AT&T, Sprint, T-Mobile, and Verizon Detail Plans for 'Next-Generation Mobile Authentication Platform'

Discussion in 'iOS Blog Discussion' started by MacRumors, Mar 1, 2018.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Last September, AT&T, Verizon, Sprint, and T-Mobile announced a team-up with the mission of developing a mobile authentication solution for both businesses and consumers. One of the main reasons the carriers created the "Mobile Authentication Taskforce" was to help users who have to manage "dozens of difficult-to-remember passwords" for numerous apps.

    Today at Mobile World Congress, the taskforce has revealed more details about its upcoming platform, and set a launch date for later in 2018. AT&T said the solution will create a cryptographically verified phone number and "unique profile" that's specific to the user's smartphone or tablet, strengthened by processing attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type, and more. The solution will only work with apps authorized by the taskforce, and at the consent of the user.


    The companies' combined resources will further analyze data and activity patterns on a mobile network to predict, "with a high degree of certainty," whether the user is who they say they are.
    To confirm a user's identity and allow them entry into their own secure data, the solution will also use machine learning, advanced analytics, and run a risk assessment engine with AI to confirm that all of this data matches -- or doesn't match -- the main user's identity. VentureBeat reported that the Mobile Authentication Taskforce's platform is expected to be "simpler and more secure" than current heavy-duty password and data protection solutions, like two-factor authentication.

    According to the GSM Association, which represents the interests of mobile operators worldwide, the solution will not only provide mobile device owners with an easier way to manage passwords, but also help to "decrease fraud and identity theft, and increase trust in online transactions." With the four largest U.S. network carriers working together, AT&T said that the taskforce will bring "significant capabilities and insights" to build a modern security and identity protection system.
    Ahead of the launch, registered developers will be able to submit to the taskforce and begin ensuring that their applications will be compatible with the new mobile authentication platform. This submission process itself will be highly secure as well, using "private and permissioned blockchain technology to help ensure application integrity."

    Developers and other service providers will be able to sign up to participate as an application developer when the taskforce's website launches "later this year," and in the next few weeks internal trials of the system will begin.

    Article Link: AT&T, Sprint, T-Mobile, and Verizon Detail Plans for 'Next-Generation Mobile Authentication Platform'
  2. tkukoc macrumors 65816


    Sep 16, 2014
    Wish I Was In Space!
    Because when I think secure.. I think mobile carriers.o_O
  3. mcdspncr macrumors regular


    Jul 2, 2011
    Not sure I fully understand all the tech involved in this, but there’s no way I’m letting the carriers have my passwords.

    Also, ironic name for the taskforce - MAT, as in what we’ll feel like when the carriers and NSA walk all over our rights to privacy.
  4. rorschach macrumors 68020


    Jul 27, 2003
  5. Xavier macrumors 68030

    Mar 23, 2006
    It seems like a way for carriers to collect user information under the guise of security. Cue a new standard verizon/att app on your phone, preinstalled?

    "The solution will only work with apps authorized by the taskforce, and at the consent of the user."
  6. elvisimprsntr macrumors 6502

    Jul 17, 2013
    "The solution will only work with apps authorized by the taskforce, and at the consent of the user."

    Follow the money, people. Meaning a way to track a customer and sell data and advertising to the highest bidder, or to get into the mobile payments game for a small transaction fee.
  7. coumerelli macrumors 6502

    Apr 7, 2003
    state of confusion.
    I don’t read it this way at all. The solution replaces multi factor authentication by using analytics of my phone and use. If I’m at home going about my day, but “I” try to log in to one of these authenticated apps/services several hundred or even thousands of miles away, the login will fail for the imposter. Yet I’ll still carry on normally - without the burden of mutifactor authentication. No passwords are given to carriers here.
  8. DaveOP macrumors 65816

    May 29, 2011
    Portland, OR
    I laughed out loud, well played sir. I agree, I don't need the carriers trying to save passwords for me. I really hope this is opt-in, or can be opted out.
  9. avanpelt macrumors 68030

    Jun 2, 2010
    All I want from my mobile carrier right now is for them to be able to detect when caller ID has been spoofed to be the same area code and prefix as my cell number and then prevent that call from reaching my phone. That nonsense has gone on long enough.
  10. ssl0408 macrumors 65816

    Sep 22, 2013
    New York
    No thanks, carriers. Just provide the cell coverage that I need and that’s all. You will never get any passwords from me.
  11. cmwade77 macrumors 65816

    Nov 18, 2008
    They can't even prevent people from spoofing caller ID, why would I trust them with something as sensitive as my passwords or anything at all related to logging in? Nope, not going to happen.
  12. now i see it macrumors 68040

    Jan 2, 2002
    The end game (if someone is naive enough to jump on board with this scheme) is carrier lock in and control. Good luck switching to T-Mobile (for example) when all your passwords are stored over at AT&T. This scheme is not to help the customers. It's to empower the providers. Same old story since forever.
  13. Xavier macrumors 68030

    Mar 23, 2006
    Ah, so it could be that approved apps are now using a sort of tokenized credential, specific per device, to login. So no passwords necessarily, but an identification code that would be hard to steal.

    It doesn't change that by opting in, you are granting access to your device.
  14. luvbug macrumors regular


    Aug 11, 2017
    One rule in the modern world: Everything is a scam, everything. With that in mind, no thanks carriers.
  15. nt5672 macrumors 68000

    Jun 30, 2007
    I don't wan't anyone running some algorithm which determines who I am. I know who I am and if I supply the correct password then I want my access. My password security, is my responsibility. Now I know if you are a millennial, then taking responsibility is hearsay when it can be done for you for free, so just call me old fashioned.

    Now, if they want to make generating public and private keys more user friendly, and allow them instead of insecure passwords, then as long as I can change them anytime, I am all for it. But security is my responsibility and I am not handing that off to some carrier, who we know from experience, does not have my privacy or security in any of their priorities.
  16. jecowa macrumors regular

    Mar 15, 2006
    I think a lot of times they are actually using a VOIP phone provider to rent access to a phone number in your area. Try looking up some of the numbers that call you on maybe
  17. collegitdept macrumors regular

    Nov 17, 2009
    Thanks Apple!

    Because of your asinine privacy policy - that's now becoming an illogical ideology *and* excuse for poor product/services - iOS users lack a proper identity management platform, and are forced to expose our data to more risk, less security, and less privacy - with 2 consequences:

    1. Use simple passwords and reuse the same password everywhere
    2. forced to rely on Google Single-Sign-on, Amazon ID, Facebook ID, or now their mobile carriers

    Same for no system-level iOS SPAM call filters:
    1. live with it and suffer
    2. force to use an inferior and fragmented solution (giving others our data) from risky 3rd party apps, or carrier specific service
  18. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    can't stop spoofed caller ID numbers, want's to become my authentication to everything.

    No thanks.
  19. collegitdept macrumors regular

    Nov 17, 2009
    And Apple refuses to do either.... so we suffer

    How is this a premium experience again?

  20. AxiomaticRubric macrumors 6502


    Sep 24, 2010
    On Mars, Praising the Omnissiah
    Sooooooo if I do something completely random using their apps:

    "This is a courtesy message from Mobile Authentication Taskforce. Your mobile device has been disabled. Please tap here to contact a customer service representative and verify your identity."
  21. eltoslightfoot macrumors 6502a


    Feb 25, 2011
    HAHAHAHAHAHAHAHA! You win the internet today.
  22. Solomani macrumors 68040


    Sep 25, 2012
    Alberto, Canado
    Ohh hahaha….. like I'd trust my entire password keychains to a company like Verizon. LMAO
  23. topgunn macrumors 65816


    Nov 5, 2004
    I agree. There seems to be a lot of FUD in these comments. This isn't using AT&T in the place of LastPass.

    Many of us already use our phones as a method of multi-factor authentication. This seems to me to be the next iteration of that only easier to use and more secure for the end user.
  24. collegitdept macrumors regular

    Nov 17, 2009
    This is exactly it. And the reason they're doing it, is because Apple refuses. And identity management on iOS is a really big sore spot.

  25. Crow_Servo macrumors regular


    Feb 17, 2018
    Don’t forget, this might combat fraud within the carriers too. Reducing fraud saves the carriers money. That could be one of the motivations behind this idea.

Share This Page