Mobile Identity allows mobile network operators (MNOs), identity providers (IdPs) and service providers (SPs) to take advantage of the rapidly growing and changing e-Identification market.
The e-Identification market covers a wide range of online and in-person identification solutions, including electronic tax records, passports, driver’s licenses and medical records. As such, in a time of declining revenue from traditional telecom services, Mobile Identity offers MNOs a new business opportunity to store this information on the SIM card and, where appropriate, how to authenticate, manage and use these identities online.
GSMA developed Mobile Connect, offering digital identification and authentication to IdP and SP online systems. It provides a secure, seamless and convenient consumer experience. By offering a consistent user interface with low barriers to entry across the digital identity ecosystem, MNOs and SPs can enable and empower the consumer with Mobile Identity on a global scale. Mobile Connect is a simple, secure login system that enables consumers to access their online accounts with just a single click or, where appropriate, automatically. Mobile Connect can also provide different levels of security, ranging from low-level website access to highly secure government or bank-grade authentication, promising to make passwords a thing of the past.
In addition to potentially storing consumer identity credentials on the SIM, Mobile Connect can function as a companion service to applications stored on the SIM, used for identification in person and helping MNOs manage consumers’ digital identities across multiple online services, ranging from access to content and services on the web to more secure e-government and banking services.
The benefits of working with UL
Mobile Identity allows MNOs to target new types of IdPs and SPs that they traditionally have never been able to view as customers. For these new IdPs and SPs, the e-Identification market enables them to select the MNO of their choice to store their valuable consumer credentials. They can then complement this with Mobile Connect, creating an innovative secure service allowing their end consumers to be identified and securely authenticated at the required Level of Assurance (LoA). It is important for IdPs and SPs to understand the relevance of this topic to their businesses to stay current, helping to ensure they do not miss any opportunity.
Questions that typically arise for IdPs and SPs are
- How secure can the IdP and SP be (LoA is often determined by the enrollment process)?
- How much will the IdP and SP be in control of issuance and revocation?
- How much does the MNO know about the user and the user’s IdP and SP related data?
- How can the electronic document be read (especially if the document is not used online, but needs to be read via the NFC interface)?
- What data is required on the reading device?
- What type of authentication is required on the reading device?
- How to onboard SIM and Mobile Connect
- Overall, how to develop, test and deploy an e-Identification solution?
Any SP introducing e-Identification services should consider protecting data and preventing online fraud. Consumers and all business players in the Mobile Identity ecosystem need to be assured that the data they share is secure and treated appropriately. How do we guarantee that the highest appropriate level of security still delivers the required level of interoperability? UL can help answer all these questions and guide you toward implementing e-Identification solutions, including electronic passports, driver’s licenses and other types of identification.
For MNOs, UL offers assistance with Mobile Identity deployments via their strong and proven understanding of the e-Identification market, starting from defining requirements and design to developing and implementing the solution.
Alongside that, MNOs, IdPs and SPs can rely on UL’s test services, test tools and certification programs to roll out an implementation that is secure while also guaranteeing worldwide interoperability.
Not familiar with the latest developments? UL delivers training programs to increase knowledge of MNOs and SPs with regard to possibilities and challenges of Mobile Identity implementations.
Rely on UL to provide you with insight and knowledge of:
- Latest trends and developments, initiatives in the Mobile Identity domain
- Challenges MNOs and SPs face in terms of security, interoperability and service management, and how to manage these challenges
- Architecture and requirements designed? to roll out Mobile Identity technology
Key standards we are acutely aware of include:
- GSMA CPAS01 Proposition Definition and Requirements
- GSMA CPAS2 High Level Design
- GSMA CPAS3 Level of Assurance definitions
- GSMA CPAS4 Authenticator options
- GSMA CPAS5 OpenID Connect profile
- GSMA CPAS6 Identity GW functional architecture
- GSMA CPAS7 Operator Discovery & Federation
- GSMA CPAS8 SIM applet authentication specification
- GSMA CPAS9 Nonfunctional requirements & operational guidelines
- GSMA CPAS10 Operator deployment options
- GSMA CPAS11 Identity & Attribute services
- GSMA CPAS12 OpenID Connect Premium Info spec
- GSMA CPAS13 Mobile Signature Service specification
- ISO 29115 Entity Authentication Assurance Framework
- NIST 800-63-2 – Electronic Authentication Guideline
- ICAO Doc 9303
- Council Regulation (EC) No 2252/2004 and C(2006) 2909
- ISO/IEC 18013
- Commission Regulation (EU) No. 383/2012
- Regulation (EU) No. 910/2014 of the European Parliament and of the Council