It’s quite common, nowadays, for people to have a dozen online accounts – if not many more – for a wide range of uses: email, e-commerce, banking, eGovernment, and so on. The upshot is that we have a whole array of log-ins and passwords, or else we use the same one for dozens of different applications. It’s a phenomenon that is anything but satisfactory and practical, not only as regards simplicity, but also for your online security: authentication using a log-in and a password is nearing saturation point!
Online identity: an issue the Internet was ill prepared for
In a world that is going digital at breakneck speed, identity is a key concept because it is fundamental to trust-based transactions, whether between individuals or between individuals and online services. We’ve all heard about those massive thefts of passwords from a number of providers, and of identity theft. This leads to mistrust among users or complicated defence strategies to step up security. The challenge is, therefore, to propose an authentication process that is simultaneously secure, simple and universal, where today there are as many log-ins and passwords as there are online services. “The Internet was originally designed as a vast encyclopaedia, the aim being to be able to index and retrieve information online and not to identify individuals,” explains Pierre-François Dubois, VP Product Marketing at the Orange Technocentre. “Mobile networks, on the contrary, designed a highly sophisticated system for identifying people right from the outset, so that they could be reached at any time using a telephone number twinned with a SIM card. I’m convinced that mobile telephony operators are in an ideal position to respond to the issues of security, simplicity, and universality in connection with digital identity.”
GAFA become identity providers…
At the end of last decade, the first firms to grapple with this issue, were, as so often, the “GAFAs” (Google, Apple, Facebook, Amazon). Through their standardized Application Programming Interfaces (API), players like Facebook and Google encourage web services to integrate an authentication system using the social network or email account. Dubbed Facebook Connect and Google Sign-In, these functions have transformed the two Californian web giants into authentication solutions. “It’s the start of a response to the need for simplicity, enabling users to avoid the explosion of passwords. But it comes at a price: you have to agree to share data connected with your Facebook or Google account, and hence allow them to track all your online browsing activity.”
…and governments begin to focus on citizens’ Digital Identity
Another major event is to be sought among national governments, and in particular the European Union, which in 2014 adopted a regulation on electronic identification and trust services. The aim here is to establish an electronic identity (eID) similar to an online identity card that would enable an EU citizen to digitally carry out cross-border procedures easily and in complete security: a sort of digital passport for all. The ideal solution has yet to be found, but the deadline is fast approaching, as there is talk of 2018 for its initial deployment.
A strategic role for carriers
Within that equation, and faced with these upheavals, mobile telephony operators occupy a unique position to leverage a top trump card, namely the identifier comprising a telephone number to which data on the customer are linked, along with the SIM card on which it is possible to record a 100% confidential secret code known only to the customer, which could become a universal password. Consequently, it is possible to imagine an authentication process based on the SIM card – and that is exactly what the Mobile Connect project is designed to achieve.
The Mobile Connect answer
Developed by the GSM Association (GSMA) at the initiative of several operators including Orange, Mobile Connect is accessible to over 2 billion users worldwide, who would all gain first of all in simplicity when required to authenticate: you would simply need to enter your mobile number on the website of your choice (one that is compatible with the Mobile Connect standard) and then the secret code on your handset and you’re home and dry in complete security, because the solution is based on a secure platform built into the SIM card, which is already acknowledged for its intrinsic security. In addition, the sharing of attributes or personal and contextual information is systematically subject to the customer’s prior authorisation, while their private data are sheltered from any uploading by the sites on which they identify themselves – an unparalleled guarantee of personal data privacy.
“Today, the system has between 60 and 80 million active users worldwide, adds Pierre-François Dubois. In Spain, for example, all operators there launched the service over a year ago. And in 2016, it was singled out at the Mobile World Congress for two awards in the “Authentication & Identity” and “Outstanding Innovation for the Connected Life” categories. The digital identity revolution has begun!”