The pervasive use of mobile devices and their integral role in accessing online services has created new opportunities for online authentication. At the same time this trendit poses significant challenges to provide a secure and usable mechanism for protecting sensitive data. There are several existing authentication methods with varying degrees of security and ease of use. For example, on one end of the spectrum we have systems that rely exclusively on passwords. These systems are easy to use but very insecure. Other the other end we can think of systems relying on traditional PKI based hardware tokens. These are hard to setup, and often equally hard to use., Between these two extremes we have a range of solutions such as one-time-code (OTC), one-time-password (OTP), SMS text, out-of-band (OOB) delivery of credentials. Each of these approaches has its own pros and cons in terms of user experience and security. In general, existing authentication solutions that are easy to use often lack in security and solutions that are very secure are invariably not so easy to use.
There is a need to have a secure authentication method with good user experience that leverages the existing available standards and technologies which make it easy to deploy. Mobile Connect is designed to address this need. Mobile Connect relies on existing standards, including OpenID Connect, and ETSI Mobile Signature Service, and is backed by GSMA, an international alliance of more than 800 mobile network operators worldwide. It enables mobile authentication with different levels of assurance. The technology behind Mobile Connect makes it possible for seamless rollout with minimal effort from Service Providers. For end users, the solution works on most if not all mobile phones, regardless of whether these are smart phones or feature phones.
In this talk we will introduce Mobile Connect, talk about deployment architecture and discuss various application use cases that address the security and usability needs of a world that is becoming increasingly mobile. We will also discuss how Mobile Connect and FIDO can complement each other and deliver solutions that break the traditional silos of authentication methods. In particular, we will cover the following topics:
1. Online authentication background, existing solutions and their limitations
2. Overview of Mobile Connect and the existing standards and technologies it relies on.
3. Example of how Mobile Connect can complement existing solutions
4. End user experience with respect to the use of Mobile Connect.
5. Technical as well as business related challenges that influence adoption of Mobile Connect.
Watch the Talk Video
