{"id":2530,"date":"2021-07-16T14:05:14","date_gmt":"2021-07-16T08:35:14","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2530"},"modified":"2021-07-16T14:05:16","modified_gmt":"2021-07-16T08:35:16","slug":"advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/","title":{"rendered":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers"},"content":{"rendered":"\n
Zero Trust is increasingly being accepted as one of the best tactics to handle application security and avoid data breaches. To help accomplish progress on Zero Trust, there is now an advanced way to implement continuous user verification by associating directly to the authentication systems used by mobile operators \u2013 without the upward of processing or preserving user information.<\/p><\/p>\n\n\n\n
Before we display its functionality and how to organize it, let\u2019s begin with the basic challenge.<\/p><\/p>\n\n\n\n
What is Zero Trust and Authentication?<\/strong><\/h2>\n\n\n\n
The Zero Trust model of personalized verification most essentially means never trusting that a returning user is who they claim to be, regardless of their location or previous successful attempts. Zero Trust is a strategic approach to access management that is crucial for keeping out bad actors.<\/p><\/p>\n\n\n\n
As the world moves to the cloud, with a progressively distributed network of employees, partners, and clients, tighter auth journeys become even more essential.<\/p><\/p>\n\n\n\n<\/figure>\n\n\n\n
But with greater security comes greater resistance \u2013 users have to come up with intricate passwords, remember security questions, and break their workflows with authenticator applications codes, SMS PINs, and other multi-factor authentication (MFA) methods.<\/p><\/p>\n\n\n\n
The Exchange between Security and UX<\/strong><\/h4>\n\n\n\n
We all know that knowledge factors like credentials are less than ideal. Negotiated passwords are behind the bulk of data breaches and attacks, and Forrester Research appraisal that in the enterprise surrounding, each agent credential\u2019s reset costs $70 in help desk in support. That\u2019s without taking into account the overall disappointing user experience.<\/p><\/p>\n\n\n\n
On the other hand, Biometrics is unrealistic as Zero Trust needs for the average user. You also don\u2019t require such crucial information for all types of access.<\/p><\/p>\n\n\n\n
The control factor gives a solid middle ground, and proof of possession of mobile phones is more universal. Moreover, mobile phone numbers aren\u2019t excessively personal.<\/p><\/p>\n\n\n\n
Although, possession check with use codes \u2013 even authenticator applications \u2013 are vulnerable to man-in-the-middle (MITM) and SIM swap attacks, as well as generating UX problems\u2014from SMS codes that never comes under the pressure of typing counts form an authenticator application against a countdown.<\/p><\/p>\n\n\n\n
A simpler and safer form of checking possession factor while handling Zero Trust is already in the user\u2019s hands \u2013 it\u2019s the mobile phone and the SIM card inside it.<\/p><\/p>\n\n\n\n
How to Authenticate User by Connecting Directly to Mobile Networks?<\/strong><\/h2>\n\n\n\n
There is one thing that is already authenticated with the Mobile Network Operator (MNO) i.e. SIM card inside the phone. It is SIM authentication that permits mobile customers to manage phone calls and connect to data. Now you can use this same powerful authentication method for your website of mobile applications, using tru.ID.<\/p><\/p>\n\n\n\n
tru.ID collaborate directly with carriers across the world to offer these kinds of APIs that design with the network\u2019s authentication framework, using the data connection and without collecting any personally identifiable information (PII). The tru.ID API authenticates whether the SIM card associated with the phone number has recently changed, administering silent, continuous verification.<\/p><\/p>\n\n\n\n
Zero Friction, Zero Trust, Zero-Knowledge<\/strong><\/h4>\n\n\n\n
SIM-based authentication is invisible to the user \u2013 the check of the SIM happens in the background once the user inputs their mobile number. If your site or application already has the mobile phone number preserved, even better \u2013 there\u2019s no user action needed at all. This enhanced UX generates logical account experiences without negotiating security.<\/p><\/p>\n\n\n\n
No directly discoverable user information is traded during the MNO number and SIM lookup \u2013 the check is over a data connection and approves official carrier data.<\/p><\/p>\n\n\n\n
How to Get Started?<\/strong><\/h4>\n\n\n\n
For constant Zero Trust authorizations in the background using the SIM, SIMCheck is suggested, having the additional advantages of being a quick, easy, and server-side assimilation. Should the lookup return recent changes to the SIM, you may select to implement additional set-up verification.<\/p><\/p>\n\n\n\n
How is all this accomplished programmatically? With one API call. When something happens on the client-side which needs a step up or security check, the client informs the server, which composes this API call to check if the SIM has changed for the user\u2019s phone number.<\/p><\/p>\n\n\n\n
curl – – location – – request POST \u2018https:\/\/eu.api.tru.id\/sim_check\/v0.1\/checks\u2019 \\<\/p><\/p>\n\n\n\n
The SIMCheck API response will look something like this, where the \u2018no_sim_change\u2019 equity is the key to tell us whether the SIM card has changed recently:<\/p><\/p>\n\n\n\n
After all this, the server informs the client whether the transaction or request can proceed. If it fails, your site or application can either deny access or need an additional, non-telephonic form of authentication.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Zero Trust is increasingly being accepted as one of the best tactics to handle application security and avoid data breaches. To help accomplish progress on Zero Trust, there is now an advanced way to implement continuous user verification by associating directly to the authentication systems used by mobile operators \u2013 without the upward of processing […]<\/p>\n","protected":false},"author":2,"featured_media":2532,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\n
Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Zero Trust is increasingly being accepted as one of the best tactics to handle application security and avoid data breaches. To help accomplish progress on Zero Trust, there is now an advanced way to implement continuous user verification by associating directly to the authentication systems used by mobile operators \u2013 without the upward of processing […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-16T08:35:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-16T08:35:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Advanced-Zero-Trust-API-Offers-Mobile-Carrier-Authentication-to-Developers-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers\",\"datePublished\":\"2021-07-16T08:35:14+00:00\",\"dateModified\":\"2021-07-16T08:35:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\"},\"wordCount\":806,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\",\"url\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\",\"name\":\"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-07-16T08:35:14+00:00\",\"dateModified\":\"2021-07-16T08:35:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/","og_locale":"en_US","og_type":"article","og_title":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited","og_description":"Zero Trust is increasingly being accepted as one of the best tactics to handle application security and avoid data breaches. To help accomplish progress on Zero Trust, there is now an advanced way to implement continuous user verification by associating directly to the authentication systems used by mobile operators \u2013 without the upward of processing […]","og_url":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-07-16T08:35:14+00:00","article_modified_time":"2021-07-16T08:35:16+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Advanced-Zero-Trust-API-Offers-Mobile-Carrier-Authentication-to-Developers-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers","datePublished":"2021-07-16T08:35:14+00:00","dateModified":"2021-07-16T08:35:16+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/"},"wordCount":806,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/","url":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/","name":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-07-16T08:35:14+00:00","dateModified":"2021-07-16T08:35:16+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/advanced-zero-trust-api-offers-mobile-carrier-authentication-to-developers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Advanced Zero-Trust API Offers Mobile Carrier Authentication to Developers"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2530"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2530"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2530\/revisions"}],"predecessor-version":[{"id":2534,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2530\/revisions\/2534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2532"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Advanced-Zero-Trust-API-Offers-Mobile-Carrier-Authentication-to-Developers-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Advanced-Zero-Trust-API-Offers-Mobile-Carrier-Authentication-to-Developers-image-1024x576.jpg\")
<\/figure>\n\n\n\n