Mobile Connect & FIDO

Similar documents
Scalable Authentication

FIDO Modern Authentication Rolf Lindemann, Nok Nok Labs

NOK NOK LABS AUTHENTICATION & OTT SERVICES

UAF Architectural Overview

How Secure is Authentication?

Ericsson Mobile digital identity

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Bringing MNOs an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator

Device-Centric Authentication and WebCrypto

TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator.

GLOBAL TELECOM INVOLVEMENT in the I D E N T I T Y E C O S YS T E M. July 2013

SECURE MOBILE APP DEVELOPMENT: DIFFERENCES FROM TRADITIONAL APPROACH

How To Build A Digital Business From The Ground Up

Date: Wednesday March 12, 2014 Time: 10:00 am to 2:45 pm ET Location: Virtual Hearing

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014

HOL9449 Access Management: Secure web, mobile and cloud access

Identity and Access Management Solutions MWC 2016

EMV-TT. Now available on Android. White Paper by

Market Entry Toolkit. Mobile Health Technology and Architecture: A Practical Framework for Technology Assessment for Mobile Health

esim for consumer devices MWC 2016 Telefonica S.A. Feb. 2016

How Secure is Authentication?

Encryption-based 2FA for Server-side Qualified Signature Creation

Samsung SDS. Fast IDentity Online

Delivery date: 18 October 2014

Can We Reconstruct How Identity is Managed on the Internet?

Integrity measurements for stronger cloud-based authentication

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

FCCX Briefing. Information Security and Privacy Advisory Board. June 13, 2014

A RADICAL NEW OPEN SOURCE Mobile Connect Accelerator (MCX) GSMA Approved Solution

OT PRODUCTS AND SOLUTIONS MACHINE TO MACHINE

Enhancing Web Application Security

FIDO Trust Requirements

Google Identity Services for work

A Standards-based Mobile Application IdM Architecture

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

Offer Specifications Dell Management Services (EMS): mobilencrypt

Privacy by Design in Federated Identity Management

M2M Solutions. Jose Rabello M2M Solution Sales Manager LATAM Gemalto Telecom Forum 2013

Addressing threats to real-world identity management systems

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

The Mobile Problem. Alex Bobotek Co-Chairman, M 3 AAWG October 2012 New Delhi, India

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

TRUST AND IDENTITY EXCHANGE TALK

TrustedX: eidas Platform

Identity Management in Telcos. Jörg Heuer, Deutsche Telekom AG, Laboratories. Munich, April 2008

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Neustar Intelligent Cloud Services

The increasing popularity of mobile devices is rapidly changing how and where we

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Smart OpenID: A Smart Card Based OpenID Protocol

Privacy by Design in Federated Identity Management

Secure the Web: OpenSSO

Mobilize your Enterprise in 60 Minutes!

Electronic approvals for forms FAQs

Server-based Password Synchronization: Managing Multiple Passwords

OpenID Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG

Improving Online Security with Strong, Personalized User Authentication

Secure Cloud Identity Wallet

Mobile Security. Policies, Standards, Frameworks, Guidelines

Network-based Access Control

TABLE OF CONTENTS. Introduction 3 OTP SMS Two-Factor Authentication 5 Technical Overview 9 Features 10 Benefits 11 About MobiWeb 12 Quality 13

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

SAML Authentication Quick Start Guide

Mobile Wallet Platform. Next generation mobile wallet solution

Copyright FIDO Alliance All Rights Reserved.

Single Sign On at Colorado State. Ron Splittgerber

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

OATH FAQ February 20, 2004

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

An Aujas White Paper MITIGATING SECURITY RISKS IN USSD-BASED MOBILE PAYMENT APPLICATIONS. By Suhas Desai

HCE and SIM Secure Element:

Location Based Services for Enterprise

Investigating Mobile Solutions for News Spreading! Anno Accademico 2011/2012!

Biometric Single Sign-on using SAML

Unifying framework for Identity management

ENTERPRISE MOBILE BACKEND AS A SERVICE EVALUATION CHECKLIST

KERBEROS ROAD MAP SAM HARTMAN MIT KERBEROS CONSORTIUM APRIL 7, 2008

SD Departmental Meeting November 28 th, Ale de Vries Product Manager ScienceDirect Elsevier

WHITE PAPER Usher Mobile Identity Platform

1. TYPES OF INFORMATION WE COLLECT.

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

QUICK INSTALLATION GUIDE ACTIVATE

Guideline on Implementing Cloud Identity and Access Management

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

RealMe. Technology Solution Overview. Version 1.0 Final September Authors: Mick Clarke & Steffen Sorensen

CA Performance Center

An Oracle White Paper Dec Oracle Access Management OAuth Service

How to Extend Identity Security to Your APIs

Leveraging SAML for Federated Single Sign-on:

Liberty Alliance. What's After Federation. Fulup Ar Foll Master Architect Sun Microsystems

Enrollment Process for Android Devices

Customer Identity and Access Management (CIAM) Buyer s Guide

Transcription:

Mobile Connect & FIDO

About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well as more than 230 companies in the broader mobile ecosystem

Mobile Connect: a convenient and secure alternative to passwords that also Protects consumers privacy Easy to use as it uses the mobile phone for authentication (i.e. no passwords) Anonymous but secure log-in (no passwords to steal, improved user experience, reduce friction) Adds trust into digital transactions (e.g. by confirming location, user identity, usage) Protects privacy (operator confirm credentials, user gives consent for sharing) Reduce SP fraud through assurance that there is as real person behind the account Simple and cost effective for MNOs to deploy, leveraging existing operator assets

Mobile Connect and FIDO both seek to replace passwords Or Something I Know Something I Have Something I Have + Something I Know Something I Have + Something I Am

FIDO objectives align well with those of Mobile Connect Both FIDO and Mobile Connect are addressing the same problem: easier, safer online authentication Both FIDO and Mobile Connect leverage the mobile phone to achieve this Whilst Mobile Connect uses existing MNO services for authentication (SMS, USSD, SIM Toolkit) FIDO leverages the local device authentication on the phone itself In doing so, both provide easy, secure two- factor authentication Both also provide a pluggable framework that can support a variety of security levels as well as supporting new authentication methods as they arise

Synergistic fit using FIDO for the first mile of Mobile Connect Service access request Service Provider Tablet/desktop Authentication request SIM applet protocol (CPAS8) MNO Second mile SIM applet AuthN server Identity GW FIDO UAF protocol Mobile phone with FIDO client First mile AuthN server A key difference between FIDO and Mobile Connect is that FIDO purposefully focuses solely on the first mile authentication itself whilst Mobile Connect also provides a federation layer via OpenID Connect

FIDO can be integrated into Mobile Connect to extend the range of authenticators Authentication MNO Mobile phone with FIDO client MFAS Identity GW Leveraging FIDO enables users to authenticate using existing authentication mechanisms on their mobile phone including biometrics the user becomes the credential (Something I am)

Mobile Connect and FIDO UAF integration: White Paper Main objective: Overview of FIDO Architecture and use cases Integration of FIDO UAF authenticators into Mobile Connect arch Status: Co- developed between GSMA, MNOs and FIDO members First draft finished and out for review within FIDO Alliance and GSMA; targeting publication by end June Left for a second phase: UICC based FIDO authenticator Use of UICC to enhance FIDO implementation security FIDO U2F integration

Mobile Connect and FIDO UAF integration building blocks Device Push Notification System (ex. Android GCM) INT 4: Notification system interface (client-side) INT 5: Notification system interface (server-side) User Mobile Phone Client Side Mobile Connect App INT 1: FIDO Transport Binding Protocol MNO Server Side IDGW% IdP FIDO%Authen,cator% INT 3: FIDO defined (OS dependent) FIDO Client INT 2: Vendor dependent interface FIDO Server ASM FIDO Authenticator FIDO Metadata Service

Matching of FIDO policies to OpenID Connect acr_values Service Providers need to be able to both specify and receive feedback on the type of authenticator used Mobile Connect uses Level of Assurance (LoA) values (ISO 29115) in the OIDC request acr_values params, so the SP can indicate the authenticator class that should be used FIDO uses the FIDO Policy to describe the required authenticator characteristics for accepted authenticators Options: Expand the list of acr_values to accommodate additional LoA/policies Capture SP requirements at registration to the Mobile Connect service and propagate via the Mobile Connect federation

Next steps GSMA White paper Continue Working on open issues related to the integration of the FIDO authentication framework with Mobile Connect Improve the document with feedback from the PoC FIDO/GSMA/MNO PoC (June/July) Prototype of FIDO integration into an end- end Mobile Connect implementation: Telefonica + NokNokLabs Targeted for Mobile World Congress Shanghai MNO/SP beta trial (post MWCS) Live implementation and trial of FIDO authenticators within a Mobile Connect service provided to an SP

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information