Mobile Connect Technical Overview
Mobile Connect is provided by a global network of Mobile Network Operators and delivered via a standardised technical interface.
Authentication is always provided by the end-users' Mobile Operator. The GSMA provides the API Exchange which brings the operators and developer together by providing the Discovery API that allows developers to identify the end-users operator.
Mobile Connect currently uses two APIs:
- The Discovery API enables your application to recognise the mobile network being used and whether Mobile Connect is available for that network. It also provides your application with the various URLs for the Mobile Connect service corresponding with the end-user's network.
- The Mobile Connect Profile v1.1 API allows the end-user to authenticate themselves using their Mobile Connect user account while Mobile Connect Profile v1.2 API adds support for authorisation and identity services in addition to authentication.
These APIs are based on industry standard RESTful API principles. Each API is provided over HTTP protocols so that you can incorporate Mobile Connect in your application regardless of the programming language or operating system you are using for development.
Level of Assurance
A Level of Assurance, describes the degree of confidence in the processes leading up to and including an authentication. It provides assurance that the entity claiming a particular identity, is the entity to which that identity was assigned.
During a Mobile Connect API authentication request, the application declares the degree of confidence that is required in the returned (asserted) identity. The greater the risk associated with an erroneous authentication, the higher the Level of Assurance recommended.
Mobile Connect allows end-users to verify themselves using their mobile phone. An authenticator is the method by which this verification takes place. A number of different authenticators are supported by Mobile Connect.
The authenticator used will depend upon the individual operator and the Level of Assurance requested. To improve the customer experience, operators in a particular country will normally work together to provide the authenticator options for all end-users.
The table below illustrates the different authenticators and the Level of Assurance they offer..
|Seamless Authentication||Authentication is automatically handled by the operator is the user is connected via the operator network.||●|
|SMS+URL||The end-user verifies themselves by clicking on a link in an SMS.||●||●|
|USSD||A USSD session is initiated allowing the end-user to verify themselves.||●||●|
|SIM Application Toolkit||A Sim Toolkit session is initiated allowing the enduser to verify themselves.||●||●||●|
|Smartphone application||A native application that allows the end-user to manage their verification.||●||●||●|
A more detailed overview of authenticators can be found in the documentation section.
PCR stands for "Pseudonymous Customer Reference". This is a unique identifier that Mobile Connect uses to reference a specific end-user. A PCR is used to ensure that the end-user's privacy is protected while the developer can be confident that a PCR represents an actual end-user.
The same PCR will be returned for each authentication request, this enables you to identify your end-users based on the PCR value.
A more detailed discussion of PCRs including how they should be used can be found here.
Integration with existing account systems
Mobile Connect integrates easily with existing account systems by using the PCR as the key identifier. The PCR should be paired to the existing user-id so that receiving an end-users authenticated PCR allows the user-account to be identified. Any existing account features remain unchanged.