Mobile Operators Unite...I mean, Secure!

Good analysts are objective and do their best to avoid personal bias from creeping into their analyses, whereas an old analyst has not only bias but history to overcome  I am too old not to be biased and too biased not to hear the same old tune in new announcements. For a new initiative to gain my interest – to “break through,” as it were – requires something truly dramatic. Regarding mobile identity, for example, it required that Gemalto (News - Alert) remind me that I was doubling the amount of logins with my adoption of the Internet of Things.

The GSMA announcement concerning “Mobile Connect” brings many carriers and vendors together in an attempt to navigate the tricky road of identity management. For me, I can easily say that on any given day I am authenticated by roughly 10 sites and use various tools to connect to many of the same sites. So math being what it is, that means I am accountable for some 20 logins per day. Now I know it’s bad practice, but like so many of us I repeatedly use the same IDs and passwords for the sake of convenience. One good way to circumvent potential problems with this common problem is to trust one authority that will authenticate you to others, such as OpenID. In effect, this is what GSMA has done with SIM cards and Mobile Connect, as it explains:

“Mobile Connect will provide a streamlined experience for users; they will no longer need to create and manage multiple user names and passwords as the authentication and identification solution being developed will use the subscriber’s mobile phone number or mobile user name and information contained in the secure SIM card. The standard-based Mobile Connect service will utilize the OpenID Connect protocol, offering broad interoperability across mobile operators and service providers, further ensuring a seamless experience for consumers.”

So apparently I am in a demographic that wants OpenID to succeed. Or I would be, anyway, if I didn’t adhere to the classic Groucho line, “I would never want to join a club that would have me as a member.” Consequently, whenever I visit one of my “trusted” sites and see a Facebook (News - Alert)-friendly logo, I usually get an eerie feeling that my need for better identity management is being usurped by an algorithm that is seeking to sell stuff to me. I do long, though, for having trust in something that does not appear to regard me as a mark, one it can pass through to the green coffee sign or the golden arches. That said, a SIM card is a pretty good strategy on how to talk to me about my mobile identity. 

The GSMA may have gotten past the mobile identity concerns by bringing in a lot of companies to deliver a solution that supports the OpenID protocol. At this point, the Mobile Connect solution is a global one that works almost everywhere in the world (that is, of course, except for the U.S.). Take the carriers, for instance. Axiata Group Berhad, China Mobile, China Telecom, Etisalat, KDDI, Ooredoo, Orange, Tata Teleservices, Telefónica, Telenor, Telstra (News - Alert) and VimpelCom are all participating in the initiative to use mobile phone accounts for authentication. The Mobile Connect service offers a single, trusted, mobile phone number-based authentication solution “that fully respects their online privacy.” In addition to the operators, companies such as Dailymotion, Deezer, Gemalto, Giesecke & Devrient (News - Alert), Morpho, Oberthur and VALID are also supporting Mobile Connect.

From an M2M standpoint, the places where we should see the most impact with Mobile Connect is in e-government, retail/POS, telemedicine and banking.

In its supporting press release, Gemalto demonstrates the power of connecting to an existing standard, stating is supporting both Mobile Connect and its own Mobile Trust Net with the same effort.  Accordingly, the company can demo its capabilities at Mobile World Congress (News - Alert), where visitors to the Gemalto stand will see the Mobile Trust Net in action. Key examples being:

• In Hong Kong, the UpTeq Multi-tenant NFC SIM is allowing residents to use their mobile NFC devices to pay for travel on public transport, shop at retail outlets and pay for car parking.
• In the M2M sector, Gemalto is enabling automotive OEMs to deploy innovative service offers to end customers, using the Advanced Subscription Manager to support instant connectivity and flexible mobile subscription.
• In mobile retail, enterprises are partnering with Gemalto to strengthen and personalize customer relationships, using tools that include powerful, multichannel mobile wallets to reach beyond payments and encompass the entire shopping experience.

With multiple Internet of Things devices in our lives, the security hazards of identity self-management are a hacker’s dream come true, and Mobile Connect may very well be the safest harbor we can hope for going forward.