A group of mobile carriers including AT&T, Sprint, T-Mobile and Verizon are working together to improve the state of mobile authentication.
The carriers are working together in a group called the Mobile Authentication Taskforce, which officially announced its Project Verify effort on Sept. 12. With Project Verify, the carriers are looking to use different signals and techniques to more effectively verify mobile user identity for different types of applications and services.
“We’re excited to deliver a mobile authentication platform that developers can use to build applications that can more effectively and securely verify user identities,” Johannes Jaskolski, general manager of the Mobile Authentication Taskforce, told eWEEK.
The Mobile Authentication Taskforce was formed in 2017 and announced preliminary details on the mobile authentication solution at the beginning of 2018, Jaskolski said. The taskforce demonstrated three test apps at Mobile World Congress Americas, which was held in Los Angeles from Sept. 12-14.
“The three apps that were demonstrated are mockups and are not specifically branded apps,” he said. “We demoed a photo app, banking app and social app showing how companies might implement this prototype solution to verify the identities of the mobile users accessing their own apps.”
As mobile devices have evolved from a talking and texting engine to become the central operation system of transactional, daily life, Jaskolski said there is a need for more security. In an effort to secure mobile transactions and the apps that provide account access, companies began using SMS to verify the identity of the person who owns the device, he said. SMS, however, was not designed and engineered as a security tool and can be vulnerable to attacks, which is why there is a need for strong forms of authentication.
How Project Verify Works
Jaskolski explained that a customer will be able to create a device-based ID and use it to log into and enable participating service provider applications using their Project Verify ID. Project Verify will also support logins from smartphones, tablets, PC web browsers, media streaming devices and more as the product evolves.
“The solution gives customers visibility into when a service provider app requests data,” he said. “The customer has control over whether to allow or deny access to their information.”
Project Verify isn’t the first or only effort in the industry that is attempting to provide stronger forms of authentication. The W3C is currently working with the FIDO Alliance on the WebAuthn protocols, which extend strong authentication specifications for multifactor authentication.
“The Project Verify solution is committed to open standards, and we are exploring several options including WebAuthn to ensure that our product integrates with a broad range of third parties,” Jaskolski said. “The relationship between our product and such standards will be synergistic.”
Jaskolski emphasized that Project Verify is committed to supporting and driving open standards. Overall, there is still work to be done before Project Verify is ready for general consumption.
“The taskforce is in talks with third-party service providers now to generate support across the business ecosystem and expects to roll out a beta solution for consumer trial in the first half of 2019,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.