Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FIDO Authentication and GSMA Mobile Connect

4,420 views

Published on

A detailed look at GSMA's Mobile Connect Program and how they are testing the addition of FIDO's biometric authentication to further strengthen the offering.

Published in: Mobile
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

FIDO Authentication and GSMA Mobile Connect

  1. 1. FIDO and Mobile Connect FIDO Seminar, Barcelona May 8th 2017
  2. 2. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world’s mobile operators, as well as more than 230 companies in the broader mobile ecosystem Identity – Mobile Connect2
  3. 3. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.3 Introducing Mobile Connect, a mobile operator facilitated digital identity solution • Simple, secure and convenient access to online services • Enables users to: • Authenticate online • Authorise digital transactions • Verify their identity • …via their mobile device, anywhere Convenient via the device in your pocket Secure using regulated networks Private no data shared without consent Identity – Mobile Connect
  4. 4. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.4 Example use case: reducing user friction by minimising steps to fulfil online commerce transaction Select items; click thru to checkout Form filling Registration complete Select payment type Authorise transaction Username/ password Without Mobile Connect With Mobile Connect Select Select items; click thru to checkout to checkout Authenticate -> authorise payment -> agree to share name/address with merchant via a single action Identity – Mobile Connect
  5. 5. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Mobile Connect offers a range of services for digital transactions Helping users manage their identity across their digital footprint Authentication AttributesIdentityAuthorisation Simple and globally ubiquitous log-in Insights about the user, device or transaction Assertion of user identity User authorisation of SP requests Identity – Mobile Connect5
  6. 6. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Mobile Connect and FIDO both seeking to replace passwords via use of the mobile phone for authentication 6 Something I Know Something I Have Something I Have + Something I Know Something I Have + Something I Am Or Identity – Mobile Connect
  7. 7. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Mobile Connect leverages FIDO to expand its set of Authenticators 7 Federation Authentication User Management Physical-to-digital identity Existing MNO KYC processes Device-based authenticators Existing MNO CRM databases Network-based authenticators (USSD, SIM applet etc.) Identity – Mobile Connect
  8. 8. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. FIDO integrates into Mobile Connect as an optional authenticator subsystem 8 FIDO UAF protocol Mobilephone with FIDO client AuthN server MNO Tablet/desktop Service access request Service Provider Authentication request Identity GW First mile Second mileSIM applet protocol (CPAS8) AuthN server SIM applet Identity – Mobile Connect
  9. 9. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.9 52 operators launched in 29 markets 3bn …enabled users world-wide 82m …Mobile Connect users… 17m …monthly active users Correct as at April 2017 Cambodia Italy Bangladesh Sri Lanka Pakistan India China Indonesia South Korea Australia Thailand Myanmar Egypt Turkey Spain Argentina Peru Mexico Canada Finland France Malaysia Brazil Switzerland Jordan Poland Uruguay Colombia Ecuador Morocco UK Identity – Mobile Connect
  10. 10. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. • Mobile Connect and FIDO are complementary providing a robust and extensible authentication framework providing a federated digital identity framework leveraging FIDO to deliver a range of services for facilitating secure digital transactions • Both in combination help users transact more safely and conveniently online Identity – Mobile Connect10 Take aways
  11. 11. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Mobile Connect API documentation & sandbox: https://developer.mobileconnect.io 11 Identity – Mobile Connect
  12. 12. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. NSTIC (National Strategy for Trusted Identities in Cyberspace) pilot to enable a common approach to enable consumers and businesses to use mobile devices for secure, privacy-enhancing identity and access management. By allowing relying parties (RPs) to more easily accept identity solutions from Mobile Network Operators, the solution is intended to reduce a significant barrier to online service providers accepting mobile-based credentials. Identity – Mobile Connect12 Enabling Mobile-based Identity and Access Management Technologies
  13. 13. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Overall Pilot Strategy – 3 Phased Approach • Financial sector use case with VISAto demonstrate step up authentication at point of sale. • Consumer goods use case with InterBev to demonstrate age verification on age-restricted websites. • Healthcare use case with San Diego Health Connect to enable patient and doctor services through a Health Information Exchange (HIE). • eGovernment use case with the IRS to demonstrate the ability for citizens and non-citizens to file taxes within the US and outside the US. Personal Data – Mobile Connect13 Establish the Foundation Governance (US MNOs, GSMA, Technology Partners) Technical Infrastructure and Authenticators Proof of Concept Financial Sector (Visa) Consumer Goods (InterBev) Healthcare (SDHC) eGovernment (IRS) Commercial Exploration (Trust Framework) Legal Privacy Contracts Business model
  14. 14. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. • GSMA Mobile Connect architecture with multiple models for Mobile Connect Accelerator (MCX) implementation and three Authenticator options. • Implementation leveraging a Hub integrated with the different vendors per Authenticator option and MNOs. Identity – Mobile Connect14 Pilot Architecture
  15. 15. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.Identity – Mobile Connect15 Pilot Partners
  16. 16. Copyright © 2017 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Visa – Step-up Authentication to reduce fraud. • Demo: https://youtu.be/m8CID7VPr1I InterBev – Age-verification when purchasing age-restricted products from vending machine with mobile device. • Demo: https://vimeo.com/204070861 Over 700 people experienced the demo. Smartphone Application Authenticator with FIDO functionality were used as well as SIM Application Authenticator. • SIM Application Authenticator enables a very streamlined UX and high security. • Smartphone demonstrated the ability to partner with a third-party technology partner. Identity – Mobile Connect16 Mobile World Congress 2017
  17. 17. If you would like more information, please contact the GSMA via: mobileconnect@gsma.com +44 (0) 20 7356 0600 www.gsma.com/identity Follow the GSMA on Twitter: @GSMA GSMA London Office The Walbrook Building, 25 Walbrook, London EC4N 8AF Copyright © 2018 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.

×