Skip navigation
Number Verify APIs for enterprises

Number Verification API for consumers and enterprises

Seamless Authentication for Passwordless Login

Service providers provide 2 factor authentication using SMS One-Time-Passwords. Yet they are in a unique position to offer 2-factor authentication based on their assets of knowing their mobile subscribers well.

Overview

Service providers' networks support 3GPP-defined user authentication and authorization. These capabilities could be used by application service providers (ASPs) and enterprises to authenticate users and grant them access to use their applications seamlessly and silently. This is done on the condition that the users are also subscribers to the service provider's network.

Challenge

Today a 2- factor authentication is often provided using one-time-passwords sent over SMS to the end-user which could be challenging when the user is outside of cellular network coverage. This SMS-OTP is not very safe (the SMS-OTP can be intercepted or tampered with) and the user experience is not optimal. In some UE’s it is a manual process to read the SMS, and type the OTP in the app, while some UE’s assist in this process.

Solution

Silent authentication is enabled by the Service Provider through CAMARA API Number Verification, offering seamless verification to application service providers. A second layer of authentication is conducted using the known IP address of the mobile connection, which is mapped to the subscriber identity. Alternatively, authentication can be accomplished via the smartphone's secure entitlement channel, allowing authentication even when the device is connected through a non-cellular network.

How it works

  1. The end user logs in to an app using their username and password.
  2. Two-factor authentication can be performed with the click of a button through a network-verified phone number.
  3. The network authenticates the end user via the secure entitlement channel or the cellular IP knowledge.
  4. The end user can access the desired service.
""

Business applications

The main target segments for this use case are any external API consumer including both enterprises and consumers.

Business models

Service providers can monetize based on three different models:

  1. Wholesale (towards the aggregator)
  2. Pay-per-use (towards the enterprise)

APIs in use

  • CAMARA Number Verification

 

 

Related read
Woman with mobile phone in rural landscape.

Secure entitlement server