GB2589093A - Method and system for a two-party Authentication of a mobile phone number - Google Patents
Method and system for a two-party Authentication of a mobile phone number Download PDFInfo
- Publication number
- GB2589093A GB2589093A GB1916707.1A GB201916707A GB2589093A GB 2589093 A GB2589093 A GB 2589093A GB 201916707 A GB201916707 A GB 201916707A GB 2589093 A GB2589093 A GB 2589093A
- Authority
- GB
- United Kingdom
- Prior art keywords
- user
- service provider
- digits
- mobile phone
- phone number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
A method of mobile phone number verification, which includes the confirmation of partial mobile phone number values by each of the parties involved in the mobile phone number verification process: a telecom network operator and a service provider. Digits (parts) from a user’s mobile telephone number are exchanged between the two parties separately and if they match, the first party (service provider) can consider it a successful verification of a mobile user’s telephone number.
Description
TITLE
Method and system for a two-party authentication (by provision of partial values: mobile phone number digits, combined into a whole), by two parties (a telecom operator and a service provider) of a mobile phone number.
TECHNICAL FIELD
The present invention relates to a new method of mobile phone number verification, which includes the confirmation of partial mobile phone number values by each of the parties involved in a verification process. The invention is particularly, but not exclusively, applicable in meeting the growing need for verifying a user's mobile phone number (Mobile Station International Subscriber Directory Number (MSISDN)). The invention aims to improve the security of current mobile phone number verification methods, which mainly rely on Short Messaging Service ("SMS") one-time code verification. The proposed method not only enhances current security standards, but also improves the user experience and enables seamless mobile phone number verification.
BACKGROUND TO THE INVENTION
MSISDN is the principal identifier information required for a user's registration on digital and mobile platforms, today. Some service providers and applications even rely on user's mobile phone number as their only identifier (most commonly seen in chat and OTT applications). Having this in mind, it is of crucial importance for service providers and application developers that they be able to verify a user's mobile phone number in a secure and seamless way, in order to provide a positive and safe experience for their users.
Current methods for mobile phone number verification mainly rely on the SMS one-time code service. This method is not only insecure, but it also does not serve its purpose entirely, because by being able to read and input the one-time code, a user only verifies that he/she has access to the mobile number (and mobile device) to which this code is sent. It does not verify that the mobile phone number user currently has inside their device/Subscriber Identification Module ("SIM") Card is being used for app or service registration. Additionally, SMS one-time code also affects the user experience by making the verification process more complex (additional steps for going outside the app or inputting the received code) or impossible to complete, as in certain cases SMS notification is not delivered at all.
Many telecom operators provide a network-based solution for mobile phone number verification if the user is using cellular data service (such as 2G, 3G, 4G, 5G, in this context "G" means generation), either by adding user's MSISDN as a parameter in the Hypertext Transfer Protocol ("HTTP"), the data transfer protocol used on the World Wide Web, header of the user's request towards service provider or by verifying the full mobile phone number based on the Internet Protocol ("IP") address of the user.
The first option mentioned with header enrichment, falls short in terms of user security (it works only on HTTP) and especially in terms of user's privacy protection, where customer sensitive information such as a mobile phone number is shared in the HTTP header, on many occasions without user's knowledge.
The latter, IP-based method represents the future of seamless and secure mobile phone number verification and puts telecom operators in at the centre of today's mobile authentication ecosystems. Telecom operators can identify user's MSISDN internally, using the Public IP address and Port or Private IP address inside their network, if the user is consuming cellular data service. One of the main challenges in this method is the full trust, service providers need to put in the telecom operators' hands in order to confirm the mobile phone number user has input. Service providers, especially the ones in financial services and banking sector prefer to have the final judgement on the validity of user's input, including the one related to user's mobile phone number (the experience they already have with the current method of SMS one-time code, which the bank/financial institution manage themselves). Additionally, due to ever growing privacy protection concerns, service providers and telecom operators are reluctant to share the plain and full MSISDN values of their users/subscribers to third-parties.
The proposed invention aims to respond to the abovementioned challenges by introducing a unique method for mobile phone number verification, which involves a two-party phone number values confirmation by a telecom operator and a service provider. A telecom operator carries out the first-party confirmation is via its network and the second-party confirmation is carried out the by service provider that collected the full mobile phone number from the user and initiated the mobile phone number verification process with telecom operator (or identity/authentication provider as a mediator in between service provider and telecom operator).
SUMMARY OF THE INVENTION
The proposed method of mobile phone number verification includes the mobile phone number confirmation by the two parties involved in the verification process: service provider and telecom operator. To better understand the partial value of the user's mobile phone number, reference should be made to the MSISDN international format and structure as shown in Figure 1 hereinafter.
In this invention partial mobile phone number values (X, Y) correspond to the combining parts of National Mobile Number value, where "X" corresponds to the first few digits of the number while "Y" corresponds to the last few digits, as indicated in Figure 2 hereinafter: The proposed process of two-party mobile phone number verification with telecom operator follows the steps stated in Figure 3, hereinafter.
The applications of this type of mobile phone number verification are numerous in the mobile world, both from additional security perspectives (two parties verifying separate components of a mobile phone number and combining them to form the verifiable whole), as well as mobile user experience and privacy protection outside the service provider environment and the telecom network. Neither party provides full mobile phone number value to the other component verifier, keeping end user's private data, such as MSISDN, intact. Failing to verify any part of the phone number (X or Y), by either party, will result in unsuccessful mobile phone number verification and require further verification procedures to be conducted by the service provider.
BRIEF DESCRIPTION OF DRAWINGS
The invention will be described in more detail below in connection with preferred embodiments with reference to the attached drawings of which: Figure 1 explains MSISDN international structure.
Figure 2 explains national mobile number (NMN) partial values.
Figure 3 explains the two-party partial mobile phone number verification process.
Figure 4 explains the two-party partial mobile phone number verification process, with reference to a specific example.
Claims (3)
- CLAIMS1. A method for authenticating a mobile telephone number in a telecommunication network, comprising: - a mobile user providing given digits of his/her mobile telephone number to a service provider's "app" or website, - service provider collecting the mobile phone number and sends last few digits to telecom operator for verification, using the telecom operator's network, - telecom operator identifying the user's full MSISDN via its network and verifies whether the last few digits received correspond to the last few digits of the MSISDN identified, - if first-party values are identical, telecom operator provides the remaining digits of the user national mobile number to service provider, - service provider then verifies whether received partial value of the national mobile number corresponds with digits of the MSISDN user entered at the beginning of the process, if the first digits of the national mobile phone number are identical, the mobile phone number has been successfully verified by both verifiers, hence: two-party, partial mobile phone number verification process, - service provider will be required to perform additional authentication procedures, if first authentication is not sufficient, characterized in that: - parameters of the first authentication request comprise user mobile phone number, - performing the first authentication of the mobile user further comprises: 1. a mobile user providing given digits of his/her mobile telephone number to a service provider's "app" or website, 2. service provider collecting the mobile phone number and sends last few digits to telecom operator for verification, using the telecom operator's network, user's Public IP address and port or Private IP when user is inside the telecom network, 3. telecom operator identifying the user's full MSISDN via its network and verifies whether the last few digits received correspond to the last few digits of the MSISDN identified, 4. if first-party values are identical, telecom operator provides the remaining digits of the user national mobile number to service provider, 5. service provider then verifies whether received partial value of the national mobile number corresponds with digits of the MSISDN user entered at the beginning of the process.
- 2 The method according to claim 1, characterized in that: - parameters of the first authentication request further comprise at least one additional parameter.
- 3. The method according to claim 2, characterized in that said digits are collected by service provider for transmission to telecom network operator, - Service provider will be required to perform additional authentication procedures, if first authentication is not sufficient.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1916707.1A GB2589093A (en) | 2019-11-15 | 2019-11-15 | Method and system for a two-party Authentication of a mobile phone number |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1916707.1A GB2589093A (en) | 2019-11-15 | 2019-11-15 | Method and system for a two-party Authentication of a mobile phone number |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201916707D0 GB201916707D0 (en) | 2020-01-01 |
GB2589093A true GB2589093A (en) | 2021-05-26 |
Family
ID=69063206
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1916707.1A Pending GB2589093A (en) | 2019-11-15 | 2019-11-15 | Method and system for a two-party Authentication of a mobile phone number |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2589093A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140194096A1 (en) * | 2009-07-14 | 2014-07-10 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for verification of a telephone number |
US10390226B1 (en) * | 2018-03-08 | 2019-08-20 | Benefit Vantage Limited | Mobile identification method based on SIM card and device-related parameters |
-
2019
- 2019-11-15 GB GB1916707.1A patent/GB2589093A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140194096A1 (en) * | 2009-07-14 | 2014-07-10 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for verification of a telephone number |
US10390226B1 (en) * | 2018-03-08 | 2019-08-20 | Benefit Vantage Limited | Mobile identification method based on SIM card and device-related parameters |
Non-Patent Citations (1)
Title |
---|
ANONYMOUS: "MSISDN - Wikipedia", 1 November 2019 (2019-11-01), XP055707915, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=MSISDN&oldid=924090476> [retrieved on 20200623] * |
Also Published As
Publication number | Publication date |
---|---|
GB201916707D0 (en) | 2020-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FI117181B (en) | A method and system for identifying a user's identity | |
EP1615097B1 (en) | Dual-path-pre-approval authentication method | |
EP1058872B2 (en) | Method, arrangement and apparatus for authentication through a communications network | |
RU2411670C2 (en) | Method to create and verify authenticity of electronic signature | |
US8996854B2 (en) | Method for secure downloading of applications | |
US9275379B2 (en) | Method for mutual authentication of a user and service provider | |
Hammood et al. | A review of user authentication model for online banking system based on mobile IMEI number | |
CN101242271B (en) | Trusted remote service method and system | |
EP3162104B1 (en) | A method to authenticate calls in a telecommunication system | |
KR20160037213A (en) | Processing electronic tokens | |
CN101060403A (en) | Wireless communication terminal-based interactive dynamic password safety service system | |
US20140172712A1 (en) | Transaction Authorisation | |
KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
EP1680940B1 (en) | Method of user authentication | |
WO1999056434A1 (en) | Method, arrangement and apparatus for authentication | |
US20130183934A1 (en) | Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device | |
RU2689441C1 (en) | System and method of monitoring communication, and/or detecting scammers, and/or authenticating statements/allegations of belonging to any organization | |
KR101122655B1 (en) | Method for user verifing process with enhanced security by mobile communication system and mobile communication terminal for use therein | |
GB2589093A (en) | Method and system for a two-party Authentication of a mobile phone number | |
KR101331575B1 (en) | Method and system blocking for detour hacking of telephone certification | |
EP2204030B1 (en) | Transmission of messages | |
KR101493057B1 (en) | Method for Providing One Time Code | |
KR20070092917A (en) | The method and system for transferring personal secret information and authenticating internet user via mobile telecommunication network | |
RU2747039C1 (en) | Method for identifying subscriber in network of telecom operator and connecting it to telecom operator | |
WO2012127103A1 (en) | Arrangement and method for electronic identification |