In today’s world, including in the developing world, most people
have mobile phones, which play an increasingly critical role in all aspects of
life. For many people, the mobile phone is the main, and often the only means,
to access the internet. Secure authentication on cell phones is a mature technology,
often including biometric and multifactor authentication.
Therefore, it’s not surprising that cell phones are expected to
become a key component of next-generation identity systems. Distributed ledger
technology (DLT) has an important role to play in secure mobile authentication.
Four wireless carriers — AT&T, Sprint, T-Mobile and Verizon —
formed the Mobile
Authentication Taskforce in September of 2017 to help protect
enterprises and consumers from identity theft, bank fraud, fraudulent purchases
and data theft. The Mobile Authentication Taskforce unveiled
product details of its next-generation mobile authentication platform on March 1
of this year at the Mobile World Congress in Barcelona, and it indicated that
blockchain technology will play a role in its efforts to better protect data.
The new identity system will be interoperable with GSMA's Mobile Connect
technology, a secure, universal login solution that allows users to log in to
websites and applications through mobile phones without the need to remember
passwords and usernames.
"As mobile becomes the remote control for day-to-day life,
mobile identity is key to making things simpler and more secure for consumers,"
said Alex Sinclair, chief technology officer at GSMA, according to the press
release on the platform. "The GSMA has been working with operators around
the world to bring a consistent and interoperable, secure identity service and
this taskforce will strengthen that effort by enabling a simple user experience
quickly and conveniently in the [U.S.] market."
According to the four carriers, the new identity management system
will be highly secure, featuring cryptographically verified phone numbers and
profile data and using multifactor authentication, advanced analytics and
machine learning to protect customers.
“Authentication security is strengthened by processing unique
attributes such as a [network-verified] mobile number, IP address, SIM card
attributes, phone number tenure, phone account type and more,” per the AT&T
A private and permissioned blockchain will grant conditional
access to identity data to application developers.
The Mobile Authentication Taskforce is now running internal trials
to test the new mobile identity solution, with a goal of making it generally
available to consumers by end of year. A new website, to be launched later
this year, will allow service providers and application developers to learn
more and participate.
One of the four carriers, T-Mobile, is collaborating with Intel
and the Hyperledger Project to develop an identity system based on the
Hyperledger Sawtooth platform.
“Using Hyperledger Sawtooth as a platform, [T-Mobile] created
Sawtooth Hyper Directory as an Identity and Access Management (IAM) solution,” said
Warren McNeel, senior vice president of digital technology and development at
T-Mobile, according to a Hyperledger press release.
Directory, now rebranded as the Hyperledger
Sawtooth Next Directory, is an open source blockchain-based
access management system. According to Chris Spanton, senior blockchain
architect at T-Mobile’s Cloud Center of Excellence, the platform is a
proof-of-concept built with Intel for an identity system with timestamped
permission management and auditable change logging. The open source software is
licensed under the Apache
License Version 2.0 software license.