Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WSO2 Telco MCX

661 views

Published on

Solução Mobile Connect WSO2

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WSO2 Telco MCX

  1. 1. Mobile Connect Accelerator Digital Enablement Powered By APIs For Telcos
  2. 2. About WSO2.Telco Confidential 2 Axiata Group Global with Local Relevance IDENTITY Operational Model limitless Innovation Future Ready Agile & Digitally empowered Micro services 990 India Customers 290 Foot Print Countries 8
  3. 3. Visionary team and breakthrough platform Confidential 3 Empower Telcos and enterprises globally in their quest to extract value from the digital ecosystem and remain relevant in the digital age Vision Apply agility to a legacy landscape by offering seamless Telco / OTT interoperability to enable agile business Mission Built from MNO Digital Centre of Excellence combined with digital industry veterans Visionary Team Ground breaking WSO2 Code base & Telco Digital Innovation Visionary Platform DIGITAL SUCCESS • 3 state of the art DIGITAL HUBS in Asia • 4 Local API Gateways • 3 internal micro services projects and 400 APIs exposed in 9 months
  4. 4. Typical challenges for Digital enablement Confidential 4
  5. 5. Our Approach Confidential 5
  6. 6. Confidential 6 Be Digitally enabled with WSO2.Telco Freedom & Control o Open source o Fully customizable o Use any system integrator Support & Services Enterprise grade production support and professional services Cost Saving Zero CAPEX with OPEX based model Flexible/ Scalable On premise or cloud . Scale as your business grows
  7. 7. Confidential 7 WSO2.Telco: Wider ecosystem GLOBAL SERVICE PROVIDERS MNO GSMA ECOSYSTEM REGIONAL/COUNTRY/GROUP HUB WSO2.Telco ecosystem
  8. 8. Confidential 8 Opening up to a digital world full of opportunities Mobile Connect ++ Ready to expose ID SMS and USSD services Enhanced offering • Operator billing • Location API • Existing APIs Access global ecosystem Embrace regional and global digital opportunities Future ready, digitally enabled you
  9. 9. Rapid, interoperable digital service enablement Confidential 9 subscriber SMS USSD LBS DOB ID MNO Interfaces Internet of things App developersService providers GSMA API exchange
  10. 10. WSO2.Telco Identity Gateway with more than 1bn customers enabled by WSO2.Telco • Standalone solution capable of being the backbone of a fully integrated ID Strategy including SSO, federated ID services and more. • Currently the only fully featured open source GSMA certified ID solution. • SPs and enterprises can use this solution to implement a federated ID solution for their own use. • For Mobile Connect the solution consists of authenticators for Levels of Assurance 2 and 3 (LOA2, LOA3) including Header enrichment, SMS, USSD and Smartphone applications. • The solution also works with third party SIM applets and is GSMA Mobile Connect, GSMA OneAPI V3 and ETSI 102.204 compliant. • Available to download as open source software. Confidential 10
  11. 11. Mobile Connect Accelerator (MCX) by WSO2.Telco Confidential 11 FEATURE RICH LOW COST No message arrived? Click to get a text message instead. Login to wow.lk account with mobile connect? 1.Okay 2.Cancel QUICK START Open source with modular scaling. OPEX model to grow with traffic LOW COST Mobile Connect ++ and authentication API’s for other services FEATURE RICH Highly flexible for adapting to changing requirements and new use cases FLEXIBLE Proven middleware with tools enabling seamless integration + horizontal scaling SCALABL E Allows MNO’s to both collaborate and innovate internally whilst reducing friction INTER OPERABL E
  12. 12. How MCX works Confidential 12 CUSTOMER LOGIN Desktop/mobile service access request Operator discovery Authentication SERVICE PROVIDER 4 WSO2.Telco MCX solution 1 2 3 Secure, convenient & I don’t need to remember multiple usernames and passwords! GSMA API exchange
  13. 13. Confidential 13 Deployment options and upgrade path Cloud based quick start Live deployment in 30 days Fully managed cloud solution with light integration Low cost for full production instances Simple contract with no fuss Hybrid for scaling and upgrade Multiple architectures to choose from (partial/full HA) Quick upgrade to full API management All capabilities built on highly efficient WSO2 code base On premise Free POC/ beta trial Same code and rapid VM based deployment Seamless migration from cloud - with no additional integration Adaptable for use of any system integrator
  14. 14. No friction, quick start! Confidential 14 Sign up Managed cloud or on premise Same integration path Single code Same integration path Connect Authentication API’s : OpenID Connect SMS, USSD MSSP (ETSI 102.204 compatible for SIM Applet) Ready to use Onboarding local and internal services Share all existing service providers Connect to GSMA Exchange
  15. 15. MCX Authenticators Confidential 15
  16. 16. Mobile connect use cases and UX flows Confidential 16 User clicks to login via mobile connect Operator Authenticates the End User in the background using Enriched Header Item Feature Phone Smart Phone Competition Primary Authenticator Header Enrichment Header Enrichment SMS OTP or Traditional Username and password Roadmap Smartphone Authenticator and USSD Click ‘OK’ as a fallback authenticator o MSISDN is not required to be input as it is captured through header enrichments o USSD Fall back authenticator used for if user is using a proxy caching service like Opera Simple Authentication (LoA2) on mobile network via Header enrichment 1 Welcome to wow.lk Jonathan! 2
  17. 17. Confidential 17 Simple Authentication (LoA2) off mobile network via USSD No message arrived? Click to get a text message instead. No message arrived? Click to get a text message instead. Login to wow.lk account with mobile connect? 1.Okay 2.Cancel Welcome to wow.lk Jonathan! User clicks to login via mobile connect Enter mobile number USSD pop up initiated USSD pop received and confirmed User is logged in to site! Item Feature Phone Smart Phone Competition Primary Authenticator USSD Click ‘OK’ USSD Click ‘OK’ SMS OTP or Traditional username and passwordFallback Authenticator SMS Click ‘OK’ SMS Click ‘OK’ Roadmap Smartphone Authenticator 1 432 5
  18. 18. Confidential 18 Two factor Authentication (LoA3) on mobile network via USSD Registration : MISISDN available through header enrichment/auto discovery Choose a 4 digit Mobile Connect pin. OK Cancel Confirm your mobile connect PIN OK Cancel User clicks to login via mobile connect Registration notification USSD pop up initiated USSD prompt to create PIN Re-enter PIN 1 432 5
  19. 19. Confidential 19 Two factor Authentication (LoA3) on mobile network via USSD Registration : MISISDN available through header enrichment/auto discovery o Default question templates can be localized as per SP o Select security questions, input answers & Accept T & C Confirmation and consent to SP to proceed with registration completion 6 7
  20. 20. Confidential 20 Two factor Authentication (LoA3) on mobile network via USSD Registered customer log on: through header enrichment/auto discovery Enter your mobile connect PIN to continue OK Cancel Welcome to wow.lk Jonathan! User clicks to login via mobile connect USSD pop up initiated USSD Prompt to enter PIN User is logged in to site! Item Feature Phone Smart Phone Competition Primary Authenticator USSD Enter ‘Pin’ USSD Enter ‘Pin’ SMS OTP and Traditional username and password Roadmap Smartphone Authenticator and USSD Enter ‘PIN’ as a fallback authenticator 1 432
  21. 21. Confidential 21 Two factor Authentication (LoA3) off mobile network via USSD User clicks to login via mobile connect USSD prompt initiated Enter mobile number No message arrived? Click to get a text message instead. Enter your mobile connect PIN to continue OK Cancel Welcome to wow.lk Jonathan! User enters correct PIN User is logged in to site Item Feature Phone Smart Phone Competition Primary Authenticator USSD Enter ‘Pin’ USSD Enter ‘Pin’ SMS OTP and Traditional username and password Fallback Authenticator SMS Authenticator (not recommended for LoA3.) * Roadmap Smartphone Authenticator and USSD Enter ‘PIN’ as a fallback authenticator * When fallback authenticator is used, SP is informed of supported LoA & authenticator. SP can implement business logic to handle LoA2 authentication. 1 432 5
  22. 22. Confidential 22 PIN reset/PIN error PIN Incorrect OK Cancel Click on reset PIN option If user has exhausted all 3 chances of entering the correct PIN , user will be asked to reset PIN via the web browser or the app PIN entered is incorrect Users have a maximum of 3 tries to enter the PIN correctly 1 2
  23. 23. Confidential 23 PIN reset/PIN error… Change PIN option to be selected. Enter default PIN to reset Enter your Mobile Connect PIN to continue or type XX to reset. CancelO K Operator/Service provider can configure this option (whether to enable or disable to end user). Refer to slide 13 Reset PIN input configurations as per MNO/SP requests to be checked with GSMA technical team 3 4
  24. 24. Confidential 24 Security question set during registration (refer slide 7) Choose a 4 digit Mobile Connect pin. OK Cancel Create new PIN Confirm your new mobile connect PIN OK Cancel Confirmation of new PIN Successful completion of PIN reset PIN reset/PIN error 5 6 7 8
  25. 25. Confidential 25 Managing Mobile connect accounts through self care Enter default PIN to reset o Reset PIN functionality will be enabled to all users by default. o Enabling /disabling rest of functionalities of self-care will be under the discretion of SP or MNO
  26. 26. Confidential 26 Authenticators Authenticator LoA 2 LoA3 Usage description Header Enrichment X Suitable for lower levels of assurance (LoA2/single-factor authentication) and user consent is implicit or taken during the setup/registration phase. Is a key differentiator as it provides a “seamless” experience, utilising network authentication. USSD X X Uses the Network initiated USSD messages and supports both LoA 2 and LoA 3 interactions. SMS + ‘Click URL’ X Supports LoA 2 authentication and a better user experience over SMS OTP as the interaction is non-disruptive [all within the Authentication Device] Smartphone Application X X Securely supports single and two-factor authentication, with a rich UE. Can be used with “network binding” to enhance it with MNO value add for security and business processes. SIM Applet X X Supports both LoA 2, LoA 3. Very secure - PIN is always stored on the SIM, and never transmitted.
  27. 27. Header Enrichment – Pros & Cons Confidential 27 Pros Cons Partial Mitigation Seamless user experience for the user. User does not need to enter MSISDN Does not work with HTTPS A redirection via HTTP can be used for the authentication part before reverting back to HTTPS for the service session No additional integration needed for the Service Provider Not suitable for higher LoA use cases (only suitable for LoA2) Reuses the existing MNO core network authentication Does not work over non-MNO network (e.g. WiFi) Establishes “1 factor” authentication: User HAS the device [which has been a-priori authenticated via the mobile network]
  28. 28. USSD – Pros & Cons Confidential 28 Pros Cons Partial Mitigation Supported on majority of handsets Minimal user experience Used in conjunction with smartphone authenticators for better UX on smartphones Utilises the MNO assets Limited support in 4G phones LTE phones require fallback to CS for USSD traffic. Network Initiated USSI (USSD over IMS) within the following specifications in 3GPP Release 12:- The specs are 3GPP TS 22.173 v12.8.0, 3GPP TS 24.390 v12.2.0, 3GPP TS 24.229 v12.7.0 Not dependent on a data channel, works on the signalling plane LoA3 – Recommended not to be used in roaming scenarios Trust between MNOS Works in roaming conditions, across devices No audit logs of traffic either on network/MNO end or customer end. In bound/out bound logs can be captured on WSO2 Identity Server Potentially supports both LoA2 and LoA3 Network congestion may cause latency and unreliable delivery. This can be addressed via SMS or MO USSD fallback authenticator.
  29. 29. SMS Authenticators – Pros & Cons Confidential 29 Pros Cons Reuses MNO assets – SMSC Poor UX requiring context switching between apps Simple user experience by embedding OTP in URL rather than requiring user to retype Not suitable for higher LoA use cases Works on all devices SMS can be intercepted by apps on the device or any malicious agents
  30. 30. Live Deployments & Achievements Confidential 30
  31. 31. Live Deployments - India Hub Confidential Digital Hub deployed in India, connecting 6 Indian operators to deploy Mobile connect identity service to their collective 990 Million subscribers. The Hub is a fully featured API platform and designed to enable MNOs in India to leverage a centralized identity solution as well as to expose multiple network assets and micro services to northbound service providers. This includes projects relating to smart cities and the IOT space.
  32. 32. Mobile Connect India Case Study – Six MNOs, one MCX Hub Confidential PLATFORM IN INDIA Service Providers Digital Business enabler Platform live for 12 months Six MNOs integrated in 6 months LOA2 and 3 with three authenticators Central Business Operations Hub operated as a Platform-as-a-Service hosted in India • Only operational MCX Hub globally • Central very agile MCX product evolution • Fully operational Telco API Hub • MNO on-premise option with no re-engineering SMS USSD HE MCX DoB CRM LBS Wall et
  33. 33. Live deployments Digital Hub In Singapore powering over 290 Million subscribers Confidential 33 Axiata Group 290
  34. 34. Live deployments Confidential 34 8 APIs empowering 6000 Entrepreneurs & businesses www.ideamart.lk
  35. 35. Achievements Confidential 35 GSMA’s Project 2 Billion target for Mobile connect : Contribution from WSO2.Telco through enabling Indian MNOs
  36. 36. Achievements Confidential 36 Dialog Axiata PLC – Self care app that grabbed “Best Mobile Network Solution” at GLOMO awards 2016 – Powered by WSO2.Telco APIs
  37. 37. For more information… Confidential 37 Email: info@wso2telco.com

×