Mobile Connect Accelerator

Digital Enablement Powered By APIs For Telcos

About WSO2.Telco

Confidential 2

Axiata Group

Global with Local

Relevance

IDENTITY

Operational Model

limitless Innovation

Future ReadyAgile & Digitally empowered

Micro services

990India

Customers

290

Foot PrintCountries

8

Visionary team and breakthrough platform

Confidential 3

Empower Telcos and

enterprises globally in their

quest to extract value from the

digital ecosystem and remain

relevant in the digital age

Vision

Apply agility to a legacy

landscape by offering seamless

Telco / OTT interoperability to

enable agile business

Mission

Built from MNO Digital Centre of

Excellence combined with digital

industry veterans

Visionary Team

Ground breaking WSO2 Code

base & Telco Digital Innovation

Visionary Platform

DIGITAL SUCCESS• 3 state of the art DIGITAL HUBS in Asia

• 4 Local API Gateways

• 3 internal micro services projects and

400 APIs exposed in 9 months

Typical challenges for Digital enablement

Confidential 4

Our Approach

Confidential 5

Confidential 6

Be Digitally enabled with WSO2.Telco

Freedom &

Control

o Open source

o Fully customizable

o Use any system

integrator

Support &

Services

Enterprise grade

production support

and professional

services

Cost

Saving

Zero CAPEX with

OPEX based

model

Flexible/

Scalable

On premise or

cloud . Scale as

your business

grows

Confidential 7

WSO2.Telco: Wider ecosystem

GLOBAL SERVICE PROVIDERS

MNO

GSMA ECOSYSTEM

REGIONAL/COUNTRY/GROUP HUB

WSO2.Telco ecosystem

Confidential 8

Opening up to a digital world full of opportunities

Mobile Connect ++Ready to expose ID SMS

and USSD services

Enhanced offering • Operator billing

• Location API

• Existing APIs

Access global

ecosystemEmbrace regional and

global digital opportunitiesFuture ready, digitally

enabled you

Rapid, interoperable digital service enablement

Confidential 9

subscriber

SMS USSD LBS DOB ID

MNO

Interfaces Internet of things

App developersService providers

GSMA API

exchange

WSO2.Telco Identity Gateway with more than

1bn customers enabled by WSO2.Telco

• Standalone solution capable of being the backbone

of a fully integrated ID Strategy including SSO,

federated ID services and more.

• Currently the only fully featured open source GSMA

certified ID solution.

• SPs and enterprises can use this solution to

implement a federated ID solution for their own

use.

• For Mobile Connect the solution consists of

authenticators for Levels of Assurance 2 and 3

(LOA2, LOA3) including Header enrichment, SMS,

USSD and Smartphone applications.

• The solution also works with third party SIM applets

and is GSMA Mobile Connect, GSMA OneAPI V3

and ETSI 102.204 compliant.

• Available to download as open source software.

Confidential 10

Mobile Connect Accelerator (MCX) by WSO2.Telco

Confidential 11

FEATURE

RICH LOW

COST

No message arrived?

Click to get a text

message instead.

Login to wow.lk

account with mobile

connect?

1.Okay

2.Cancel

QUICK

START

Open source with modular scaling.

OPEX model to grow with trafficLOW COST

Mobile Connect ++ and authentication

API’s for other services

FEATURE

RICH

Highly flexible for adapting to changing

requirements and new use casesFLEXIBLE

Proven middleware with tools enabling

seamless integration + horizontal scaling

SCALABL

E

Allows MNO’s to both collaborate and

innovate internally whilst reducing friction

INTER

OPERABL

E

How MCX works

Confidential 12

CUSTOMER LOGIN Desktop/mobile service access request Operator discovery

Authentication

SERVICE PROVIDER

4

WSO2.Telco MCX solution

1 2

3

Secure, convenient &

I don’t need to

remember multiple

usernames and

passwords!

GSMA API

exchange

Confidential 13

Deployment options and upgrade path

Cloud based quick start

Live deployment in 30 days

Fully managed cloud solution with

light integration

Low cost for full production instances

Simple contract with no fuss

Hybrid for scaling and upgrade

Multiple architectures to choose from

(partial/full HA)

Quick upgrade to full API

management

All capabilities built on highly efficient

WSO2 code base

On premise

Free POC/ beta trial

Same code and rapid VM based

deployment

Seamless migration from cloud -

with no additional integration

Adaptable for use of any system

integrator

No friction, quick start!

Confidential 14

Sign upManaged cloud or

on premiseSame integration

pathSingle code

Same integration path

ConnectAuthentication API’s :

OpenID ConnectSMS, USSD

MSSP

(ETSI 102.204 compatible for SIM Applet)

Ready to useOnboarding local

and internal services

Share all existing service providers

Connect to GSMA Exchange

MCX Authenticators

Confidential 15

Mobile connect use cases and UX flows

Confidential 16

User clicks to

login via mobile

connect

Operator

Authenticates the End

User in the

background using

Enriched Header

Item Feature Phone Smart Phone Competition

Primary Authenticator Header

Enrichment

Header Enrichment SMS OTP or

Traditional Username

and passwordRoadmap Smartphone Authenticator and USSD

Click ‘OK’ as a fallback authenticator

o MSISDN is not required to

be input as it is captured

through header enrichments

o USSD Fall back

authenticator used for if

user is using a proxy

caching service like Opera

Simple Authentication (LoA2) on mobile network via Header enrichment

1

Welcome to

wow.lk

Jonathan!

2

Confidential 17

Simple Authentication (LoA2) off mobile network via USSD

No message

arrived? Click to

get a text message

instead.

No message

arrived? Click to

get a text

message

instead.

Login to wow.lk

account with

mobile connect?

1.Okay

2.Cancel Welcome to

wow.lk

Jonathan!

User clicks to login

via mobile connectEnter mobile number USSD pop up

initiated

USSD pop received

and confirmed

User is logged in to

site!

Item Feature Phone Smart Phone Competition

Primary Authenticator USSD Click ‘OK’ USSD Click ‘OK’ SMS OTP or Traditional

username and

passwordFallback Authenticator SMS Click ‘OK’ SMS Click ‘OK’

Roadmap Smartphone Authenticator

1 432 5

Confidential 18

Two factor Authentication (LoA3) on mobile network via USSD

Registration : MISISDN available through header enrichment/auto discovery

Choose a 4 digit

Mobile Connect

pin.

OK Cancel

Confirm your

mobile connect

PIN

OK Cancel

User clicks to login

via mobile connect

Registration

notificationUSSD pop up

initiatedUSSD prompt to

create PIN Re-enter PIN

1 432 5

Confidential 19

Two factor Authentication (LoA3) on mobile network via USSD

Registration : MISISDN available through header enrichment/auto discovery

o Default question

templates can be

localized as per SP

o Select security

questions, input

answers & Accept T

& C

Confirmation and

consent to SP to

proceed with registration

completion

6 7

Confidential 20

Two factor Authentication (LoA3) on mobile network via USSD

Registered customer log on: through header enrichment/auto discovery

Enter your mobile

connect PIN to

continue

OK Cancel

Welcome to

wow.lk Jonathan!

User clicks to login

via mobile connect

USSD pop up

initiated

USSD Prompt to

enter PIN

User is logged in to

site!

Item Feature Phone Smart Phone Competition

Primary Authenticator USSD Enter ‘Pin’ USSD Enter ‘Pin’ SMS OTP and Traditional

username and passwordRoadmap Smartphone Authenticator and USSD Enter ‘PIN’ as a fallback

authenticator

1 432

Confidential 21

Two factor Authentication (LoA3) off mobile network via USSD

User clicks to login

via mobile connect

USSD prompt

initiated

Enter mobile

number

No message

arrived? Click to

get a text

message instead.

Enter your

mobile connect

PIN to continue

OK Cancel

Welcome to

wow.lk

Jonathan!

User enters

correct PIN

User is logged in

to site

Item Feature Phone Smart Phone Competition

Primary Authenticator USSD Enter ‘Pin’ USSD Enter ‘Pin’ SMS OTP and Traditional

username and passwordFallback Authenticator SMS Authenticator (not recommended for LoA3.) *

Roadmap Smartphone Authenticator and USSD

Enter ‘PIN’ as a fallback authenticator

* When fallback

authenticator is

used, SP is

informed of

supported LoA &

authenticator. SP

can implement

business logic to

handle LoA2

authentication.

1 432 5

Confidential 22

PIN reset/PIN error

PIN Incorrect

OK CancelClick on reset PIN option

If user has exhausted all 3

chances of entering the correct

PIN , user will be asked to reset

PIN via the web browser or the

app

PIN entered is incorrect

Users have a maximum of 3

tries to enter the PIN correctly

1 2

Confidential 23

PIN reset/PIN error…

Change PIN option to be selected. Enter default PIN to reset

Enter your Mobile

Connect PIN to

continue or type XX

to reset.

CancelO

K

Operator/Service provider can

configure this option (whether

to enable or disable to end

user). Refer to slide 13

Reset PIN input configurations

as per MNO/SP requests to be

checked with GSMA technical

team

3 4

Confidential 24

Security question set

during registration (refer

slide 7)

Choose a 4

digit Mobile

Connect pin.

OK Cancel

Create new PIN

Confirm your

new mobile

connect PIN

OK Cancel

Confirmation of new

PIN

Successful completion

of PIN reset

PIN reset/PIN error

5 6 7 8

Confidential 25

Managing Mobile connect accounts through self care

Enter default PIN to reset

o Reset PIN functionality will

be enabled to all users by

default.

o Enabling /disabling rest of

functionalities of self-care

will be under the discretion

of SP or MNO

Confidential 26

Authenticators

Authenticator LoA 2 LoA3 Usage description

Header

Enrichment

X Suitable for lower levels of assurance (LoA2/single-factor authentication)

and user consent is implicit or taken during the setup/registration phase. Is

a key differentiator as it provides a “seamless” experience, utilising

network authentication.

USSD X X Uses the Network initiated USSD messages and supports both LoA 2 and

LoA 3 interactions.

SMS + ‘Click URL’ X Supports LoA 2 authentication and a better user experience over SMS

OTP as the interaction is non-disruptive [all within the Authentication

Device]

Smartphone

Application

X X Securely supports single and two-factor authentication, with a rich UE. Can

be used with “network binding” to enhance it with MNO value add for

security and business processes.

SIM Applet X X Supports both LoA 2, LoA 3. Very secure - PIN is always stored on the

SIM, and never transmitted.

Header Enrichment – Pros & Cons

Confidential 27

Pros Cons Partial Mitigation

Seamless user experience for the user.

User does not need to enter MSISDN

Does not work with HTTPS A redirection via HTTP can be

used for the authentication part

before reverting back to HTTPS

for the service session

No additional integration needed for

the Service Provider

Not suitable for higher LoA use

cases (only suitable for LoA2)

Reuses the existing MNO core network

authentication

Does not work over non-MNO

network (e.g. WiFi)

Establishes “1 factor” authentication:

User HAS the device [which has been

a-priori authenticated via the mobile

network]

USSD – Pros & Cons

Confidential 28

Pros Cons Partial Mitigation

Supported on majority of

handsets

Minimal user experience Used in conjunction with smartphone

authenticators for better UX on

smartphones

Utilises the MNO assets Limited support in 4G phones LTE phones require fallback to CS for

USSD traffic.

Network Initiated USSI (USSD over

IMS) within the following specifications

in 3GPP Release 12:-

The specs are 3GPP TS 22.173

v12.8.0, 3GPP TS 24.390 v12.2.0,

3GPP TS 24.229 v12.7.0

Not dependent on a data

channel, works on the signalling plane

LoA3 – Recommended not to be used in roaming scenarios

Trust between MNOS

Works in roaming conditions, across devices

No audit logs of traffic either on network/MNO end

or customer end.

In bound/out bound logs can be

captured on WSO2 Identity Server

Potentially supports both LoA2 and LoA3

Network congestion may cause latency and

unreliable delivery.

This can be addressed via SMS or MO

USSD fallback authenticator.

SMS Authenticators – Pros & Cons

Confidential 29

Pros Cons

Reuses MNO assets – SMSC Poor UX requiring context switching between apps

Simple user experience by embedding OTP

in URL rather than requiring user to retype

Not suitable for higher LoA use cases

Works on all devices SMS can be intercepted by apps on the device or any malicious

agents

Live Deployments

&

Achievements

Confidential 30

Live Deployments - India Hub

Confidential

Digital Hub deployed in India, connecting 6 Indian operators to deploy

Mobile connect identity service to their collective 990 Million

subscribers.

The Hub is a fully featured API platform and designed to enable MNOs

in India to leverage a centralized identity solution as well as to expose

multiple network assets and micro services to northbound service

providers.

This includes projects relating to smart cities and the IOT space.

Mobile Connect India Case Study – Six MNOs,

one MCX Hub

Confidential

PLATFORM IN INDIA

Service

Providers

Digital Business enabler

Platform live

for 12 months

Six MNOs

integrated

in 6 months

LOA2 and 3

with three authenticators

Central

Business

Operations

Hub operated as a Platform-as-a-Service hosted in India

• Only operational MCX Hub globally

• Central very agile MCX product evolution

• Fully operational Telco API Hub

• MNO on-premise option with no re-engineering

SMS USSD HE MCX

DoB CRM LBSWall

et

Live deployments

Digital Hub In Singapore powering over

290 Million subscribers

Confidential 33

Axiata Group

290

Live deployments

Confidential 34

8 APIs empowering

6000 Entrepreneurs & businesses

www.ideamart.lk

Achievements

Confidential 35

GSMA’s Project 2 Billion target for Mobile

connect : Contribution from WSO2.Telco

through enabling Indian MNOs

Achievements

Confidential 36

Dialog Axiata PLC – Self care app

that grabbed “Best Mobile Network

Solution” at GLOMO awards 2016 –

Powered by WSO2.Telco APIs

For more information…

Confidential 37

Email: info@wso2telco.com