Martin Prosek, profile picture
Uploaded byMartin Prosek
892 views

Mobile Identity 2013 - Optimising and simplifying authentication and authorization services

The document discusses the optimization and simplification of authentication and authorization services in the context of Telefónica Czech Republic's mobile and fixed operations. It highlights the use of SIM card-based identification and technical solutions for various platforms, including internal servers and smartphone applications, as well as the potential risks in mobile content payments due to the involvement of third parties. Ultimately, it concludes that mobile operators are well-positioned to ensure reliable user identification and multifactor authentication in a modern web environment.

Embed presentation

Downloaded 21 times
Optimising and simplifying authentication and authorization services_ Martin Prošek Telefónica Czech Republic 06.11.2013
About Telefónica Czech Republic Fixed and mobile voice and data, IPTV Operated under commercial brand O2 DISCOVER, DISRUPT, DELIVER
Mobile Operator Identification Security • SIM card – secure asset giving access to the network, protected by PIN • DISCOVER, DISRUPT, DELIVER No further interactions
SIM-based Identification • Simple, convenient • Fully sufficient for telco payments (voice, SMS, data…) • Fails in cases when Phone is stolen Phone is borrowed Data access is shared by WiFi Corporate users • • • • DISCOVER, DISRUPT, DELIVER
Technical Solution – Internal Server AAA AAA Server Server IP address MSISDN resolving Authorization DISCOVER, DISRUPT, DELIVER
Technical Solution – Internal + External Server Typical example: WAP Gateway Gateway AAA AAA Server Server IP address MSISDN resolving Header enrichment X-Nokia-msisdn: 420602607977 Authorization DISCOVER, DISRUPT, DELIVER
Technical Solution – Internal + External Server GET / HTTP/1.1 Host: m.o2.cz User-Agent: Mozilla/5.0 (SymbianOS/9.3; Series60/3.2 NokiaE72-1/031.023; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 4 BrowserNG/7.2.3.1 x-wap-profile: "http://nds1.nds.nokia.com/uaprof/NE72-1r100.xml" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,cs;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cache-Control: max-age=0 X-Nokia-msisdn: 420602607977 HTTP/1.0 200 OK Server: Apache-Coyote/1.1, Apache-Coyote/1.1 Cache-Control: no-cache x-cocoon-version: 2.0.3 Expires: Fri, 31 Dec 1999 23:59:59 GMT Date: Wed, 06 Nov 2013 07:19:46 GMT Vary: Accept-Encoding Pragma: no-cache Content-Type: text/html;charset=UTF-8 Content-Encoding: gzip X-Cache: MISS from proxy1, MISS from Proxy1R Connection: close DISCOVER, DISRUPT, DELIVER
Technical Solution – Smartphone Application API API AAA AAA IP address MSISDN resolving 420602607977 DISCOVER, DISRUPT, DELIVER
Technical Solution – WiFi • • • • MSISDN - if operator‘s WLAN used Login by username password – otherwise MT SMS One-Time Password Tricks – cookies, certificates DISCOVER, DISRUPT, DELIVER
Technical Solution – WiFi with MT SMS OTP SMSC SMSC API API Server Server MSISDN OTP OTP MT SMS OTP Authorization DISCOVER, DISRUPT, DELIVER
Technical Solution – App on WiFi with MO SMS App App Operator Operator Server Server Token SMS with Token Authorization DISCOVER, DISRUPT, DELIVER
Mobile Content Payments • • • Natural extension of payments for telco services Mobile Payments with 3rd parties are next step Issues: Authentication not only for operator – mechant is included Intangible goods • • DISCOVER, DISRUPT, DELIVER
Mobile Content Payments Risks • Communication is not direct anymore Operator Operator • Man-in-the-middle (M-I-M) attacks are possible Provider Provider • Even the app itself can compromise the payment security – App-in-the-middle (A-I-M)* App App • Operator Operator Provider Provider Operator Operator * Known examples: fraudulent Premium SMS sending… DISCOVER, DISRUPT, DELIVER
Mobile Content Payments Risks Typical example: oAuth App App DISCOVER, DISRUPT, DELIVER Operator Operator Server Server
Summary Mobile operators are still in best position to assure reliable identification of Users. NETWORK BASED IDENTIFICATION Using SIM card Using other data (location, terminal information…) PASSWORD BASED IDENTIFICATION It creates reliable multifactor authentication IDENTITY FEDERATION Evolves from walled garden to modern web environment 15 DISCOVER, DISRUPT, DELIVER
Mobile Identity 2013 - Optimising and simplifying authentication and authorization services

More Related Content

PDF
WSO2 Telco MCX
byEdgar Silva
 
PDF
WSO2Con ASIA 2016: WSO2.Telco IDS – Mobile as Identity
byWSO2
 
PPTX
SOTP_Introduction
byJohnson Wu
 
PDF
WSO2.Telco - The Open Source Digital Enablement Platform
byWSO2
 
PDF
APIs - The Foundation of the Future Telco
byWSO2
 
PDF
APIs – The Foundation of the Future Connected Telco
byWSO2
 
PPTX
Digital authentication
byallanh0526
 
PDF
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
byWSO2
 
WSO2 Telco MCX
byEdgar Silva
 
WSO2Con ASIA 2016: WSO2.Telco IDS – Mobile as Identity
byWSO2
 
SOTP_Introduction
byJohnson Wu
 
WSO2.Telco - The Open Source Digital Enablement Platform
byWSO2
 
APIs - The Foundation of the Future Telco
byWSO2
 
APIs – The Foundation of the Future Connected Telco
byWSO2
 
Digital authentication
byallanh0526
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
byWSO2
 

What's hot

PDF
IETF meeting - SIP OAuth use cases
byVictor Pascual Ávila
 
PDF
CIS 2017 - So you want to use standards to secure your APIs?
byBertrand Carlier
 
PPTX
MyGp
byInsan Haque
 
PDF
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
byFIDO Alliance
 
PPTX
Host Card Emulation
byAhmed Fathallah
 
PDF
Shufti Pro| Digital Identity Verification Solution
byJoshuaVictor10
 
PPT
24online for Hotels/Resorts
byNitin Mittal
 
PPT
24online-Hotel presentation
byvismayibhat
 
PPTX
DataArt Innovation Showcase Blockchain Billing
byAlan Quayle
 
PPTX
FIDO and Mobile Connect
byFIDO Alliance
 
PPTX
How IBM and Dialogic Are Making Conferencing Smarter with AI
byDialogic Inc.
 
PPTX
OmniSource_ppt_2011_7-2 (2)(1)
byAndrea Colombetti
 
PDF
TADS Telecom Summit Telestax Ivelin Ivanov
byAlan Quayle
 
PPTX
Webinar: Identity Wars: The Unified Platform Awakens
byForgeRock
 
PPTX
New Opportunities with Two Factor Authentication (2FA) - A How To
byAlan Percy
 
PPTX
TADSummit, Kandy Marketplace: Helping Solution Providers Accelerate Sales Sac...
byAlan Quayle
 
PDF
SYPHERSAFE
byMustafa Kuğu
 
PPTX
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 
PDF
Host Card Emulation in Android: What Does it Mean?
byRambus Inc
 
PPTX
2015 Identity Summit - OpenAM: Friends with benefits
byForgeRock
 
IETF meeting - SIP OAuth use cases
byVictor Pascual Ávila
 
CIS 2017 - So you want to use standards to secure your APIs?
byBertrand Carlier
 
MyGp
byInsan Haque
 
FIDO Workshop at the Cloud Identity Summit: FIDO Alliance Overview
byFIDO Alliance
 
Host Card Emulation
byAhmed Fathallah
 
Shufti Pro| Digital Identity Verification Solution
byJoshuaVictor10
 
24online for Hotels/Resorts
byNitin Mittal
 
24online-Hotel presentation
byvismayibhat
 
DataArt Innovation Showcase Blockchain Billing
byAlan Quayle
 
FIDO and Mobile Connect
byFIDO Alliance
 
How IBM and Dialogic Are Making Conferencing Smarter with AI
byDialogic Inc.
 
OmniSource_ppt_2011_7-2 (2)(1)
byAndrea Colombetti
 
TADS Telecom Summit Telestax Ivelin Ivanov
byAlan Quayle
 
Webinar: Identity Wars: The Unified Platform Awakens
byForgeRock
 
New Opportunities with Two Factor Authentication (2FA) - A How To
byAlan Percy
 
TADSummit, Kandy Marketplace: Helping Solution Providers Accelerate Sales Sac...
byAlan Quayle
 
SYPHERSAFE
byMustafa Kuğu
 
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 
Host Card Emulation in Android: What Does it Mean?
byRambus Inc
 
2015 Identity Summit - OpenAM: Friends with benefits
byForgeRock
 

Similar to Mobile Identity 2013 - Optimising and simplifying authentication and authorization services

PDF
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
byCloudIDSummit
 
PDF
case-study-on-digital-identity-swisscom-mobile-id_en
byAlix Murphy
 
PDF
Mobile SSO: Give App Users a Break from Typing Passwords
byCA API Management
 
PPTX
A case for identities - Etisalat, George Held at TADSummit
byAlan Quayle
 
PDF
Smart Cards & Devices Forum 2012 - Mobile ID usnadňuje život jak uživatelům, ...
byOKsystem
 
PPTX
Procert Authentication Platform by Mcarbon
byMcarbon Tech Innovation Pvt Ltd
 
PDF
Security & Seamless CX in User Authentication: How to Achieve Both?
byIvona M
 
PPTX
Mobile Authentication on the Internet
byevidos
 
PPTX
Securing Microservices in Hybrid Cloud
byVMware Tanzu
 
PDF
Banking and Mobile Identity
byApigee | Google Cloud
 
PDF
Over the Air 2011 Security Workshop
byEricsson Labs
 
KEY
Mobile Activesync Russian Roulette - Kiwicon 09
bydeathflu
 
PPTX
Mobile Network Operators and Identity – Crossing the Chasm
byBjorn Hjelm
 
PPTX
SECURING ONLINE SERVICES IN A MOBILE FIRST WORLD
byForgeRock
 
PDF
Mobility & Security Technology Risk Considerations
byRobert Brown
 
PPTX
OpenID Connect: The Mobile Profile
byBjorn Hjelm
 
PPT
Adaptive Trust for Strong Network Security
byAruba, a Hewlett Packard Enterprise company
 
PDF
The State of Mobile Security and How Identity Advancement Plays an Essential ...
byDana Gardner
 
PPTX
Session810 ken huang
byKen Huang
 
PDF
Web Authn & Security Keys: Unlocking the Key to Authentication
byFIDO Alliance
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
byCloudIDSummit
 
case-study-on-digital-identity-swisscom-mobile-id_en
byAlix Murphy
 
Mobile SSO: Give App Users a Break from Typing Passwords
byCA API Management
 
A case for identities - Etisalat, George Held at TADSummit
byAlan Quayle
 
Smart Cards & Devices Forum 2012 - Mobile ID usnadňuje život jak uživatelům, ...
byOKsystem
 
Procert Authentication Platform by Mcarbon
byMcarbon Tech Innovation Pvt Ltd
 
Security & Seamless CX in User Authentication: How to Achieve Both?
byIvona M
 
Mobile Authentication on the Internet
byevidos
 
Securing Microservices in Hybrid Cloud
byVMware Tanzu
 
Banking and Mobile Identity
byApigee | Google Cloud
 
Over the Air 2011 Security Workshop
byEricsson Labs
 
Mobile Activesync Russian Roulette - Kiwicon 09
bydeathflu
 
Mobile Network Operators and Identity – Crossing the Chasm
byBjorn Hjelm
 
SECURING ONLINE SERVICES IN A MOBILE FIRST WORLD
byForgeRock
 
Mobility & Security Technology Risk Considerations
byRobert Brown
 
OpenID Connect: The Mobile Profile
byBjorn Hjelm
 
Adaptive Trust for Strong Network Security
byAruba, a Hewlett Packard Enterprise company
 
The State of Mobile Security and How Identity Advancement Plays an Essential ...
byDana Gardner
 
Session810 ken huang
byKen Huang
 
Web Authn & Security Keys: Unlocking the Key to Authentication
byFIDO Alliance
 

More from Martin Prosek

PDF
SDP Global Summit 2012
byMartin Prosek
 
PDF
SDP Global Summit 2010
byMartin Prosek
 
PDF
SDP Global Summit 2009
byMartin Prosek
 
PDF
CDN World Summit 2011
byMartin Prosek
 
PDF
Broadband Traffic Management 2011
byMartin Prosek
 
PDF
Broadband Traffic Management 2010
byMartin Prosek
 
PDF
3GOptimisation 2012
byMartin Prosek
 
PDF
SDP Global Summit 2013
byMartin Prosek
 
PDF
Mobile Broadband Optimisation 2011
byMartin Prosek
 
SDP Global Summit 2012
byMartin Prosek
 
SDP Global Summit 2010
byMartin Prosek
 
SDP Global Summit 2009
byMartin Prosek
 
CDN World Summit 2011
byMartin Prosek
 
Broadband Traffic Management 2011
byMartin Prosek
 
Broadband Traffic Management 2010
byMartin Prosek
 
3GOptimisation 2012
byMartin Prosek
 
SDP Global Summit 2013
byMartin Prosek
 
Mobile Broadband Optimisation 2011
byMartin Prosek
 

Recently uploaded

PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 

Mobile Identity 2013 - Optimising and simplifying authentication and authorization services

  • 1.
    Optimising and simplifying authenticationand authorization services_ Martin Prošek Telefónica Czech Republic 06.11.2013
  • 2.
    About Telefónica CzechRepublic Fixed and mobile voice and data, IPTV Operated under commercial brand O2 DISCOVER, DISRUPT, DELIVER
  • 3.
    Mobile Operator IdentificationSecurity • SIM card – secure asset giving access to the network, protected by PIN • DISCOVER, DISRUPT, DELIVER No further interactions
  • 4.
    SIM-based Identification • Simple, convenient • Fullysufficient for telco payments (voice, SMS, data…) • Fails in cases when Phone is stolen Phone is borrowed Data access is shared by WiFi Corporate users • • • • DISCOVER, DISRUPT, DELIVER
  • 5.
    Technical Solution –Internal Server AAA AAA Server Server IP address MSISDN resolving Authorization DISCOVER, DISRUPT, DELIVER
  • 6.
    Technical Solution –Internal + External Server Typical example: WAP Gateway Gateway AAA AAA Server Server IP address MSISDN resolving Header enrichment X-Nokia-msisdn: 420602607977 Authorization DISCOVER, DISRUPT, DELIVER
  • 7.
    Technical Solution –Internal + External Server GET / HTTP/1.1 Host: m.o2.cz User-Agent: Mozilla/5.0 (SymbianOS/9.3; Series60/3.2 NokiaE72-1/031.023; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 4 BrowserNG/7.2.3.1 x-wap-profile: "http://nds1.nds.nokia.com/uaprof/NE72-1r100.xml" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,cs;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cache-Control: max-age=0 X-Nokia-msisdn: 420602607977 HTTP/1.0 200 OK Server: Apache-Coyote/1.1, Apache-Coyote/1.1 Cache-Control: no-cache x-cocoon-version: 2.0.3 Expires: Fri, 31 Dec 1999 23:59:59 GMT Date: Wed, 06 Nov 2013 07:19:46 GMT Vary: Accept-Encoding Pragma: no-cache Content-Type: text/html;charset=UTF-8 Content-Encoding: gzip X-Cache: MISS from proxy1, MISS from Proxy1R Connection: close DISCOVER, DISRUPT, DELIVER
  • 8.
    Technical Solution –Smartphone Application API API AAA AAA IP address MSISDN resolving 420602607977 DISCOVER, DISRUPT, DELIVER
  • 9.
    Technical Solution –WiFi • • • • MSISDN - if operator‘s WLAN used Login by username password – otherwise MT SMS One-Time Password Tricks – cookies, certificates DISCOVER, DISRUPT, DELIVER
  • 10.
    Technical Solution –WiFi with MT SMS OTP SMSC SMSC API API Server Server MSISDN OTP OTP MT SMS OTP Authorization DISCOVER, DISRUPT, DELIVER
  • 11.
    Technical Solution –App on WiFi with MO SMS App App Operator Operator Server Server Token SMS with Token Authorization DISCOVER, DISRUPT, DELIVER
  • 12.
    Mobile Content Payments • • • Naturalextension of payments for telco services Mobile Payments with 3rd parties are next step Issues: Authentication not only for operator – mechant is included Intangible goods • • DISCOVER, DISRUPT, DELIVER
  • 13.
    Mobile Content PaymentsRisks • Communication is not direct anymore Operator Operator • Man-in-the-middle (M-I-M) attacks are possible Provider Provider • Even the app itself can compromise the payment security – App-in-the-middle (A-I-M)* App App • Operator Operator Provider Provider Operator Operator * Known examples: fraudulent Premium SMS sending… DISCOVER, DISRUPT, DELIVER
  • 14.
    Mobile Content PaymentsRisks Typical example: oAuth App App DISCOVER, DISRUPT, DELIVER Operator Operator Server Server
  • 15.
    Summary Mobile operators arestill in best position to assure reliable identification of Users. NETWORK BASED IDENTIFICATION Using SIM card Using other data (location, terminal information…) PASSWORD BASED IDENTIFICATION It creates reliable multifactor authentication IDENTITY FEDERATION Evolves from walled garden to modern web environment 15 DISCOVER, DISRUPT, DELIVER