GB2589093A - Method and system for a two-party Authentication of a mobile phone number - Google Patents

Method and system for a two-party Authentication of a mobile phone number Download PDF

Info

Publication number
GB2589093A
GB2589093A GB1916707.1A GB201916707A GB2589093A GB 2589093 A GB2589093 A GB 2589093A GB 201916707 A GB201916707 A GB 201916707A GB 2589093 A GB2589093 A GB 2589093A
Authority
GB
United Kingdom
Prior art keywords
user
service provider
digits
mobile phone
phone number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB1916707.1A
Other versions
GB201916707D0 (en
Inventor
Lup Sun Cheung Harry
Kostic Stefan
Brankovic Aleksandar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Benefit Vantage Ltd
Original Assignee
Benefit Vantage Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Benefit Vantage Ltd filed Critical Benefit Vantage Ltd
Priority to GB1916707.1A priority Critical patent/GB2589093A/en
Publication of GB201916707D0 publication Critical patent/GB201916707D0/en
Publication of GB2589093A publication Critical patent/GB2589093A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method of mobile phone number verification, which includes the confirmation of partial mobile phone number values by each of the parties involved in the mobile phone number verification process: a telecom network operator and a service provider. Digits (parts) from a user’s mobile telephone number are exchanged between the two parties separately and if they match, the first party (service provider) can consider it a successful verification of a mobile user’s telephone number.

Description

TITLE
Method and system for a two-party authentication (by provision of partial values: mobile phone number digits, combined into a whole), by two parties (a telecom operator and a service provider) of a mobile phone number.
TECHNICAL FIELD
The present invention relates to a new method of mobile phone number verification, which includes the confirmation of partial mobile phone number values by each of the parties involved in a verification process. The invention is particularly, but not exclusively, applicable in meeting the growing need for verifying a user's mobile phone number (Mobile Station International Subscriber Directory Number (MSISDN)). The invention aims to improve the security of current mobile phone number verification methods, which mainly rely on Short Messaging Service ("SMS") one-time code verification. The proposed method not only enhances current security standards, but also improves the user experience and enables seamless mobile phone number verification.
BACKGROUND TO THE INVENTION
MSISDN is the principal identifier information required for a user's registration on digital and mobile platforms, today. Some service providers and applications even rely on user's mobile phone number as their only identifier (most commonly seen in chat and OTT applications). Having this in mind, it is of crucial importance for service providers and application developers that they be able to verify a user's mobile phone number in a secure and seamless way, in order to provide a positive and safe experience for their users.
Current methods for mobile phone number verification mainly rely on the SMS one-time code service. This method is not only insecure, but it also does not serve its purpose entirely, because by being able to read and input the one-time code, a user only verifies that he/she has access to the mobile number (and mobile device) to which this code is sent. It does not verify that the mobile phone number user currently has inside their device/Subscriber Identification Module ("SIM") Card is being used for app or service registration. Additionally, SMS one-time code also affects the user experience by making the verification process more complex (additional steps for going outside the app or inputting the received code) or impossible to complete, as in certain cases SMS notification is not delivered at all.
Many telecom operators provide a network-based solution for mobile phone number verification if the user is using cellular data service (such as 2G, 3G, 4G, 5G, in this context "G" means generation), either by adding user's MSISDN as a parameter in the Hypertext Transfer Protocol ("HTTP"), the data transfer protocol used on the World Wide Web, header of the user's request towards service provider or by verifying the full mobile phone number based on the Internet Protocol ("IP") address of the user.
The first option mentioned with header enrichment, falls short in terms of user security (it works only on HTTP) and especially in terms of user's privacy protection, where customer sensitive information such as a mobile phone number is shared in the HTTP header, on many occasions without user's knowledge.
The latter, IP-based method represents the future of seamless and secure mobile phone number verification and puts telecom operators in at the centre of today's mobile authentication ecosystems. Telecom operators can identify user's MSISDN internally, using the Public IP address and Port or Private IP address inside their network, if the user is consuming cellular data service. One of the main challenges in this method is the full trust, service providers need to put in the telecom operators' hands in order to confirm the mobile phone number user has input. Service providers, especially the ones in financial services and banking sector prefer to have the final judgement on the validity of user's input, including the one related to user's mobile phone number (the experience they already have with the current method of SMS one-time code, which the bank/financial institution manage themselves). Additionally, due to ever growing privacy protection concerns, service providers and telecom operators are reluctant to share the plain and full MSISDN values of their users/subscribers to third-parties.
The proposed invention aims to respond to the abovementioned challenges by introducing a unique method for mobile phone number verification, which involves a two-party phone number values confirmation by a telecom operator and a service provider. A telecom operator carries out the first-party confirmation is via its network and the second-party confirmation is carried out the by service provider that collected the full mobile phone number from the user and initiated the mobile phone number verification process with telecom operator (or identity/authentication provider as a mediator in between service provider and telecom operator).
SUMMARY OF THE INVENTION
The proposed method of mobile phone number verification includes the mobile phone number confirmation by the two parties involved in the verification process: service provider and telecom operator. To better understand the partial value of the user's mobile phone number, reference should be made to the MSISDN international format and structure as shown in Figure 1 hereinafter.
In this invention partial mobile phone number values (X, Y) correspond to the combining parts of National Mobile Number value, where "X" corresponds to the first few digits of the number while "Y" corresponds to the last few digits, as indicated in Figure 2 hereinafter: The proposed process of two-party mobile phone number verification with telecom operator follows the steps stated in Figure 3, hereinafter.
The applications of this type of mobile phone number verification are numerous in the mobile world, both from additional security perspectives (two parties verifying separate components of a mobile phone number and combining them to form the verifiable whole), as well as mobile user experience and privacy protection outside the service provider environment and the telecom network. Neither party provides full mobile phone number value to the other component verifier, keeping end user's private data, such as MSISDN, intact. Failing to verify any part of the phone number (X or Y), by either party, will result in unsuccessful mobile phone number verification and require further verification procedures to be conducted by the service provider.
BRIEF DESCRIPTION OF DRAWINGS
The invention will be described in more detail below in connection with preferred embodiments with reference to the attached drawings of which: Figure 1 explains MSISDN international structure.
Figure 2 explains national mobile number (NMN) partial values.
Figure 3 explains the two-party partial mobile phone number verification process.
Figure 4 explains the two-party partial mobile phone number verification process, with reference to a specific example.

Claims (3)

  1. CLAIMS1. A method for authenticating a mobile telephone number in a telecommunication network, comprising: - a mobile user providing given digits of his/her mobile telephone number to a service provider's "app" or website, - service provider collecting the mobile phone number and sends last few digits to telecom operator for verification, using the telecom operator's network, - telecom operator identifying the user's full MSISDN via its network and verifies whether the last few digits received correspond to the last few digits of the MSISDN identified, - if first-party values are identical, telecom operator provides the remaining digits of the user national mobile number to service provider, - service provider then verifies whether received partial value of the national mobile number corresponds with digits of the MSISDN user entered at the beginning of the process, if the first digits of the national mobile phone number are identical, the mobile phone number has been successfully verified by both verifiers, hence: two-party, partial mobile phone number verification process, - service provider will be required to perform additional authentication procedures, if first authentication is not sufficient, characterized in that: - parameters of the first authentication request comprise user mobile phone number, - performing the first authentication of the mobile user further comprises: 1. a mobile user providing given digits of his/her mobile telephone number to a service provider's "app" or website, 2. service provider collecting the mobile phone number and sends last few digits to telecom operator for verification, using the telecom operator's network, user's Public IP address and port or Private IP when user is inside the telecom network, 3. telecom operator identifying the user's full MSISDN via its network and verifies whether the last few digits received correspond to the last few digits of the MSISDN identified, 4. if first-party values are identical, telecom operator provides the remaining digits of the user national mobile number to service provider, 5. service provider then verifies whether received partial value of the national mobile number corresponds with digits of the MSISDN user entered at the beginning of the process.
  2. 2 The method according to claim 1, characterized in that: - parameters of the first authentication request further comprise at least one additional parameter.
  3. 3. The method according to claim 2, characterized in that said digits are collected by service provider for transmission to telecom network operator, - Service provider will be required to perform additional authentication procedures, if first authentication is not sufficient.
GB1916707.1A 2019-11-15 2019-11-15 Method and system for a two-party Authentication of a mobile phone number Pending GB2589093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1916707.1A GB2589093A (en) 2019-11-15 2019-11-15 Method and system for a two-party Authentication of a mobile phone number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1916707.1A GB2589093A (en) 2019-11-15 2019-11-15 Method and system for a two-party Authentication of a mobile phone number

Publications (2)

Publication Number Publication Date
GB201916707D0 GB201916707D0 (en) 2020-01-01
GB2589093A true GB2589093A (en) 2021-05-26

Family

ID=69063206

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1916707.1A Pending GB2589093A (en) 2019-11-15 2019-11-15 Method and system for a two-party Authentication of a mobile phone number

Country Status (1)

Country Link
GB (1) GB2589093A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140194096A1 (en) * 2009-07-14 2014-07-10 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number
US10390226B1 (en) * 2018-03-08 2019-08-20 Benefit Vantage Limited Mobile identification method based on SIM card and device-related parameters

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140194096A1 (en) * 2009-07-14 2014-07-10 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for verification of a telephone number
US10390226B1 (en) * 2018-03-08 2019-08-20 Benefit Vantage Limited Mobile identification method based on SIM card and device-related parameters

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "MSISDN - Wikipedia", 1 November 2019 (2019-11-01), XP055707915, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=MSISDN&oldid=924090476> [retrieved on 20200623] *

Also Published As

Publication number Publication date
GB201916707D0 (en) 2020-01-01

Similar Documents

Publication Publication Date Title
FI117181B (en) A method and system for identifying a user&#39;s identity
EP1615097B1 (en) Dual-path-pre-approval authentication method
EP1058872B2 (en) Method, arrangement and apparatus for authentication through a communications network
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
US8996854B2 (en) Method for secure downloading of applications
US9275379B2 (en) Method for mutual authentication of a user and service provider
Hammood et al. A review of user authentication model for online banking system based on mobile IMEI number
CN101242271B (en) Trusted remote service method and system
EP3162104B1 (en) A method to authenticate calls in a telecommunication system
KR20160037213A (en) Processing electronic tokens
CN101060403A (en) Wireless communication terminal-based interactive dynamic password safety service system
US20140172712A1 (en) Transaction Authorisation
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
EP1680940B1 (en) Method of user authentication
WO1999056434A1 (en) Method, arrangement and apparatus for authentication
US20130183934A1 (en) Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device
RU2689441C1 (en) System and method of monitoring communication, and/or detecting scammers, and/or authenticating statements/allegations of belonging to any organization
KR101122655B1 (en) Method for user verifing process with enhanced security by mobile communication system and mobile communication terminal for use therein
GB2589093A (en) Method and system for a two-party Authentication of a mobile phone number
KR101331575B1 (en) Method and system blocking for detour hacking of telephone certification
EP2204030B1 (en) Transmission of messages
KR101493057B1 (en) Method for Providing One Time Code
KR20070092917A (en) The method and system for transferring personal secret information and authenticating internet user via mobile telecommunication network
RU2747039C1 (en) Method for identifying subscriber in network of telecom operator and connecting it to telecom operator
WO2012127103A1 (en) Arrangement and method for electronic identification