This is the presentation that was conducted at the Colombo Identity and Access Management User Group Meetup on the 7th of September 2017.
The Title is "Revolutionizing Digital Authentication with GSMA Mobile Connect"
Speaker is Keet Malin Sugathadasa. He is an undergraduate of the Department of Computer Science and Engineering, University of Moratuwa.
Topics Addresses in this Presentation:
1) Problems with Current Authentication Solutions
2) Introduction to Mobile Connect
3) The Mobile Connect Flow
4) Discovery API
5) Mobile Connect API
6) Level of Assurance (LoA)
7) Mobile Connect and OpenID Connect
8) The WSO2 Identity Server
9) Mobile Connect Demonstration
2. Agenda
Problems with Current Authentication Solutions
Introduction to Mobile Connect
The Mobile Connect Flow
Discovery API
On-net & Off-net
Mobile Connect API
Level of Assurance (LoA)
Mobile Connect and OpenID Connect
The WSO2 Identity Server
Mobile Connect Demonstration
10. World Statistics
87% - Would prefer just one Strong Password to remember
86% - Have left websites when asked to register or signup
86% - Are concerned about security when online
88% - Want reduced risk of identity theft and credit card
frauds
81% - Don't feel that they are getting much value from
their personal data as third parties do
68% - Are more likely to return to a site that remembers
them without a username or a password
Source: GSMA 2015 Consumer Research Statistics
11.
12.
13.
14. What do users really want?
Global Authentication Solution
Security and Privacy
Protection
Easy and Convenient Solution
15.
16. Introduction to
Mobile Connect
Mobile Connect is a secure Global Identity
Solution, that uses the Mobile Phone as a
Universal Log in Key.
Mobile connect is the mobile operator
facilitated authentication solution, that
provides simple, secure and convenient access
to online services. It is the convenient
alternative to passwords that protect customer
privacy.
20. Discovery API
Mobile Internet Connection + Mobile Device - The
authentication process will happen seamlessly. No user
interaction at all
Mobile Internet Connection + Computer - The service will
try the retrieve the relevant information from the sim. If
failed, it will prompt for the user information, and manual
authorization is required
Broadband/ WiFi Connection + Computer/Mobile - The
user will have to input relevant information and manual
authorization is also required.
21. On-Net Authentication
User clicks to login
via mobile connect
Operator Authenticates
the End User in the
background using
Header enrichment
Welcome to
wow.lk
Jonathan!
User is logged in to
the site
1
2
Registered User – Authentication via HE
22. Off-Net Authentication
Authentication via HE Fallback to USSD : Registered user
User clicks
to login via
mobile
connect
1 User prompted in
browser to enter
mobile number
2
USSD prompt confirmed by user
3 4
Welcome to
wow.lk
Jonathan!
User is logged
to the site
5
23. Mobile Connect API
Mobile Connect API is a service which is based
OpenID Connect.
Implementation done from an IDP (Identity
Provider)
Uses the mobile number to access the mobile
device for authorization.
24. Level of Assurance (LoA)
LoA or the Level of Assurance, describes the degree
of confidence, in various security processes
including authentication. (According to the ISO/IEC
29115 Standard).
LOA 2 – Requires a Key Press
LOA 3 – Requires a Pin Code
25.
26. OpenID Connect (OIDC)
Built on top of OAuth 2.0
Authenticate and Verify users based on a
supported Authorization Server
Authorization Endpoint
Token Endpoint
User-info Endpoint
28. WSO2 Identity Server (5.30)
Based on WSO2 Carbon platform, which provides support for multi-
tenancy, logging, clustering, and other common services
Identity Federation Between Multiple Heterogeneous Systems
This authentication method is broken. Remembering dozens of passwords and forgetting passwords easily
Signing Up to a system is a lengthy process.
The information we provide violates our privacy even as we speak
Talk about how we use these in our day to day lives. Limitations and inconvenience. Privacy Issues
The Perfect Solution
An introduction to Mobile Connect
It’s a global network between Mobile Users, and MNOs (Mobile Network Operators)
End user clicks on Mobile Connect button to access service
Application requests end user operator details from the discovery service
Discovery Responds with the operator details
Application makes an authentication request to the end user operator, using OpenID with Mobile Connect profile
Operator sends authentication request to end user
End user authenticates themselves using their mobile device
A PCR (Pseudonymous Customer Reference) specifying a specific end user returned
Access Granted
this extended version of OpenID Connect - is called the Mobile Connect Profile or the Mobile Connect API.
Each and every operator, should implement at least one type of authenticator per LoA.
With the WSO2 Identity Server, Mobile Connect is Supported by
Desktop
Tablet
Mobile Phone
And Supported by TV’s as well
With WSO2 Mobile Connect
Its Simple, Consistent and Can be integrated to any website or app