Q & A

Q & A

What is the GSMA Personal Data Programme?

The Personal Data Programme 2014/15 has been built on the successes and strategic insights delivered by the work of the GSMA Mobile Identity Programme in 2013. Development of digital identity services has been prioritised by the GSMA Board, and the Programme with its operator partners will work together to deliver digital identity solutions to market with scale, seamless consumer experience, consistency of technology and low barriers to entry across the digital identity ecosystem.

What is the overall objective of the Programme?

The Programme is aimed at both driving the introduction of new services and the expansion of existing services around the world. The programme’s objective is to put mobile at the heart of managing digital identity. We think that now is the time for mobile operators to act, and the GSMA is focused on developing a consistent and standardised set of services for managing digital identity across the mobile industry. The GSMA is working with all leading mobile operators around the globe and also working in-county with a broader set of ecosystem players, such as governments, banks and retailers, to help roll-out mobile enabled digital identity solutions.

What is digital identity?

Digital identity services provide customers with the ability to authenticate and identify themselves remotely and securely via their mobile phone when using digital services. This opens up a range of opportunities for both mobile operators and consumer-focused service providers to build a rich suite of offerings for their customers, while ensuring the user’s private and confidential information is kept safe.

It also provides new options for consumers, who can chose to remain anonymous for the service provider – in the same way as providing a self-selected username and password. The identifier used by the mobile operator to manage the log-in credentials of the consumer may not have to be shared with the service provider.

What does authentication mean?

Authentication describes the process of establishing or confirming that someone is who they claim to be. In the digital spaces it refers to a person verifying or confirming their association with an electronic credential.

Why does digital identity matter?

There is a significant increase of online services being accessed via mobile devices, from government services to social networking. Unfortunately, this is accompanied by an increase in online identity thefts. Mobile operators, with their differentiated identity and authentication assets, have the ability to provide sufficient authentication to enable consumers, businesses and governments to interact in a private, trusted and secure environment and enable access to services.

In addition, for services which are accessible via the mobile device, standard log-in processes can be cumbersome, while leveraging existing mobile assets would significantly enhance the consumer experience through seamless login. In short, there is a growing need in the market for digital identity management with operators being in a unique position to address this opportunity with existing assets.

Why is the time for mobile enabled digital identity solutions now?

Digital identity solutions delivered via the GSMA Personal Data Programme are a response to market fragmentation and lack of a seamless authentication and identification systems that guarantee privacy and security to the end user. If not fixed, this will create barriers to market digitalisation and social inclusion. What mobile-enabled digital identity aims to deliver are new services to business and service providers that leverage on existing mobile operator assets and new credential management capabilities.

Do mobile enabled digital identity solutions use the phone number as a username?

It depends on the use case, as there are advantages and disadvantages of using the mobile number as the username. For lighter authentication scenarios, such as a website login requiring a relatively low level of security, successful models have shown that prompting the customer to use the mobile number is helpful as it’s easier to remember than an additional username and passcode combination. For stronger authentication and identity verification use cases, additional requirements may be added.

Why are mobile operators well positioned to provide digital identity solutions?

With their differentiated assets such as the SIM card, strong registration process, authentication, fraud detection and mitigation processes, mobile operators have the ability to provide sufficient authentication to enable consumers, businesses and governments to interact in a private, trusted and secure environment and enable access to services.

What is second factor authentication or multiple factor authentication?

Multiple factor authentication provides additional security layers compared to standard methods of authentication. In most cases it combines something I know (like a passcode or username) with something I have (like my mobile phone or SIM) or Something I am (for example biometrics). Mobile is potentially strong in delivering additional factors of authentication, as the mobile phone/SIM card is something I have but it can also be something I am, for example my location, my behavioural profile or simple biometrics (fingerprint scan, face recognition). In case of my mobile, I could be asked to confirm ownership of the mobile device with a one-time passcode delivered via SMS or via an applet installed on the SIM card.

What is mobile signature?

Mobile signature is a way of using the mobile as a replacement for legally binding ‘wet’ signatures utilising the highly secure environment of the SIM or a server to house certificates for message encryption. Users can sign and send documents, securely transmit and authenticate messages and m-payments, and provide verified ID for e-services. Enterprises and other service providers like governments or banks can verify the authenticity of messages, payments, and “permissions” for access based on the legal validity and non-repudiating feature of the mobile signature.

Why has the GSMA chosen to be part of the Open ID Connect Forum?

The GSMA’s role is one of helping the mobile operators deliver valuable propositions and services globally to their customers in a consistent way. We have found that one such area that is growing in importance for the industry is the use of the mobile phone by consumers for authenticating or identifying themselves to services they use.

At the GSMA we have been working with many of our mobile operator members for the last two years to launch varying identity solutions across the globe, using the mobile phone for user authentication and identification. These solutions covered legally binding authentication for government services (mobile signature) to single-sign on solutions which provide users with access to operator and 3rd party content. These solutions were customised and optimised for the local market and whilst most of them utilised operator assets to deliver a level of security and assurance which could hardly be matched by other market players, they were also using older identity and authorisation protocols such as Open ID 2.0 and OAuth 2.0 and this approach didn’t help to make operator solutions competitive on a global level.

In order to achieve global scale and ease of implementation both for Mobile Operators and for the Service Providers they work with, it is important to have a consistent approach for the Service Provider to integrate with the Mobile Operators and this is what Open ID Connect provides. With OpenID Connect, the Mobile Operator community will be able to swing behind a single technology, and one which best meets the needs for providing authentication and identity services for the next generation of mobile and online services.

An important consideration for the GSMA was the ability for its members to work alongside other companies within the OpenID Foundation to create the Open ID Connect standard; by doing so, the resulting standard accommodates the requirements and needs across a whole range of devices and access channels (mobile, Internet etc.) hence driving economies of scale as well as ensuring a consistent and coherent experience for consumers.

How secure is mobile enabled digital identity technology?

Security has been critical to the success of GSM technologies, which used cryptographic solutions and smart card technology to provide security levels for mobile users that had not previously been seen. The evolution of third and fourth generation mobile technologies has facilitated the development and use of even more robust security features because the increased data speeds enable the deployment of more complex security protocols without negatively impacting the end user performance.

The security of services and customer data is vital to the success of mobile identity services as customer confidence is critical. Industry defined technical standards enable a range of security features that provide authenticity, confidentiality and integrity to verify the identity of communicating parties and to protect traffic and data against interception and modification. Whether data is being communicated across mobile networks or stored within dedicated security domains on the SIM card, (which has proven itself to be tamper resistant and resilient to attack), robust measures need to be implemented to provide adequate security levels that meet the requirements of users and regulators.

When will mobile enabled digital identity technology be ready for delivery?

Mobile enabled digital identity services are already available in many countries today. The GSMA is working on standardising the approach the operators are taking in order to achieve consistency and predictability in the market.

Is the password dead?

This might be an overstatement, but it is increasingly clear that the technological means by which identity is created, managed and asserted in the digital world appears increasingly inadequate as consumers are looking for a mechanism that gives them confidence but more importantly ease of use.

Report: Mobile Connect Turbocharges New Services How Turkcell’s mobile authentication service is helping Turkey’s start-ups to grow This case study explores how Turkcell is harnessing the global Mobile Connect authenticatio...

Read more | See all Identity Resources

Identity Hangout: Decentralised Identity – Material The GSMA Identity team was joined by Andrew Tobin from Evernym to discuss the role of identity and the mobile industry in decentralised identity. Presentation Audio...

Read more | See all Identity Resources

MWC19 Barcelona Seminar Presentations The industry seminars at Mobile World Congress have developed a reputation for being one of the leading ways in which to discover the plans and motives of any given market. Below...

Read more | See all Identity Resources

Mobile Connect Platforms & Operations services The GSMA offers a series of technical platforms and services designed to help mobile network operators and service providers deploy Mobile Connect successfully. This document co...

Read more | See all Identity Resources

The Identity Guide to MWC 19 Barcelona With mobile internet traffic accounting for more than half of all global online traffic, the nature of digital identity is changing. Our impressions and personal information are ...

Read more | See all Identity Resources

Presentation: Identity Hangout Delivering Identity Services The first Identity Hangout: Delivering Identity Services on 5 December explored the value and commercial scalability of mobile-based identity services. The online event was targ...

Read more | See all Identity Resources

Biometric authentication is getting stronger – so we’ll be seeing David Pollington, Head of Service Access, Identity, GSMA Biometric authentication has been around for some time but is now becoming mainstream. Why? It’s mostly down to the wea...

Read more | Visit Identity Blog

Digital Identity: if you Streamline it, They Will Come Digital startups face all manner of challenges, and identity is no exception.  However strong the service offering, if registration and login processes detract from the user exp...

Read more | Visit Identity Blog

Flash News: Multi-factor Authentication Gains Traction Report says SMS is the most widely used method of adding an extra layer of security Almost 30% of businesses are now using multi-factor authentication to enable customers to acce...

Read more | Visit Identity Blog

News Flash: Big Names Back Digital ID Start-Ups SoftBank, Salesforce, Microsoft & PayPal make strategic investments in ID innovators SoftBank Investment, Salesforce Ventures and M12 (formerly Microsoft Ventures) all partic...

Read more | Visit Identity Blog

News Flash: Australia Accelerates Digital Identity Push Federal government allocates additional funds for myGovID system Australia’s government has injected a further AUS$67 million (US$48 million) into the development of its myGovI...

Read more | Visit Identity Blog

The Future of Digital Identity is Simplicity, Decentralisation and Con Last year was a complicated one for digital enterprise, with highlights and more bracing moments – and at the centre of that developing picture has been digital identity. On on...

Read more | Visit Identity Blog

Identity Hangout: Controlling fake online identities June 12, 2019 Hear what´s new in the identity space. This Hangout will focus on fake online identities and how the mobile industry can help control it....

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2019 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.