Mobile Connect : Digital Authentication In Revolution

With the digital economic expansion, security and privacy on interactions in online space is becoming inevitable necessity. Catering for that motive, GSMA introduces Mobile Connect - a digital identity solution that provide a safe, seamless and convenient consumer experience, a consistent user interface and low barriers to entry across the digital identity ecosystem.

Mobile Connect in nutshell is a secure universal identity solution which is based on mobile operator facilitated authentication that provides simple, secure and convenient access to online services. It combines the user’s unique mobile number and PIN to verify and authenticate the user within the Mobile Connect ecosystem. By reducing the need to remember multiple usernames and passwords, Mobile Connect eliminates end user frustration, ensures less abandoned transactions and drives more repeat business.

Why one identity solution is needed — source : GSMA Consumer Research 2015

Why Mobile Connect ?

Following video gives high-level overview on the power of Mobile Connect in spoken word poetry.

Simple : No more pain in remembering username/password

Each and every website and app require you to register and set up a username and password. More registration that you do, more the frustration of remembering different username and password combinations.With Mobile Connect, there’s no need for multiple passwords or user names as it is just one simple tap away..

Private : No more worries on personal information sharing

How many times that you logged in using your social media log-in details just to bypass the pain of remembering username and passwords. But do you really aware on the personal information that will be shared with the third party and most importantly does that happen with your consent ? With Mobile Connect, no personal information is made available to the website or app you’re logging into without your consent.

Privacy : No more complains on password hacking

What if your password is in someone else control ? As Mobile Connect uses mobile device for verification, compromising the mobile connect account will be sufficiently difficult task for black hats.

How it works ?

Following process sequence diagram illustrates the Mobile Connect process flow in an abstract way.

How Mobile Conenct works — Source :
1. End user clicks on Mobile Connect button to access service.
2. Application requests end user operator details from the Discovery service.
3. Discovery responds with the operator details.
4. Application makes an authentication request to the end user operator, using OpenID with Mobile Connect profile.
5. Operator sends authentication request to end user.
6. End user authenticates themselves using their mobile device.
7. A PCR specifying a specific end user is returned.
8. Access granted.

For more information on how Mobile Connect works visit the official site here. You can also refer this blog which explains in-depth of the Mobile Connect and its use cases.

Live Demo Explanation

For better understanding on the Mobile Connect concepts and its real world usage, follow the steps bellow to test it with your own mobile phone.

A simple demonstration application can be downloaded from here. Go through the steps in the readme to set up the application in your environment.

When you navigate to http://localhost:8080 you will find the following screen on the browser.

Click on the Mobile Connect Log-in icon to log in with Mobile Connect. When you click it, following pop up will be displayed.

Enter the mobile number you provisioned in the sand box. It will identity the operator and will send the authentication request. You will see the following screen indicating that authentication is in process.

In the mean time you will receive a SMS to your mobile phone as a verification for authentication.

Click on the link and you will see a successful authentication message and in the browser you will be logged in to the site.

That’s it. That is simple as that. One simple tap and you are salvaged from the pain of traditional basic authentication. Why not give a try to implement it with your application ?