This document discusses securing services in a mobile-first world. It outlines Gemalto's role as a leader in authentication solutions and the shift to increased mobile usage. The document proposes the GSMA Mobile Connect solution, where mobile operators act as identity providers. Mobile Connect aims to fulfill service providers' identity management needs through single sign-on and authentication on mobile devices using the SIM card. A Trusted Service Manager is needed to support the complex ecosystem of service providers, mobile operators, and users. The key challenges of any deployment are security, convenience, and reach across different technical platforms and regions.

1. SECURING SERVICES IN A
MOBILE FIRST WORLD
JF Rubon, Strategy & Innovation
05/11/2014

2. Mobile Corporate Badge
AGENDA
1 – GEMALTO : WHO WE ARE
2 – THE SHIFT TO MOBILE
3 – MOBILE CONNECT
2 Mobile Corporate Badge

3. GEMALTO KEY FIGURES
OUR COMPANY
OUR CLIENTS
OUR INNOVATION
450 OPERATORS
10/11/2014
€2.4BN
(2013)
INVESTED IN R&D
€177M
(2012)
NATIONALITIES
190
12,000
REVENUES
MOBILE NETWORK
PATENTS & PATENT
APPLICATIONS
FINANCIAL
INSTITUTIONS
3,000+
4,300
EMPLOYEES
80 eGOVERNMENT
PROGRAMS
110
DIGITAL
1,700 ENGINEERS
NEW INNOVATIONS
FILED IN 2012
3

4. Gemalto as a leader of Authentication
4 10.11.14
GARTNER’S MAGIC QUADRANT
ON USER AUTHENTICATION
(eBanking / Enterprise)
Gemalto
AUTHENTICATION SOLUTION
95%
of the authentication
market covered
by these players
Safenet

5. +100M people using our Authentication solutions
200CUSTOMERS
CORPORATE
5 LinqUs Mobile ID 10.11.14
NATIONAL
DEPLOYMENTS
OF MobileID
MNO
+20
Service Providers
already connected
our platform
500
on going deployments
for 2014
+5
MOBILE eBANKING
users protected by
EZIO SOLUTIONS
+90M
WW
MANY CUSTOMERS FROM
FORTUNE 500
employees WW use
our eID solutions
+7M

6. The shift to mobile
Security needs, solutions

7. 2.7 Bn people* frustrated by their digital journey…
(source: ICT, number of Internet users in 2013)
Username management nightmare
Password fatigue and weaknesses
Registration fatality
Trust and privacy failure
They need: Convenient online authentication,
secure environment and mobility
* Source: Fireclick – NorSIS Institute - Microsoft
7 LinqUs Mobile ID 10.11.14

8. … impacting online service providers activities
WEB AND E-MERCHANT SERVICES:
 Security breaches, impacting brand image
Low conversion / transformation rate
BANKS:
Customer service costs
Clients growing mobility vs inconvenience to access ebanking
ENTERPRISES:
Securing cloud services access to enhance employees’ mobility
Security breaches multiplying
GOVERNMENTS:
Reduce long time-frame and administrative costs
Dematerialization regulation pressure
They need: Trusted ecosystem and customer attraction
 Revenue and/or  Costs
8 LinqUs Mobile ID 10.11.14

9. Service providers need scalable authentication
levels of assurance
9 LinqUs Mobile ID 10.11.14

10. THE BIG
SHIFT TO MOBILE
50 BN
1.36BN
10 Gemalto Mobile 10.11.14
SMARTPHONE
SALES
SOURCES:
GEMALTO, GATNER, INFORMA, PUBLIC SUBSCRIBER DATA
58.5BN
(2012)
CONNECTED
DEVICES BY
2020
LTE SUBSCRIPTIONS
BY 2018
203BN
(2020)
OTT MESSAGES
NFC- ENABLED
SMARTPHONES
USERS COVERED BY TSMs
1 BN
(2013)
~25%
300 M
(2010)
1.5BN

11. Existing hardware solutions for the PC world
Smart Cards
 May include user picture
 Company logo
 Physical access (badge)
11 LinqUs Mobile ID 10.11.14
Tokens
 long battery lifetime
Optional USB interface
Company logo
Can they still be used in the mobile world ?

12. Shift to mobile : 2 possible axis
Keep a separate token
Alongside the mobile devices
12 Mobile Corporate Badge
Use Mobile Device
Hardware capabilities
&
Transfer the secure application &
credentials into the device
Use Built-in NFC capability
Use an attached reader
Sleeve
USB readers
Use a detached reader
Bluetooth
Bluetooth Smart (BLE)
UICC
μSD
eSE
TEE

13. MOBILE COMPATIBILITY
13 Mobile Corporate Badge
Secure
Element
Family
Badge & NFC / BLE
Connectivity Needed
Large compatibility
UICC
Through MNOs
Large compatibility
microSD
Slot Needed
Fair compatibility
Attached Reader
Low user convenience
Devices with external port
eSE
Fragmented market
Soldered to the device
TEE
Selected devices only
Major mobile makers

14. Compatibility with devices
Without a reader
Detached readers
Attached readers
14
Dual Interface Card
Bluetooth reader
Standard or proprietary port
( only)

15. UICC
The most universal secure element
Highly secure & certified
Fully standardized
Each Service Provider has dedicated secure
‘space’ on SIM
Remotely manageable
Service platform (Java Card™)
Existing deployment processes
Issued by the MNOs
SHIPMENTS OF SIM CARDS
IN 2013 4.2BN
15 Gemalto Mobile 10.11.14
Memory
MNO BANK
1
BANK
2
SP
Global Platform compliant OS
Certified Secured Hardware &
Software

16. EMBEDDED SECURE ELEMENT
A second highly secure chip in the handset
Inherits security from the UICC
Easy to integrate into any device
in multiple form factors
Remotely manageable
Enabling innovative secure use cases
Also suitable for new consumer devices
(wearables, tablets, consoles)
16 Gemalto Mobile 10.11.14

17. TRUSTED EXECUTION ENVIRONMENT
Relies on hardware processor features
Remotely manageable
Secure interaction between user,
services & peripherals (screen, touch..)
Secure storage of code & data
Integrated into the main processor
17 Gemalto Mobile 10.11.14
Application Processor
LOGO COLOR VERSIONS
OPERATING SYSTEM
(e.g Android)
TEE OS
LOGO
LOGO IN BLACK
TRUSTZONE™
SYSTEM-ON-CHIP
LOGO ON BLACK

18. GSMA Mobile Connect
Mobile Operators as identity providers

19. GSMA Mobile Connect
“Develop an innovative new service that will allow
consumers to securely access a wide range of
digital services using their mobile phone number
for authentication.” Source: GSMA Mobile Connect press release – 24/02/2014
19 LinqUs Mobile ID 10.11.14
$5B
revenue per year
when mobile ID
market is mature
Source: Greenwich Consulting
for GSMA

20. The goal is to fulfill service providers’
ID management needs…
MOBILE OPERATORS
to provide all service providers with a common identity
solution leveraging convenient, strong SIM-based
Mobile Connect service
Light
Authentication
Medium to Strong
Authentication
20 LinqUs Mobile ID 10.11.14
Strong
Authentication
Medium to Strong
Authentication
Improving end-user
journey for more
transactions
Adding customer
channels without
security breach
Reducing
administration costs
and time-frame
Leveraging cloud
services and making
their workforce mobile

21. …bringing a diversity of services
Entry-level ID,
similar to Facebook
Connect, low level
of security
Use mobile as
second factor
overlay
21 LinqUs Mobile ID 10.11.14
Use mobile as
a replacement
for legally binding
‘wet’ signature
MNO becomes
ID custodian:
certifies users’
details to SPs
FEDERATED
IDENTITY
2ND FACTOR
AUTHENTICATION
MOBILE DIGITAL
SIGNATURE
IDENTITY
BROKERAGE
Single Sign On
Solutions
OTP, PKI, NFC,
biometrics…
solutions
Mobile PKI
Solutions IdM Solutions
Web access
granted!

22. Trusted Service Manager (TSM) solution
to support a complex ecosystem
Service Providers Mobile Operators
MNO-TSM
To give access to the MNO subscribers base
while ensuring quality of access
© 2014 Gemalto
SP-TSM
To securely deploy & manage SP
applications on any wireless network
MNO 1
MNO 2
MNO 3
22
SP-TSM MNO-TSM

23. Providing the simplest user experience
23 LinqUs Mobile ID 10.11.14

24. 3 key deployment challenges
SECURITY
No “one fits all” solution
24 LinqUs Mobile ID 10.11.14
Secure access
Secured communication
Corporate data protection
Fraud Management
CONVENIENCE
No convenience, no adoption
Enrolment and usage
Need to stick to smartphone user
experience
REACH
Address fragmented
technical platforms:
multiple devices,
multiple SE
In different countries :
Legal, regulation, …
To consumers,
civil servants,
employees,
citizens
CHALLENGE
REACH
CONVENIENCE
SECURITY

25. Thank you !
JF Rubon