SIM card is provided as a part of mobile subscriptions. Therefore, almost everyone has a secure device (SIM card) that’s always available (unless your battery runs out).
That’s the strength of MobileID. It exploits the good old mobile communication system for strong authentication. A system which is already widely adopted and used.
Backside of the coin
This can also be a limitation. For a corporation or an organization to authenticate users with MobileID they need all users to have MobileID. But MobileID requires Mobile subscription which includes phone calls, SMS and mobile data.
Now, suddenly, the requirement of using a mobile subscription is a blocker. To adopt MobileID for everyone it’s required for all employees to have a mobile subscription that supports MobileID!
Wouldn’t it be easier to provide RSA security tokens to all users? Just give a device to everyone, deployment is easy. To answer the question, not anymore!
Enter MobileID Token
Swisscom invented the MobileID Token, which is an answer to this issue. Mobile ID Token is a SIM card that includes only the MobileID functionality. It’s that simple.
A new problem rises its ugly head. We already have a SIM card in our phones for our mobile phone subscription. Is it required for everyone to have a a separate phone to use this fancy Token with?
I can think of three solutions:
- User already has MobileID so she doesn’t need the Token. She’ll just use her pre-existing SIM card.
- User has dual SIM support in her phone. She’ll insert the Token to the second SIM slot.
- User is given a device to use the SIM card with. This device doesn’t need to do much and isn’t expensive.
Users that have mobile phone subscription with MobileID have a great experience. Nothing additional is required of them. Other users can upgrade their mobile subscription to get rid of extra devices, too.
Companies and corporations are also happy. They don’t have to give up the extremely secure MobileID because of deployment issues.