Page 20 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 20

6.2.6   FIDO Authentication Flow

            Figure 5 – FIDO Authentication



































            1.  Initiate authentication with Relying Party     6�3  Mobile Connect Specifications
            2.  FIDO Server sends authentication challenge and   Mobile Connect is the mobile operator-facilitated
               preferences for the authenticators or credentials   secure universal identity solution developed by the
               to be used                                      GSMA in collaboration with Mobile Operators. The
            3.  Authenticator performs user verification on device   GSMA represents the interests of mobile operators
               to signal the user’s consent to authenticate with   worldwide, unites nearly 800 of the world’s mobile
               the service                                     operators, as well as more than 230 companies in the
            4. The authenticator uses the service’s origin to look   broader mobile ecosystem. To-date there are more
               up the private key for authentication and uses the   than 470 million active Mobile Connect users via over
               private key to sign the challenge from the serv-  70 operators covering more than 40 countries and
               er. The server sends an authentication response:   reaching more than 3 billion people.
               challenge + signature.                            Mobile Connect is a portfolio of mobile-enabled
            5.  The server retrieves the public key for the user and   services that can be integrated into a Service Provid-
               validates the signature on the challenge.       er’s application to support access to services provid-
                                                               ed by the Service Provider. Mobile Connect provides
            The FIDO Alliance has produced reports and white   strong customer authentication, authorisation, and
            papers setting out implementation guidance for     permissioned access to a user’s identity and contex-
            several scenarios including for financial services   tual network attributes. Figure 6 outlines the range
            applications.  Some  relevant reports  are  listed  in   of services provided by Mobile Connect.
            Annex B of this report.












            18   Implementation of Secure Authentication Technologies for Digital Financial Services
   15   16   17   18   19   20   21   22   23   24   25