Mobile Connect (GSMAMC)

Wed, 09/09/2015 - 18:56 -- pottol
  1. Mobile Connect (GSMAMC): it is a standard developed by GSMA (http://www.gsma.com/personaldata/mobile-connect).

GSMA is a “Confederation of European Posts and Telecommunications (CEPT) to design a pan-European mobile technology”, like standards: GSM, GPRS, GSMAMC, etc; those were adopted outside EU, too. 

On March 3rd, 2015 GSMA has declared (see http://www.itnewsafrica.com/2015/03/gsma-mobile-connect-launches-in-13-countries/ ):

  1. a) 17 Mobile Network Operators have started “Mobile Connect” in Asia and Africa, like: Etisalat (MED e Africa), Robi (Bangladesh), China Mobile, China Unicom, Indosat (Indonesia), etc.
  2. b) GSMAMC should be shortly started in EU, by proper cooperation with telco operators; among those: Telecom Italia and Vodafone (IT, DE, UK)

 

  1. GSMAMC meaning: it is a mapping between MSISDN (the cellphone number, univoque) to personal identity of user; it is intended to be used instead of usual credentials (login & password). That is, the authentication is performed by "something you have": the device.  Authorizzation configuration: the user could choose for which applications (and which sites) the MSISDN authentication should be switched on, according to the GSMAMC. In the case, it should be switched on entirely

 

  1. GSMAMC Reliability: the MSISDN is assigned only after screening performed by a CEPT (es. TIM, Wind, 3, Vodafone) of a valid ID. Only after the archiving of a proper ID copy the MSISDN is added to the SIM. So, it should be a one-to-one map between MSISDN and ID (not vice-versa, since an ID could have mapped more MSISDN). So the authentication should be stronger than usual web site ones.

 

  1. GSMAMC Limits: the mapping MSISDN <-> ID should be altered because: device robbery, buyer != user, MSISDN spoofing (http:// wholesalesolutions.orange.com/content/download/30332/283872/version/1/file/SS7+anti+spoofing+solution+2014.pdf )

 

  1. GSMAMC working: Mobile Connect is an additional function of IAM systems, in order to execute the followig: read MSISDN from device (SS7 function), share to IAM system and use instead of user/password 

 

  1. GSMAMC Implementation: there are many IAM solutions already covering the needed GSMAMC functionalities:

6.1) OpenID Connect: identity layer on top of OAuth 2.0: http://openid.net/developers/libraries/

Used by Deutsche Telekom (seehttp://alexandra.dk/sites/default/files/arrangementer/rump-session/oidc_dt_20140202.pdf )

6.2) ForgeRock/OpenAM (see http://docs.forgerock.org/en/openam/12.0.0/admin-guide/ )

6.3) Ericsson: www.etalio.com

6.4) Orange: http://www.orange.com/en/press/press-releases/press-releases-2014/Orange-announces-Mobile-Connect-a-secure-authentication-solution-for-accessing-digital-services-from-mobile-devices