18

18

19

20

20

21

21

22

23

23

25

27

© 2014 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

Mobile Identity | d


1 | Mobile Identity

Executive Summary1

With mobile penetration estimated to include 72 per cent of the Indian population by 20161, it presents tremendous opportunities for government agencies and private firms to optimally utilize this medium.

However, before we move ahead, it is imperative to thoroughly study the dependencies in utilizing this medium. Penetration of mobile devices in the semi-rural and rural areas, development of secure and internet independent mobile applications, seamless interbank payment gateways and a robust regulatory framework have been identified as some of the critical success factors.

The ever increasing computing capabilities of mobile phones ought to be harnessed in transforming the way we securely interact and transact in the digital world. With the increasing need of security over payment gateways, especially over mobile devices, wireless Public Key Infrastructure (PKI) seems to be the apt solution to facilitate this.

Introduction of digital signatures with a digital signature certificate has helped the development of various solutions for authenticating and signing of documents/transactions which can help assure a high degree of confidentiality, integrity, authenticity and non-repudiation. Making digital signatures available on mobile based encryption technologies offers huge potential. Such combinations can certainly be used to provide secured mobile based transaction options for various essential activities - mHealth, mCommerce, mGovernance etc., are just tip of the iceberg. A strong ecosystem is formed by the coming together of regulators from telecom, banking, and technology service providers. This can play a crucial role in transforming the landscape and helping the country power ahead with the smartphone revolution.

1. http://www.cnbc.com/id/49294794; Oct, 2012


Mobile Identity | 2

Foreword2

This paper examines non-traditional features that a mobile device is capable of providing, which can assist in the object of seamlessly transitioning India into the technology world, regardless of age and technology generations. Specifically it examines the possibilities of leveraging a mobile identity enabled through digital signatures in various spheres such as banking, document signing, and governance.

The last decade has been an exciting time for the Indian market which witnessed a GDP growth of 9.2 per cent CAGR (for the decade 2001-20111) with information technology being one of the critical enablers to achieve this. However, sustaining the growth requires amongst others,bringing to market, simplified and robust technology solutions. These solutions should be able to cater to the requirements of all age groups and social strata. Implementation of public welfare schemes directed to specific segments, expanded reach of governance schemes, and financial inclusion for the unbanked are some of the key government initiatives that are in various stages of implementation. All these initiatives need an effective delivery platform that can help ensure optimum utilization of public resources. The solutions should also be designed to prevent information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Mobile technology is considered to be a key enabler to achieve this objective with some of the leading enterprises and government institutions becoming stakeholders in mCommerce and mGovernance initiatives. Any security related issues resulting in fraud have the potential to undermine public confidence in the use of electronic products which can impact their usage. Consequently, necessary measures to strengthen security have to be taken as attacks are growing in scale

and sophistication. In order to secure electronic documents and transactions and to help ensure legal compliance, digital signature certificates are the way to go.

Mobile penetration is estimated to encompass 1 billion Indians by 20162. In addition to this the smart phone penetration is estimated to have a 52 per cent growth year on year in India3. Globally Tablet PCs (more commonly ‘tablets’) are predicted to be the next big thing. In less than a decade of being introduced, the tablet shipments have surpassed the shipments of PCs and Notebooks4. The world is moving into a technology convergence of internet and mobile phones. Companies, countries and societies who lead this smart phone revolution could be the leaders of tomorrow. Smart phones and tablets with high speed internet capabilities could become ubiquitous, leading to newer mobile based services for the users with such high end computing devices.

There are a plethora of fields in which mobile devices have improved and enhanced lifestyles. Mobile phones have evolved to such an extent that transfer of funds can be completely done using mobile applications. Millions of books can be accessed ‘on the go’ using cloud based applications installed on mobile phones and tablets. Strong developer ecosystems churning out secure easy-to-use applications have helped organizations and nations disrupt traditional business models.

With the reasonable price points set by handset manufacturers, a variety of solutions can be made available using this medium to a wide user base. However, such solutions should not be limited only to techno-savvy generations which are traditionally the early adopters, but also should cut through all ages and technology generations embracing the late adopters by bringing in security and

simplicity, thereby realizing the true potential of technology. This means that the advancements and the solutions should percolate to a wider user base of older generation feature phones. To achieve this in India, it is important to lead the smart phone revolution by shifting the innovation gears, bypassing normal technology adoption routes, and not limiting ourselves only to incremental improvisations. Cheaper tariffs offered by telecom service providers, reasonable handset prices and expansion of telecom infrastructure to newer geographies have contributed to India being inducted into the leader board of the telephony world5. While smartphone adoption is on the rise, feature phones are still dominating the Indian markets. To cater to this wider user base of late technology adopters, there should be mobile solutions in place which are easy to use and safe to transact. For example, a 4-digit PIN, rather than a lengthy and complex username and password for authenticating a transaction is what India needs for its citizens to adopt convenient solutions such as mobile banking.

Some critical success factors can be identified to succeed in this smart phone revolution. These factors include penetration of mobile devices, development of secure device independent mobile applications, seamless interbank payment gateways and a robust regulatory framework.

1. Page 1, section 10.2, http://indiabudget.nic.in/es2012-13/echap-10.pdf

2. Gartner Says India Mobile Services Market to Reach US$30 Billion in 2016, http://www.gartner.com/newsroomid/1963915

3. http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013

4. http://www.idc.com/getdoc.jsp?containerId=prUS24314413; Sept 2013 http://www.computerworld.com/s/article/9242344/Tablet_shipments_will_surpass_desktops_and_laptops_in_Q4; Sept 2013

5. KPMG Analysis


3 | Mobile Identity

Penetration of mobile devices and the increasing usage of mobile internet3

With rapid strides in Information and Communications Technology (ICT), mobile connectivity has become commonplace. Reduction in handset costs, introduction of low end smart phones for the masses, expansion of telecom infrastructure to newer geographies and low call rates have led to an exponential growth in mobile phone penetration in India in the last decade. The call rates in India currently stand amongst the lowest in the world at USD 0.02 against a global average of USD 0.1253.

The internet has widely been adopted by organisations and customers alike as an alternate channel for the execution of financial transactions. The mobile phone with its widespread reach is a more convenient and cheaper channel for these activities.

Source: Indian Telecom Services Performance Indicator Report – October 2013 (TRAI), Telecom Subscription Data as on 31st July 2013 (TRAI)

2

1

870 million Wireless subscription in India ending July 2013

37 per cent Growth in global 3G suscribers since 2012

350 million Rural mobile subscribers in India ending July 2013

143.2 million Mobile internet subscribers in india as of March 2013

Average Revenue per User (ARPU) an indication industry's performance indicates that India is among the lower in the world when it comes to revenues per customers and it about one-third of that of china

According to World Bank a 10 per cent increse in the broadband penetration increase GDP of a developing country by 1.38 per cent

1. Indian Telecom Services Performance Indicator Report – October 2013 (TRAI), Telecom Subscription Data as on 31st July 2013 (TRAI)

2. Christine Zhen-Wei Qiang and Carlo M. Rossotto, IC4D: Extending Reach and Increasing Impact,Chapter 3: Economic Impacts of Broadband, GICT Dept. World Bank, p. 45 (2009). See also Yongsoo Kim, Tim Kelly and Siddhartha Raja,Building Broadband: Strategies and Policies for the Developing World, GICT Dept. World Bank (Jan. 2010),available at http://siteresources.worldbank.org ONANDCOMMUNICATIONANDTECHNOLOGIES/Resources/282822-1208273252769/Building_broadband.

3. http://www.nationmaster.com/graph/med_ave_cos_of_loc_cal-media-average-cost-local-call; 2013


Mobile Identity | 4

Penetration of mobile devices and the increasing usage of mobile internet

The growth of a wired user base in India has been negative with nearly 1 per cent reduction in the urban users between June and July 20134. There is an increasing trend for people to move from landline phones to mobile phones. This switch can easily be attributed to the convenience and mobility that

mobile phones bring along. Such increased usage of mobile phones, mobile based internet connections and the increasing trend towards smartphone usage should be leveraged to build an amazing array of services which do not currently exist.

4

4. KPMG Analysis


5 | Mobile Identity

Can the mobile phone become a growth vehicle for all generations?4

It is interesting to note that computing capabilities of today’s smart phone can be compared to that of Apollo 11 which took man to the moon in 1969. The average smart phone today with a 1.5 GHz dual-core processor costs around INR 5000 (i.e. less than USD 100). In comparison, the Apollo 11's guidance computer was a snail-like 1.024 MHz1 processor and costed USD 355 million2 even in 1969 (equivalent to USD 1.75 billion today). Smart phones today

are being used to create capable yet inexpensive satellites. According to a recent press release by NASA, three prototype smart phone based satellites have been launched3. However, in a country like India, are we really utilizing the smart phone to the fullest? And can it become an instrument which offers solutions that cut through technology generations? The following facts can provide an answer:

As of July 2013, mobile subscriber base in India had reached

870 million.

The smart phone market in India is expected

to grow 52 per cent year on year.

Currently India is said to have approximately

70 million smart phone users which is expected to grow to

160 million in the next couple of years.

1. http://downloadsquad.switched.com/2009/07/20/how-powerful-was-the-apollo-11-computer/; July 2009

2. http://www.asi.org/adb/m/02/07/apollo-cost.html

3. http://www.nasa.gov/home/hqnews/2013/apr/HQ_13-107_Phonesat.html; April 2013

4. http://deity.gov.in/content/framework-mobile-governance; 2013

5. http://gadgets.ndtv.com/mobiles/news/ericsson-sees-india-smartphone-market-touching-52-crore-units-by-2020-520943; May, 2014

6. http://indianexpress.com/article/opinion/columns/this-election-internet-will-impact-urban-india-next-polls-it-wont-be-urban-india-but-india/; May 2014

“

“

“”

”

”5

4

6


Mobile Identity | 6

Putting things into perspective, we have the computing capabilities of 70 million Apollos in India. Such computing capabilities ought to be harnessed in transforming the way we securely interact and transact in the digital world. To this, if we can add backward compatibility to include the older technology generations in this growth and transformation story, it would further strengthen the case.

Globally there are numerous examples where smart phones are used to simplify daily routines.

• In the city of Munich, Germany, the public transport system is managed by MVV7, which encompasses the train (U-Bahn, S-Bahn), tram and bus networks. A mobile application ‘MVV Companion’ is available for all popular smart phone platforms. This application uses location identification services on the smart

phone and helps the user to find the fastest available public transport to reach the desired destination in real time. The application also provides interactive maps for walking directions and estimates the travel time. There are interactive features available where the user can provide details about any delays in the transit system to other users.

• The story of public transport in Singapore is similar. To make public transport convenient, information and updates are readily available on the go and are accessible through a host of internet-enabled smart phones or mobile devices8. A real time bus arrival information system provides arrival times and other updates to users via SMS.

• The possibility of using your phone to scout for cars around you which are available on rent for the next

couple of hours, unlocking the car using the phone, using the car and leaving it at another corner of the city seems to be out of a science fiction movie. However, in countries such as the U.S. and a leading automotive manufacturer, through its mobile application has made it become a reality through the usage of smart phone applications

• Near accurate weather forecast applications on the smart phone, allow the users to be better prepared to face the weather conditions on a daily and hourly basis.

• Cellphone aplications9 can create a trend from the usage patterns and pop up useful information time to time even before the user tries to access this information on the phone.

7. http://www.mvv-muenchen.de/en/journey-planner/mobile-services/index.html

8. http://www.publictransport.sg/content/publictransport/en/homepage/mobile.html

9. http://www.google.com/landing/now/

10. http://www.nielsen.com/content/dam/corporate/india/reports/2012/Featured%20Insights_Smartphone-%20The%20Emerging%20Gadget%20of%20Choice.pdf

Source: Nielson Informate Mobile Insights10

Activites of Smart Phone Users in India


7 | Mobile Identity

Based on the Nielson Informate Mobile Insights, the maximum usage of smart phones in India is for social networking and other forms of entertainment. Productive usage such as banking and finance, travel and mCommerce is yet to match the levels experien ced in some of the developed economies Approximately 7 per cent of the mobile phone subscribers in India use smart phones11. Given this fact, while we do have a strong 870 million subscriber base for mobile users, the usage of mobile phones is still restricted to the very basic transactions of making and receiving calls.

As we are staring into a smart phone and tablet revolution, the time is ripe to utilize the power of existing and rapidly growing 70 million smart phones11. The time is ripe to create a digitally active society, to lead the revolution from the front and to become the leaders of tomorrow.

Mobility is the key to progress today and the mobile Indian must have a mobile identity that can be verified anywhere and everywhere within the country.

- Nandan Nilekani

“

”

Smart phones could be a game changer by provideing simple solutions for various upcoming initiatives. Aadhaar enabled payment system is one such example where a smart phone can provide the last mile reach. Having mechanisms that provide backward compatibility with features phones can enable providing a convenient and mobile solution for all technology generations and social strata.

Source: Aadhaar Enabled Service Delivery, February 201211. KPMG Analysis


Mobile Identity | 8


9 | Mobile Identity

Mobile identity to digitise services5

In the real world people have an identity and this identity is usually represented with a physical signature. This has been the norm for ages with various forms of representation from seals during the monarchy to signatures today to establish the identity and the intent of the person signing. Signatures are unique to every person and considered legally valid for various transactions. With digitisation creating a parallel digital world, the identity for people has become their user names and passwords. However, security of such authentication mechanisms has been a point of debate for quite some time now as they have been proven to be replicable. Also these are not considered valid legally.

Digital signatures are the electronic equivalents of physical signatures possessing the same qualities of being legally valid and being unique to an individual. As per the Indian IT Act 2000, digital signatures are a legally valid mechanism and all requirements of authentication by affixing signatures are deemed satisfied if a valid digital signature is used. The digital signature is the digital identity of an individual.

Till date, one of the most common methods to use digital signatures was by storing them on portable USB devices and carrying them around for portability. However, using the advanced technologies and ecosystems today, we could achieve the portability of digital signatures by storing them on mobile phones. Mobile phones bring along mobility and convenience. These properties, given the huge growth potential of the mobile phone market in India, should be channelized to empower users to utilize the mobile phone for various transactions. Simple solutions can be provided to users which could have a very high impact. One of the key enablers to make this succeed is to provide the users with a ‘Mobile Identity’. Such a mobile identity should be legally accepted and should enable the user to execute various routine transactions ‘anytime, anywhere’ without compromising on the security aspects.


Mobile Identity | 10

5.1 The concept of Mobile identity

In the physical world the signature of a person is legally recognized and indicates his/her authorisation. The physical attributes, Government issued documents, etc. prove the identity of a person. To transact, we use a combination of these two attributes. Identity and authentication mechanisms are thus critical to securely execute transactions. In the digital world, digital signatures substitute the physical signature of a person and are legally accepted in India. Government and private issued documents are being stored digitally as a part of various initiatives such as filing IT returns, contract notes for broking and Know Your Customer (KYC).

'Information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person. Then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government'– Indian IT Act 2000

RBI has advocated the necessity to implement a robust and dynamic two-factor authentication mechanism for carrying out critical transactions such as funds transfers through user

id/password combination and second factor like (a) a digital signature (through a token containing digital certificate and associated private key) (preferably for the corporate customers) or (b) One Time Password (OTP) / /dynamic access code through various modes (like SMS over mobile phones or hardware token)1. Identity and authentication mechanisms are thus critical to securely execute transactions.

To execute secure and legally acceptable transactions in a mobile ecosystem, these identity and authentication mechanisms have to be embedded in the mobile phone. Creating a mobile identity would involve bringing together encryption technologies and digital signatures into a single ecosystem. Established communication technologies such as encrypted SMS can provide a secure data transmission mechanism which is device and internet connection independent.

Encryption technologies are being looked upon as a key driver to provide such mobile based financial transactions. In his opening speech on taking over as the Governor of the Reserve Bank of India on 4 September

2013, Dr. Raghuram Rajan emphasized setting up a technical committee on the feasibility of using encrypted SMS based fund transfer mechanisms.

There is substantial potential for mobile-based payments. We will set up a Technical Committee to examine the feasibility of using encrypted SMS-based funds transfer using an application that can run on any type of handset. We will also work to get banks and mobile companies to cooperate in rolling out mobile payments. Mobile payments can be a game changer both in the financial sector as well as to mobile companies.

- Dr. Raghuram Rajan, Governor, Reserve Bank of India2

“

”

1. Report of the Group on Enabling PKI in Payment System Applications, RBI, January, 2014

2. http://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=29479


11 | Mobile Identity

5.1.1 Mobile Digital Signature (Wireless PKI)

Introduction of digital signatures with digital certificates has helped the development of various solutions for authentication, verification and signing of documents which helps assure a high level of confidentiality, integrity, authenticity and non-repudiation. Asymmetric cryptography comes with a ‘Private Key’ and ‘Public Key’ pair3. Information encrypted with a public key can be decrypted only with the corresponding private key and vice versa. The key pairs are unique, and no two individuals will have the same public-private key pair. Whenever a sender wants to send information, he/she uses the public key of the recipient to encrypt the information. In this way only an authenticated recipient can decrypt the information because only such a recipient has the corresponding private key. Also, whenever a sender

wishes to ensure that the recipient is assured the message/transaction has not been tampered with and is indeed sent by him/her, he/she shall sign (encrypt) the message with his/her private key.

Such keys are issued by a Certifying Authority (CA) which is an independent authority that issues, records, and tracks Public-Private key pairs (i.e. digital signatures). To validate a key, the recipient retrieves the sender’s digital certificate and checks if the same is from a trusted CA. At the central location of the Certifying Authority, a Certificate Revocation List (CRL) is maintained to manage the revoked certificates. The implementation of PKI credentials (private, public keys) using secure hardware crypto tokens is capable of withstanding trojan attacks apart from other type of vulnerabilities4.

The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents.

- Controller of Certifying Authorities - CCA

“”

3. KPMG Analysis

4. Report of the Group on Enabling PKI in Payment System Applications, RBI, January, 2014



In India, the Controller of Certifying Authorities (CCA) approved CAs have the license to issue legally recognized digital certificates (i.e. a certified pair of public-private key) that can be used for ‘signatures’5.

The proliferation of mobile devices offers huge potential for using mobile devices to store and use digital signatures. Such solutions would reduce the requirement of carrying an additional hardware device and also bring down the risk involved in the device getting misplaced or lost. Mobile digital signatures could provide users with the ability to authorize transactions ‘anytime, anywhere’. Being legally accepted in India, such mobile digital signatures could provide a viable mechanism for widespread use of digital signatures for establishing identity and authentication in digital world. Mobile digital signatures can thus provide customers and service providers a legally recognized method of electronic transactions that fulfill confidentiality, integrity and non-repudiation aspects.

Such Mobile Digital Signature enabled devices store the user’s private key on the mobile phone using various embedding technologies. Specially designed applications can trigger this locally stored private key to digitally sign transactions that the user selects. Such a scenario brings up questions around the security of the private key and the possibility of it being exploited by malicious applications as in the case of standard hard/ soft tokens. Encrypting the private key, while storing it on the mobile device, is a viable solution to secure the private key. Cryptographic SIMs, Secure SD Cards, and Slim SIMs are the various initiatives in advanced phases of research to provide secure data transmission from a mobile device.

Essentially, a digital signature addresses following requirements:

5. http://cca.gov.in/cca/index.php



5.1.2 Encrypted SMS

5.1.3 Form Factors - Cryptographic SIM

SMS is still one of the popular modes used for communication over mobile phones. Smart phones with internet connection over mobile network have created a new mode of communication using text messages through various mobile applications. However, feature phones still are a strong user base of SMS services through the volumes. Using SMS as a channel to execute transactions needs some development over the regular usage pattern. Being a stateless communication protocol, every message sent through the SMS channel is independent to other messages6. Encrypting SMS channels has come out as an effective mechanism to secure data shared over SMS and this can be developed further to provide secure communication mechanisms over the SMS channel. Such encrypted SMSs are coming into the foray due to increased incidents of SMS spoofing and message

interception. The Reserve Bank of India (RBI) through its ‘Report of Working Group on Electronic Banking’ identifies SMS spoofing as an emerging information security attack that banks should safeguard its customers against.

In addition to a cryptographic SIM, data can be securely stored and transmitted from a mobile phone using mechanisms such as Slim SIM, Cryptographic or Encryption SD cards or having a secure element in the phone handset itself. A few of these technologies are in the advanced stage of commercial development and have been listed in the following sections.

The SIM card is a critical component in the mobile phone. It acts as the physical layer to transmit data and voice across networks. SIM cards are device independent and are controlled by the telecom operators. TRAI regulations in India insist on a large number of compliances to be adhered to by the operators while issuing the SIM to a user. A lot of development has happened in the SIM card industry too. The size of the SIM card has reduced to create Micro and Nano SIMs helping in reducing the size of the mobile phone. Cryptographic SIMs add a Secure Element (SE) to the SIM itself thereby securing the physical layer of the mobile phone. A cryptographic SIM has a hardware crypto processor, a SIM OS and a secured storage space. Embedding digital signatures on such SIMs can provide a secured mechanism to store the private key of a user and provide him/ her with a secure portable device that has other usage too. Specially designed applications can enable information exchange between the phone interface and the Cryptographic SIM6.

Globally, mobile phones use certain SIM standards. SIM Application Toolkits (STK) are being used to securely provide value added services and eCommerce to users. A SIM toolkit enables the SIM card to initiate commands independent of the mobile handset and the cellular network used by the user7. Such innovative mobile based authentication system can enable the user to execute transactions from his/her mobile phones. Wireless PKI through cryptographic SIM cards and mobile digital signatures would help in facilitating a device and internet connection independent solution, which can enable secure and legally recognized electronic transactions, including financial transactions6.

6. KPMG Analysis

7. http://www.gemalto.com/techno/stk/



5.1.4 Form Factors - Cryptographic or Encryption SD Cards

5.1.5 Form Factors - Slim SIMs and SIM Extensions

5.1.6 Form Factors - Secure Element in the Phone

Data can be securely stored and transmitted from a mobile phone using various mechanisms. Many of these mechanisms are in an advanced development stage. Cryptographic and Encryption SD cards are probably in the most advanced stage of development. This technology has been tested for critical activities such as encrypting mobile based emails. SD cards are another such form factor. They are also capable of storing high amount of data. There are various commercial

as well as home usage technologies available to encrypt SD cards and secure the data stored on them. Various open source solutions too are available to facilitate the encryption of SD cards8. Encryption SD cards have also been approved to handle classified information by regulators like German Federal Office for Information Security9.

The SIM card in a phone plays a very crucial role in mobile computing. It acts as the physical layer and helps in transmitting data from the phone. The SIM card has undergone various developments and now comes in various forms. SIM cards typically have low end processing capabilities which are intended primarily to facilitate usage of a PIN to use the SIM, store limited phone numbers, SMS settings, etc. While the widespread usage is limited to the normal SIM, the developments in the SIM technology can be utilized for executing secure transactions8. Besides the earlier discussed Cryptographic SIMs, Modern SIMs that allow applications to be loaded, Slim SIMs and SIM Extensions are the outcomes of such developments.

A Slim SIM is a thin wafer like extension that can be pasted on a regular SIM. This extension assists in enhancing the processing capabilities of the SIM. Such improvised SIMs can then be used to store and transmit data in a secure manner. Similarly, SIM extension is a technique where a regular SIM is reduced to the size of a micro SIM. This converted micro SIM is inserted in a jacket to bring it back to the original shape. The jacket has enhanced processing and storage capabilities thus enabling secure storage and transmission of data from a regular SIM. Research in this area shows that SIM extensions support newer technologies such as Near Field Communication (NFC) and other emerging paradigms8.

Near Field Communication (NFC) is probably the most talked about development in mobile phones and a few leading manufacturers are developing commercial mobile phones which are NFC enabled. While the contactless data transfer with another NFC enabled device is the basic concept, a lot of essential transactions such as payment, access control, etc. can be made possible. NFC-enabled phones make use of an application and other user information. This application and user information is encrypted and stored in a secure area in the phone. Utilizing the phone in such a manner

especially for financial transactions rely heavily on the secure element on the phone. Such secure elements on the phone are essential to provide secure execution of applications8.

8. KPMG Analysis

9. http://www.pcworld.com/article/160669/article.html

Mobile phone-based digital signatures can be a viable medium to enable widespread use of digital signatures. As these are usable in smart phones as well as features phones, the usage could be across the entire population of mobile phone users. Such mobile form of authentication and identification using mobile phones.



Mobile identity to bridge the technology divide through convenient and mobile solutions

6

Mobile identity mechanisms can facilitate a variety of applications which can transform the way we transact. Globally, a lot of development is seen in this space. Mobile Digital Signatures, Mobile Point of Sale devices and Near Field Communication are developments and technologies that can help lessen the risk in mobile based transactions while providing convenience and a cost effective infrastructure. These solutions are catering to the requirements of all technology generations and social strata.

The Republic of Estonia in Northern Europe in 2005 became probably the first country to open its local elections to the internet based voting platform. They have also been giving the citizens an electronic identity card1. The penetration of mobile devices in India coupled with technologies such as mobile based digital signatures can certainly help in adopting digital signatures on a much wider scale and also assist in inclusiveness. Moreover, the way these technologies function, it could provide with secure and device independent solutions. Users without a smart phone too can become beneficiaries of mCommerce, mHealth and mGovernance.

Mobile identity provides secure transactions with verification and authentication mechanisms. By using mobile identity based mechanisms, such services would not be limited only to smartphone users but would also be backward compatible to feature phones. Application development ecosystems can play a pivotal role in bringing out a variety of such solutions to simplify day to day transactions by developing applications which can be used across technology generations. As the Mobile identity ecosystem comprises of various entities which are governed by established bodies such as the Telecom Regulatory Authority of India (TRAI), Controller of Certifying Authorities (CCA), Reserve Bank of India (RBI) there is an underlying due diligence by more than one authority. This makes the digital signature based mobile identity ecosystem highly robust.

1. http://news.cnet.com/Estonia-pulls-off-nationwide-Net-voting/2100-1028_3-5898115.html; Oct 2005



A combination of technologies can help in providing huge benefits to the already mobile urban population. Mobile phones would be instrumental in transforming the way we transact in the public sector as well as the private sector. Applications using mobile identity mechanisms would play a key role in achieving the objective of seamlessly transitioning India into a technology world and help in increasing the quality of life. With backward compatibility for feature phones, such solutions would encompass the late technology adopters and cut across all age and technology generations. Can a mobile identification mechanism and ecosystem really support these aspirations? Given the ease of usage, convenience, due diligence at multiple levels, simple but effective authentication mechanisms and ability to become a single stop solution for multiple requirements, such a mobile identity ecosystem and solution certainly promises a lot.

History has established that the world has progressed through revolutions. Electricity, Automobiles, Railways, Industrialisation have all been revolutions. Technology revolutions in the near past have revolved around Computers, Internet and Mobile Phones. A smart phone brings together all these three technology revolutions together. To fully leverage the power of the smartphone, we would need services which bring along quality and convenience and for that to happen there is a need to establish a digital identity. Mobile digital signatures bring such a digital identity to smart phones and can empower the access of a wide range of services that was previously not possible. Such convenient and mobile solutions would certainly help in providing simplified solutions to a variety of complex daily routines. The scope for developing such applications is immense and here is a snapshot of what can be achieved in the short term.

2

2. KPMG Analysis



6.1 Simplifying daily routines

Innovation in products as exemplified by home automation system is a very good example of integrating various technologies and controlling various home fixtures and appliances at the touch of a button3. Tablets and smart phones can provide an additional layer to such technologies and make the integration of technologies more personalized, convenient to use and mobile. Smart phone-based applications can be used to identify the current location of a person, and the weather conditions at that location. This can provide inputs to the home automation system to set the air conditioner accordingly to help ensure that the user feels comfortable on reaching home. It can also be used to have his/her favorite track being played on the music system sensing heavy traffic on the route commuted.

Research has already reached advanced stages with such integrated technologies with leading smart phone manufacturing companies coming up with prototypes of ‘Smart Home’ technologies4. Such technologies are being built to control various technologies in the house using smart phones. Mobile identity mechanisms can help in building such solutions and also provide legally valid mechanisms for users to authenticate into the systems.

• ‘Plastic Money’ is widely used in the form of debit and credit cards. However, a few critical systems in India are still dependent on cash based transactions. Public transport systems, payment at road tolls, small grocery shops, smaller restaurants and eateries are examples where cash based transactions still persist and the adoption of card payments is low.

• Authentication mechanisms need the user to carry multiple devices and remember multiple complex user names and passwords.

• Essential governance related transactions such as applying for various certifications, filling tax returns, etc. are time consuming activities due to the multiple bureaucratic levels involved and the legal requirement of obtaining physical signatures at each of these levels.

• Monitoring mechanisms for critical nationwide initiatives such Polio Vaccinations is a cumbersome process for the authorities.

• Unavailability of access to banking infrastructure has led to a large section of the society still remaining unbanked.

Smart phones with embedded identity mechanisms can go a long way in simplifying such regular activities by providing a variety of convenient solutions. A mobile identity based ecosystem would assist in catering to such requirements of providing multiple solutions with a single device. It can attempt to ensure due diligence at multiple levels while providing simple and effective solutions.

3. http://www.eurekaforbes.com/Products/EFL_ilivingIntro.aspx?dtid=1

4. http://www.youtube.com/watch?v=L1XWzfvAGf0



5. Recommendations of Working Group on Urban Transport for 12th Five Year Plan http://planningcommission.nic.in/aboutus/committee/wrkgrp12/hud/wg_%20urban%20Transport.pdf

6. KPMG Analysis

7. http://www.pcworld.com/article/2036252/how-to-set-up-two-factor-authentication-for-facebook-google-microsoft-and-more.html; April 2013

6.1.1 Making public transport cashless and hassle free

6.1.2 Mobile devices for authentication

The twelfth five year plan has aggressive targets on public infrastructure development. The projected investment in Urban Public Transport System alone is estimated to be at INR2, 02, 628 crores5. Mobile enabled payment systems can make payment transactions much more convenient and user friendly. Mobile Point of Sale devices could be used in buses and train stations enabling commuters to pay using credit or debit cards. In India too there are organisations dealing with

mPOS solutions. Mobile identity mechanisms can enable mobile based funds transfers. Specially designed applications which work on encrypted SMS can enable users to execute such payment transactions without internet connections and assist in creating simple mPOS solutions which can be used by a larger section of the society.

It is interesting to note that a mobile device can also effectively function as a device for authentication reducing the multiple authentication mechanisms used such as secure ID tokens, complex user names and passwords, secure images, etc.

To access the plethora of online services available over the internet, the user has to log into various portals at different times of the day. A most commonly used authentication mechanism is the combination of a user name and password. Multiple online services bring along multiple user IDs and passwords. In order to have an additional layer of security, enterprises have come up with the solution of two factor authentication mechanisms such as secure tokens or SMS based authentication.

Given the proliferation of mobile devices in the country, the user need not carry additional devices such as secure tokens as the pass codes are sent to the user’s mobile device or can be generated using ‘soft token’ application on smart phones. An advantage to this mechanism is that the SMS travels through ‘out of band’ channels which do not require an internet connection6. Many banks have rolled out this service in the last few years. Tech giants such as Google and Facebook too have rolled out two factor authentication mechanisms which require mobile phones7. Google Authenticator is one such good example. Mobile identity mechanisms combining digital signatures and government approved identity would add a secure layer to all of these transactions and also provide legal validity for the transactions6.



6.1.3 Documentation Related Activities

Activities such as birth/death certificate issuance, income tax return filings, filing details with Government authorities such as MCA (Ministry of Corporate Affairs), insurance purchase or premium renewal, stock trading, etc. require identification and authentication of the users. Paper based forms are being exchanged between the user and the authorities as the primary mechanism to achieve this. These paper based forms are couriered/mailed across to various cities to satisfy the legal requirements on the transactions.

There was a major fire in the Mantralaya in Mumbai, the administrative headquarters of the state government of Maharashtra on the 21 July 2012. A similar fire had broken out in the Jammu and Kashmir Secretariat on the 11July 2013. Thousands of sensitive and important documents were destroyed in this fire. The reliance on paper based transactions is mainly because there are no mechanisms available with the Government offices to sign emails. NIC’s e-Office is being promoted by the Government. However, there is an urgent need to move to mobile based solutions. Many Government bodies are making efforts to go digital. Municipal Corporation of Greater Mumbai (MCGM) is one such Government body that has decided to go paperless from May 20138 using e-Office.

In the private sector, a major challenge businesses face is, time and resource crunch to process the documents sign-off in physical format. Signing off documents such as Form 16 for all employees, approval for expense claims, signing off contracts, etc. are a part of the business as usual. However, the physical availability of the signing authority increases in the delays. Also, as more and more organisations are moving towards being green and reducing the usage of paper, additional overheads are involved in such document sign offs.

All such paper intensive transactions can be digitised and mobile based digital signatures can be used to sign off the documents. There are efforts going on by various Government organisations to digitise documents to avoid losses incurred due to misplacement and natural disasters. Mobile phones can help in achieving this and also in reducing the turn-around time in execution of the transactions. Users can be presented with easy to use applications on their smart phones to execute these transactions. Mobile based identity mechanisms can satisfy the legal requirements of identifying and authenticating the users as well as the Government officers responsible for the process.

8. http://www.bmcmumbai.co.in/bmc/bmc-to-go-paperless-starting-from-may-1.html



6.1.4 Enabling access to VPN without proprietary devices

6.1.5 Health Related Services

Businesses are transcending horizons and expanding to newer geographies requiring solutions to enable working in geographically spread teams. Large organisations are able to provide its employees access to internal IT systems from public internet through solutions such as ‘Virtual Private Networks’. However, there are a lot of small and medium scale businesses which are not in the position to afford expensive authentication solutions, thus not able to provide its employees with convenient and mobile solutions. Capability of a generic device like a mobile phone to initiate a request for VPN access can be explored. Along with Secure ID tokens, digital certificates issued internally by corporate houses are used to access its Wi-Fi network as well as accessing

the internal services through an external public network. A mobile phone having cryptographic module in it can be leveraged to be used like a secure token without customizing the device. Mobile digital signatures can mitigate the legal constraints of the transaction and assist in facilitating non-repudiation9.

Public welfare, specifically the health sector is very crucial for a country like India. Access to medical facilities in remote locations is a known issue. India needs a simple and reliable system to improve child nutrition, reduce infant mortality and manage the needs of its elderly. This is becoming increasingly important due to the changing demographics. Education, remote data collection, remote monitoring, disease tracking, diagnostic and treatment support could be the key applications of mHealth10. Using the faster internet capabilities on mobile phones a lot of these applications can be optimally utilized. Smart phones and mobile identity mechanisms can help the country leapfrog in healthcare if the technologies are used innovatively.

Health Volunteers visit various remote areas of India to capture health related information of citizens so that proper medical aid can be provided to these people who do not have access to developed medical systems. Similarly, users in urban areas with medical history related to diseases such as diabetes, heart related ailments, etc. use multiple devices or visit medical facilities to capture vital health related parameters. Smart phone based applications would be able to capture certain basic parameters for the user by using the mobile phone which a user normally carries with him/her. In the backend it can inform emergency medical service providers if values with respect to certain health indicators are being breached. It could be similar to having a command centre monitoring the functional parameters and taking preventive measures in case any of the parameters are on the rise.

9. KPMG Analysis

10. http://www.vitalwaveconsulting.com/pdf/2011/mHealth.pdf



6.1.6 Providing simple solutions to complex national initiatives

6.1.7 Turning mobile phones into a common delivery outlet

The Government of India is driving quite a few initiatives to reach out to the citizens. Using technology would provide a larger reach to such initiatives. Mobile solutions would be instrumental in providing easy to use solutions to the citizens. Such solutions in the usual pattern require elaborate systems for implementation. A complex geographical landscape and high establishment costs in India can deter setting up infrastructure to deliver benefits over the last mile. This is where it becomes imperative that we look for cost effective alternatives. Mobile devices are one such category of enablers and the rapid penetration of mobile phones is just supporting the cause. Around 870 million wireless subscriptions11 will only help bring down the per transaction cost.

The Aadhar initiative of the government is expected to benefit the financial inclusion programme and other welfare initiatives such as:

– Public Distribution System (PDS)

– National Employment Schemes (NREGA)

– LPG Distribution and Subsidy Management

– Healthcare Delivery Mechanisms

Mobile identity mechanisms in collaboration with initiatives such as Aadhaar12 which help in identifying the users would help to remotely authenticate their identity over a secure communication channel. Such a mobile channel would provide mobility to Aadhaar and could act as an enabler to extend Aadhaar into a unique mobile identity mechanism. This would help to reach out to the citizens and efficiently deliver benefits at a lower cost.

The vision of the National e-Governance Plan (NeGP) of India is to make all Government (Public) services accessible to the common man in his locality, through common service delivery outlets. This will help ensure efficiency, transparency, and reliability of such services at affordable costs to realize the basic needs of the common man13. The ease of usage and the convenience to carry around a mobile phone is making a strong case for it to be used as a broad-ranging solution and help in providing a platform to realize this vision of the NeGP.

Mobile phones can provide an effective solution to open a multi way communication channel for Governments. Certain public sector bodies such as Police Services in various Indian cities have been using the SMS channel to reach out to citizens and update them with important information such as terror alerts, traffic diversion updates, etc. The wide spread penetration of mobile phones can be constructively used by policy makers to reach out to the citizens and seek their feedback on important decisions. An example could be getting a poll from citizens staying in a particular location on the installation of a new traffic signal in their locality. Mobile identity mechanisms can assist in such solutions that can be implemented with relative ease. Also, such solutions would open up multi-way communication channels for the government and the citizens would be accountable for the inputs provided by them.

11. https://wirelesstelecom.wordpress.com/2013/11/; November 2013

12. Aadhaar – Unique Identification Number to be issued by the Unique Identification Authority of India to every Indian citizen - http://uidai.gov.in/aadhaar.html

13. http://www.negp.gov.in/



6.1.8 Putting governance in a citizen's pocket

Mobile based solutions can assist bodies such as the Ministry of Corporate Affairs’ MCA21, the Election Commission and the regional Municipal Corporations to reach out to a larger section of the society and move towards mGovernance and providing easy, effective and portable solutions using existing infrastructure to the citizens.

The Right to Information Act (2005) provides Indian citizens with the right to request for information around public services. It mandates timely response to such request raised by the citizens. While providing services to limited ministries, there are online portals available where people can create requests and track them14. However, enabling the creation of such requests and tracking the status using

mobile phones can be instrumental in getting the facility and spreading the awareness to a larger section of the society. Simple applications built on mobile identity mechanisms can assist in enabling such services in a device independent manner and assist in capturing the mandatory user information required to be registered for registering RTI requests.

e-Governance project of

the Government of India,

covering the core

services of the

Ministry of Corporate

Affairs

Contain data and

financial details of

over 6.5 lakh

companies registered

with the MCA

Leading

nationalised

and

private sector

banks

About 6 crore pages of

company documents

will be digitized in this

way and stored into the

computer system

14. http://www.rtionline.gov.in/



6.1.9 Reaching out to the Unbanked

6.1.10 Banking with ease where no banking has happened

According to World Bank’s Global Findex survey, many people do not have an account at a formal financial institution since low income and distance barriers act as hurdles15. Further, low absolute savings per account, high volume of transactions, transaction costs and high account maintenance costs often act as an impediment in getting the unbanked population to banking. In India around 40 per cent of the population is unbanked16. These obstacles tend to drive the unbanked segment to reach out for unorganized, age-old services in deposition of money and fund transfer. Additionally, covering the whole population through local branches will likely take a long time.

Mobile identity mechanisms can help bank transactions to be executed through secure channels even from a remote location. There could be additional advantages where the technology can work on all existing handsets, independent of data connectivity and without any additional configurations. Such transactions could include peer to peer funds transfer, and paying utility bills from the mobile device. Such facilities are currently available to users of online banking facilities and/ or to users with expensive smart phone devices. However, making these facilities available on device and internet connection independent handsets can assist in greater penetration of the usage.

With the incessant and rapid growth of mobile banking services, mobile identity mechanisms provide a protected system for transactions. Banks and customers have embraced e-banking and it is growing exponentially. Data from RBI indicates a total of 3.7 crore mobile transactions took place between February and November 2012, jumping around 1.7 times in volumes over this 10-month period17. The phenomenal growth of this sector is primarily because customers are able to access their bank accounts to pay bills or transfer money through portable devices. Mobile identity mechanisms could provide the ideal solution to enable users carry out secure, yet convenient transactions.

15. KPMG UK - Banking the Unbanked, April 2013

16. http://www.bankofindia.co.in/FI-BOI/images/FI%20presentation.pdf

17. http://businesstoday.intoday.in/story/mobile-banking-on-the-rise-in-india/1/191851.html; January 2013

18. Financial Inclusion – The Indian experience, http://www.rbi.org.in/scripts/bs_speechesview.aspx?id=342; Jun 2007

Source: Financial Inclusion – The Indian experience, http://www.rbi.org.in/scripts/bs_speechesview.aspx?id=342

More than

100,000 Bank Branches in India

173Commercial banks in India

Banking system has been in existence in India since the

18th Century

500 million Unbanked population in India

18


Mobile devices on the basis of their higher penetration ratio to broadband internet stand out as a viable solution for providing banking facilities such as funds transfers, balance inquiry and online payments to the customers. Users across the country have fervently adopted the change. The number of transactions rose to 5.6 million in January, 2013 from 2.8 million a year ago20. As of October, 2012, 1.72 crore customers were using mobile banking services21.

Mobile Payments: Developing Economies

‘Mobile Money’ model gained popularity in developing economies which are plagued by low banking penetration. In this model, funds are held with the mobile carrier, and transfers are initiated via SMS or USSD. Due to its primitive nature, it did not gain popularity in developed economies which already had advanced systems in place.

According to GSM Association, there would be around 270 mobile payment products operating in the developing economies by 2013. A successful example to quote of is that of Kenya where 73 per cent of people use mobile money and 23 per cent use it at least once a day.

Further enhancements like mobile device sharing and application sharing has led to wider coverage of banking and reduced the cost of serving Bottom of Pyramid (BoP) accounts.


Mobile phones are expected to play a crucial role in reaching out to this unbanked population. To avoid the costs associated with building and maintaining a remote branch, banks currently are using handheld devices such as MicroATMs. MicroATMs are portable machines which use GSM technology to connect to the bank’s main network. A bank representative would need to physically carry this device to the user. The MicroATM provides the user the option to authenticate him on the console and

carry out a financial transaction. The bank representative facilitates the transaction such as handing over cash to the user against a withdrawal. Where the user and the bank operator both have mobile phones with them, the mobile phones could be converted into a MicroATM by using mobile enabled cryptographic modules to secure the transaction. The user can execute the transaction from his phone using an application. The bank representative would get a notification on his phone and complete the transaction19.

A low cost and effective eco-system providing a common platform for m-Banking, m-Commerce, m-Governance can help in achieving financial independence of the economically vulnerable population. It is imperative that a multi-dimensional approach focussing on increasing infrastructure spending, developing robust technology and regulatory frameworks, and stimulating demand by making available affordable mobile devices and services is the way forward.

19. http://uidai.gov.in/financial-inclusion/microatm-standards.html

20. http://www.business-standard.com/article/finance/mobile-banking-transactions-double-payments-rise-threefold-113041100353_1.html; April 2013

21. Mobile banking transactions double, payments rise threefold, http://www.business-standard.com/article/finance/1-72-cr-customers-using-mobile-banking-facilities-112121400624_1.html; December 2012

22. http://businesstoday.intoday.in/story/best-banks-2012-future-of-branch-banking-in-india/1/189927.html; December 2012

The cost of a bank transaction on manual mode is estimated to be in the range of INR45 to INR50 while it is around INR15 on ATM and INR4 on e banking. Banks will get mileage only if more and more transactions are handled through electronic mode. In the long term interest and convenience, migrating to electronic banking services is a good option.

- Shri M.D. Mallya,

Chairman and Managing Director of Bank of Baroda and the Deputy Chairman of IBA, “Role of Technology in Enhancing

Quality of Customer Service in Banks

Bank branches, the interface between banks and customers, have also changed drastically from being operations-centric to servicing clients. The shift during this period has been from branch to alternative delivery channels such as ATM, Internet and mobile.

- T.M. Bhasin

Chairman and Managing Director, Indian Bank, and author of E-commerce in Indian Banks22

“

“

”

”



Other innovations in the mobile authentication space7

Mobile Devices as Point of Sales

Over the last few years, mobility has been the platform of choice. Merchants, retailers and vendors are especially using this platform to augment their sales, enhance their services and boost their revenues. A mobile device when used as a POS provides a different level of customer interaction by helping the sales-force gain high customer engagements and in providing better shopping experience. The growth in the use of electronic payment products, such as credit and debit cards, added USD1.5 billion to the Gross Domestic Product (GDP) of India1. This demonstrates ample opportunities for the retailers to further increase their penetration using Mobile-POS (MPOS)

Mobile Devices in Near Field Communication (NFC)

NFC, a connectivity technology based on RFID standards, is a short range wireless technology to exchange data among various devices2. With NFC technology, consumers can connect to NFC enabled devices, access digital content and perform contactless transactions, with a single touch. The transactions could be authentication based or even financial transactions3. NFC enabled prepaid cards or other devices could assist in payment for public transport systems4 or even for paying road toll charges.

1. http://www.indiainfoline.com/Markets/News/Debit-and-Credit-card-usage-boosted-GDP-in-India-Moodys-report/5618237009; February 2012

2. http://www.rohde-schwarz.com/en/technologies/wireless-connectivity/rfid-nfc/rfid-nfc-technology/rfid-nfc-technology_55704.html;

3. http://www.simalliance.org/en/about/workgroups/interop_working_group/resources/interoperability-for-contactless-services-with-mob_gp6v9dc7.html

4. http://www.smartcardalliance.org/pages/publications-near-field-communication-and-transit

5. http://www.afscm.org/fichiers/bibliotheque/cp_cityzimobiles_21june12_vuk.pdf; June 2012

The usage of card based electronic payments has added USD983 billion in global economic growth in the period 2008 to 2012. In addition to this, these electronic payments have contributed to 0.3 per cent increase in the GDP of developed markets.

– Impact of electronic payments on economic growth, Moody’s Analytics, February 2013

France's Association Francais Du Sans Contact Mobile (AFSCM), or Association for Mobile Contactless in France, is ahead of the curve when it comes to NFC-based services. And in Europe, France ranks among the top countries based on the number of citizens with NFC enabled phones, according to the group. The French "Cityzi" service lets users in certain French locales to quickly scan their handhelds to access train stations and tap their devices against NFC tags placed in a variety of locations to get maps or other information on products or services.5

“”



Takeaways and the way forward8

In a country like India, technology revolutions such as telephone, television, personal computers, internet and mobile phones have always been following the successful implementations of the technologies in developed countries. The current population can thus be segmented based on age as well as ‘technology-usage-comfort’. The key common requirement across these generations today is the need to have convenient and mobile solutions. The advent of wireless technology has contributed to a multifold increase in the quality of life. Mobile phones have enabled us to communicate from anywhere, anytime. With 870 million mobile users in India1 and growth expected in the smart phone usage, we have the right task force to lead the global smart phone revolution. Digitisation promises to revolutionize enterprises as well as government agencies and cut through all generations. Smart phone based services would broaden the penetration of digitisation to the masses and make it very convenient and mobile. mGovernance is just one aspect of the spectrum; other avenues of impact can be mHealthcare, mEducation, mTrading, etc. The opportunities are immense and application developer ecosystems would play a very crucial role in further advancements. The quality of life can certainly increase with convergence and newer opportunities would present itself. These opportunities would need a large ecosystem to bring all the building blocks together. Banks, telecom operators, handset manufacturers, certifying authorities and regulators need to come together in playing their role to create a robust ecosystem.

Deriving from the concept of tipping point where a critical mass of users of a technology can define the standards, there is the need for creating the critical mass for a mobile based identity

mechanism. Such a push would be needed till the ecosystem attains the scale from where further adoption is easier. With various opportunities, explored as well as unexplored in both the public and the private domain, there is a huge social connotation and thus the Government should play a crucial role in the administration of such a smart phone ecosystem. eGovernance has been widely adopted in a number of Government initiatives . For example, paying property tax or filling income tax online is a regular feature. A few Municipal Corporations and State Governments are promoting mGovernance by creating various mobile applications that can provide crucial information to the citizens ‘anytime, anywhere’. To create the tipping point for a smart phone based ecosystem, additional initiatives must be taken by the Government. An example for such initiatives could be providing tax rebate on mobile transactions. Such initiatives would be needed to accelerate in reaching the tipping point and to create a self-sustained ecosystem.

To achieve this level of mobile identification and reap the benefits of inclusive development, a strong foundation is essential. Use of mobile digital signatures and associated security measures2 as per IT Act of 2000 can be the foundation stone. The 'Framework for Mobile Governance (m-Governance)' published by the 'Government of India, Ministry of Communications and Information' in January 2012 proposes initiatives that aim to deliver public services home to the populace. The m-Governance framework as envisioned by the government aims to enable high availability and accessibility by leveraging the reach of mobile devices and tapping the potential of mobile applications, especially in remote areas. For this, penetration of mobile devices,

smart phones and tablet PCs needs to be encouraged in semi-rural and rural areas. Current numbers suggest that rural areas have mobile penetration of just 39.9 per cent3 which includes subscribers owning multiple SIM cards.

1. http://articles.economictimes.indiatimes.com/2013-09-24/news/42361427_1_active-internet-users-social-media-brand-building; Sept 2013

2. http://deity.gov.in/content/secure-electronic-records-and-secure-digital-signatures

3. TRAI Press Release October 2013



A vital cog in the wheel of a mobile identity ecosystem is the payment system, which would consist of a central clearing house and an electronic interbank payment gateway. Effective payment system can facilitate seamless interbank operability and reduce the cost per transaction. The Immediate Payment System (IMPS) that offers customer to customer funds transfer through mobile phones has been provided by the National Payments Corporation of India (NPCI). However, merchant payments are not fully available with all the participating banks4. Further, certifying agencies have their task cut-out when it comes to data integrity and security which can make or break the system. Standards which are currently implemented in the U.S. or European markets can be a good baseline for developing suitable standards. The focus should be on making this technical development inclusive, convenient and mobile for

all generations. On the user front, development of mobile application stores for public and private services have to come up. Setting up of an INR 70 billion5 fund by the Government of India to support e-governance software development startups is a decisive step in this direction. Once such a robust ecosystem is established, the benefits are to be captured for all the entities involved. Convenience, security and mobility for the users, legal validity for the regulators, lesser costs per transactions and increased number of transactions for the service providers are just a few of the immediately visible benefits. Having such a mobile digital signature based mobile identity ecosystem is how regardless of generation barriers we can increase the quality of life, lead the global smartphone revolution from the front and establish global standards in this space.

4. http://www.npci.org.in/aboutimps.aspx

5. http://articles.economictimes.indiatimes.com/2013-06-05/news/39764396_1_government-websites-e-governance-government-contracts; June 2013


KPMG in India contacts:

Dinesh KanabarDeputy CEO M: +91 98200 20647 E: [email protected]

Kunal PandePartner Management Consulting M: +91 98926 00676 E: [email protected]

Rohan PadhiAssociate Director Management Consulting M: +91 99302 24081 E: [email protected]

We gratefully acknowledge the contribution of the following individuals who authored this report:

Divakar KhannaAssociate Consultant, Management Consulting Shireen KhanAssistant Manager, Markets Lipika DhawanAssistant Manager, Management Consulting

We also acknowledge the assistance provided by Jiten Ganatra and Subashini Rajagopalan in the creation of this publication

Mobile identity Mobile solutions that

cut through generations

kpmg.com/in

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.


The KPMG name, logo and “cutting through complexity“ are registered trademarks or trademarks of KPMG International.

Printed in India

Latest insights and updates are now available on the KPMG India app. Scan the QR code below to download the app on your smart device.

Google Play | App Store

kpmg.com/in

mobile identity - assets.kpmg · india ending july 2013 37 per cent growth in global 3g suscribers...

Documents