To quote the GSMA mission for Mobile Connect:
Mobile Connect is a secure universal log-in solution. Simply by matching the user to their mobile phone, Mobile Connect allows them to log in to websites and applications quickly without the need to remember passwords and usernames. It’s safe, secure and no personal information is shared without permission.
Exomi provides a full Mobile Connect platform for mobile operators as an on-site installation or on a hosted basis. The solution, which is based on Exomi’s Mobile Identity platform, allows operators to join the global Mobile Connect ecosystem, offering their subscribers a valuable service through increased security, privacy and convenience. At the same time, the operator regains better control over third-party content providers and can monetize customer information with their consent.
Through the use of different Levels of Assurance (LoA), services needing user authentication, authorization of transactions or access to operator resources can be ensured of user identity and consent through the methods available. The Mobile Identity platform will automatically apply multiple factors of authentication to ensure that the required assurance level is met. The authenticators employed include:
- Transparent authentication using mobile network resources to identify the SIM being used without any interaction with the user (“what you have”)
- Click-to-continue proving possession of the mobile device (“what you have”)
- Personal PIN code entry (“what you know”)
- Biometric or behavioural authentication (“what you are”)
The technology channels available include mobile apps, USSD, SMS and SIM toolkits and integration with existing single sign-on and user directory systems.
Like any other Mobile Identity platform event, also Mobile Connect authentication and authorization events produce security tokens that integrate the user’s identity, permissions granted, validity time and other attributes. The use of tokens makes these events far more secure, traceable and valuable than the traditional method of transmitting MSISDNs to all services that required user identity.
Through the use of additional Exomi solutions, operators can utilize security tokens to control access to resources such as SMS delivery, billing and carrier APIs on an extremely granular basis and always instantly trace transactions back to the user’s consent and device used.
Contact us for an in-depth analysis on how we can take your partner ecosystem and customer protection to the next level.