Full Title or Meme
- The computing power of a Smartphone today is beyond that of any computer of 25 years ago. The connectivity of a Smart Phone is beyond that of any computer of 25 years ago. Now anyone of modest means can carry one with them nearly anywhere they want to go. Clearly society will feel the impact of this leap of technology. And its impact for personal Identity can only be guessed at.
- Pew research report Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records. While the report's first solution was a universal health Identifier, they realize the blockers to that in the US and the second solution was patient oriented solutions like the Smart Phone.
- Smart Phones are valuable, both in their own right, and as access to user information. Theft is common.
- Telephone numbers can be reassigned by attacks against the telco self-service web sites or even the manned service locations.
The Smartphone will be provisioned with a variety of Native Apps when acquired by the user. A number of these apps, like email, will require the user to sign-in using some Identifier or Attribute Provider that also provides Authentication to unrelated third parties. For example Google Android or Apple iCloud services can be sued to sign-in to sites that recognize the OpenID Connect protocol that they use.
The Smart phone is now the Identity in Everyone's Pocket. The linked article shows how the Smartphone helps to keep users secure for both Identity and Privacy.
Smart Phone role in Authentication
- The phone can store authentication information that is displayed to a reader in a physical device owned by the Relying Party. The information may include the user name only or user name and password or other authentication information.
- The phone supports blue tooth and payment NFC protocols that can be sued in a reader in a physical device owned by the Relying Party, or on the user's desktop computer.
- An Authentication Native App can be loaded onto the phone from existing Authentication providers, like Microsoft or Google.
Smart Phone Hardware Security
- Hardware Protection has been a security gold standard since the advent of FIPS 140, but it must be remembered that their is no longer any such thing as a purely hardware component in computer design. All sophisticated hardware chips now contain a significant software component and many contain configurable memory, or firmware, that contains software that is "just" a part of the hardware. This is commonly referred to as a Trusted Execution Environment.
- The Trusted Platform Module TPM was a hardware chip in version one, but by 2020 all Intel and Android processors included secure hardware that could run the version two TPM as software in the secure environment. The TPM can make a statement about the software operating system that a Remote Attestation Service can verify.
- Security Enhancements (SE) for Android was a NSA-led project that created and released an open source reference implementation of how to enable and apply SELinux to Android, made the case for adopting SELinux into mainline Android, and worked with the Android Open Source Project (AOSP) to integrate the changes into mainline Android. As a result, SELinux has been a core part of Android since 2019. See https://source.android.com/security/selinux/ for further information on SELinux in Android.
- Android security program.
Smart Phone storage of user information
The Smart Phone can both collection user information from a variety of sources and then turn around and send that data to web sites that need the information. This process of sourcing and sinking data can be entirely on the Smart Phone itself, or in conjunction with a Web Site that acts as a back-end for a Web App on the phone.
Proof of Presence
- There are a variety of sensors on many smartphones that can be used as authentication factors or more.
- The Biometric input of (for example) face scans or fingerprints and provide a link to the physical human presence.
Trust of the Data
- Any smartphone app (native or web) can send any data it wants to any web page it can access.
- How then can a Relying Party accept a statement from a phone app?
- The statement itself can be signed by a trusted issuer.
- The phone app can prove its reliability by some assessment process.
Smart Phone Screen Sizes
- Media Genesis has a good list. also Device Atlas
- iPhone 5 640 x 1136 pixels 320 x 568 view port
- iPhone 7+ 1080 x 1920 pixels 414 x 736 view port
- Google N5X 1080 x 1920 Pixels 412 x 732 VP
- Google 3XL 1440 x 2960 Pixels 412 x 846 VP
- Samsung S7 1440 x 2960. pixels 360 x 640 VP
Premium phone can go somewhat higher and even have two screens folded together in 2021.
The viewport is the user's visible area of a web page. It varies with the device, and will be smaller on a mobile phone than on a computer screen. HTML5 introduced a method to let web designers take control over the viewport, through the <meta> tag. Note that device width changes from portrait to landscape orientation of the device. You should include the following <meta> viewport element (exactly as shown) in all your web pages:
<meta name="viewport" content="width=device-width, initial-scale=1.0">
- Phil Vachon, The Identity in Everyone's Pocket CACM 64 no 1 (2021-01)