Monetize digital identity for an interconnected world
5G promises amazing new experiences for customers and far more efficient, profitable operations for CSPs. HPE is reinventing core networks to enable a new kind of architecture that’s optimized for your 5G business requirements.
+ show more
Business white paper
As consumers use more connected devices, secure digital identity is becoming a crucial requirement—and a huge business opportunity for mobile network operators. To capitalize on this, operators need sophisticated entitlement, authentication, and orchestration tools to manage a wide range of devices and platforms.
As the global leader in digital entitlement, Hewlett Packard Enterprise provides a comprehensive platform for managing digital identity. We can help you meet your customers’ insatiable need for new connected experiences, and make onboarding new devices quick, simple, and self-reliant. You can bring the full spectrum of identity-based solutions to consumers and enterprises, as well as build a versatile foundation for the future.
Riding the wave of digital interconnectivity
Just a decade ago, we lived in a very different world. Most peoples’ digital universe revolved around a PC.
The first iPad was just hitting the scene. Smartphones were still in the minority and you could count the number of connected devices in a typical home on one hand. Fast forward to 2020, things have certainly changed.
Today, virtually all adults use a smartphone and that’s just one entry point into their digital lives. Tablets, laptops, smart watches, and other embedded-SIM (eSIM) wearables—all offer a rich world of connected applications and services. These devices aren’t just connected to a network anymore, they’re interconnected with each other. A call to your smartphone brings up an alert on your watch. A show you’re binging can start on your TV, shift to your phone, and then to your laptop without a hiccup. Secure enterprise applications on your work PC can seamlessly extend to your smartphone and back.
At the center of all these interconnections is one constant—your digital identity. A single phone number, for example, can provide the digital core around which all your interconnected devices and services orbit. With this trusted digital identity, you can continually add new devices and interconnect services—quickly and easily, without having to constantly re-enter login credentials or call customer support for help. At least, that’s how it’s supposed to work.
Do you have the right tools in place?
In practice, managing a modern digital persona—actually delivering seamless interconnected device experiences—requires sophisticated digital identity technologies working in the background. And the need for such technology is only growing. In the next few years, you can expect:
- Massive growth in eSIM wearables and things, with eSIM-enabled phone sales alone projected to reach 300 million by 2024 1
- New device types and activation models, especially in the workplace, such as bring your own device (BYOD) trends add millions of new devices—and new security challenges—to enterprise IT
- Growing dominance of cloud and as-a-service applications that are explicitly designed to work across multiple devices
- More nomadic workforce, as people increasingly work from home and on the go via trusted connected devices
- Ubiquitous connectivity, as 5G and Wi-Fi blanket every space on the planet with access to digital services and spawn massive growth in the Internet of Things (IoT)
These trends add up to a far more complex landscape for managing digital identity than ever existed before. At the same time, they create huge opportunities for mobile network operators (MNOs). Analysts project the identity verification market to reach nearly $13 billion globally by 2024 2and carriers are perfectly positioned to capitalize. They already have the trust of their subscribers and mature processes to establish and verify identity. Most important: they are the only players in the digital ecosystem with the ability to use SIM and eSIM technology as a trusted mechanism to link devices with real identities.
To make the most of this opportunity, however, MNOs need to have the right tools in place. They need a flexible, comprehensive digital identity management platform that can address diverse requirements for multiple stakeholders:
- Consumers need identity services that make it quick and easy to interconnect devices and activate new services. They shouldn’t have to wrestle with complex onboarding processes or call a support line to add devices to their account.
- Enterprises need help connecting more dispersed and mobile workforces. They need trusted digital identity services to securely connect both business- and employee-owned devices in ways that are simple and transparent for users.
- Carriers themselves need modern digital identity tools to connect all manner of subscriber devices and platforms across both personal and enterprise domains. They need to seamlessly extend trusted connectivity across multiple networks, cellular, and Wi-Fi. Most importantly, to capitalize on the opportunity, they need tools that are flexible enough to support all digital identity use cases, not just onboarding wearables.
As the industry leader in entitlement technology for carrier networks, HPE provides a comprehensive toolkit to address all these requirements. We can help you become the universally trusted keeper of your customers’ digital identities, so you can capitalize on the interconnectivity revolution.
Managing digital identity with HPE
HPE provides a comprehensive identity platform to help you make the most of explosive growth in eSIM devices and address the full range of digital identity use cases.
You can deliver digital identity services that are trusted, standards-based, and flexible enough to support diverse consumer and enterprise needs. At the same time, you can create an onboarding experience that makes it quick and simple for users to activate new services right from their devices.
From the same HPE Digital Identity platform, you can support use cases such as:
- On-device eSIM activation: Enable fast, self-service activation of new eSIM devices right from the device—using whichever authentication method the device supports, without the need for QR codes or calls to customer service.
- On-device Wi-Fi and Voice-over-LTE (VoLTE) calling management: Handle the entitlements needed to deliver seamless voice experiences as users roam across Wi-Fi and LTE networks.
- Secure Wi-Fi authentication: Provide seamless authentication and identity management to let users easily, transparently access Wi-Fi in public venues and private clouds.
- Secure IoT: IoT devices enabled with eSIM or SIM can use the SIM for secure authentication. The carrier then becomes the secure identity provider, using the eSIM/SIM as a hardware root of trust to verify that connected devices are legitimate.
By delivering comprehensive identity services for these use cases and many others, you can grow revenues and differentiate from the competition. You can continually bring your customers the latest eSIM-enabled products and experiences, both today and in the future. You can deliver more personalized multidevice experiences that increase subscriber stickiness. And, you can put in place a versatile foundation for future enterprise services, such as secure device identity for IoT.
Three pillars of digital identity—entitlement, authentication, orchestration
Carriers are the only stakeholders in the digital ecosystem that can use SIM and eSIM technology as the glue that binds all a subscriber’s digital devices and services together.
That same identity management capability can also provide the foundation for new use cases beyond just connecting smart watches or activating basic voice services. To make the most of this opportunity, however, you need a strong SIM/eSIM orchestration platform in place, solid authentication, and flexible entitlement capabilities.
As a longtime market leader in entitlement, HPE enables state-of-the-art digital identity management for an interconnected world. We provide a comprehensive toolkit that extends across the three pillars of digital identity—entitlement, authentication, and orchestration.
Entitlement—HPE Device Entitlement Gateway
Entitlement is the core of digital identity.
It’s the bridge between networks and interconnected devices, the intelligence that communicates with diverse mobile network operator (MNO) business and operations systems to verify that a user is entitled to access a given service on a given device. Specifically, an entitlement platform:
- Provides the overall status of the service to the client
- Provides the status of the service activation procedure to the device
- Manages the web interface that the device presents to users when activating and managing the service
The more flexible your entitlement solution, the more use cases you can support. HPE Device Entitlement Gateway (DEG) provides the functionality needed to manage the full range of digital identity use cases. Connecting millions of subscribers around the world, HPE DEG meets the entitlement requirements, including both device-specific and standardized specifications. It enables highly secure exchange of information between devices and acts as the carrier-grade gateway to back-end systems for subscriber profiles, authentication (3GPP AAA or HSS), and service provisioning and operations.
Deliver the full spectrum of identity-based use cases
Many entitlement solutions are designed solely for onboarding smart watches and other eSIM devices. With HPE entitlement technology, you can support the full range of digital identity use cases, including companion devices, wearables, multidevice connectivity, and many others. (See the section HPE DIGITAL IDENTITY IN ACTION for details.)
Those are just some of the experiences you can bring to your customers today. In the future, you’ll be able to do much more. For example, as you transition to 5G network, you may be able to use device entitlements to coordinate services over different network slices. That could mean securely connecting millions of new IoT endpoints and enabling devices to register themselves for specific slices or services. Imagine medical devices that can validate they’re entitled to use an ultra-low-latency slice dedicated to telemedicine. Or, imagine a subscriber going on vacation, who wants to purchase a temporary upgrade to the 8K video streaming slice for her mobile device. With HPE, you have the flexibility and feature set to support emerging use cases like these and many others.
Authentication—HPE Secure Identity Broker
As a critical component of entitlement—and the foundation of secure connectivity—you need the ability to verify that users attempting to access or activate services on a device are who they claim to be.
This becomes particularly important in an interconnected world, where subscribers have many more devices that need to be accurately authenticated and linked together based on their digital identity. To provide trusted identity management for all devices and use cases, not just a subset, you’ll need to support the full range of authentication and authorization mechanisms that customers’ devices use.
The HPE Digital Identity platform provides a complete toolset to deliver secure, trusted authentication for all devices and access methods in a single platform. For many SIM and eSIM-enabled devices, you can manage authentication via HTTP embedded EAP-AKA. Here, everything happens in the background, often with no user interaction at all.
You also have the option to use the HPE Secure Identity Broker (SIB), which supports:
- OAuth 2.0 protocol, an authorization framework that enables third-party applications to obtain limited access to an HTTP service on the customer’s device
- OpenID Connect (OIDC) protocol, an identity layer that runs on top of the OAuth 2.0 and allows clients to request and receive information about authenticated sessions and end users
- GSMA Mobile Connect implementations, where HPE SIB provides dynamic device information for authentication, authorization, and identity solutions using attributes related to the user’s mobile phone account
HPE SIB allows you to establish a trusted digital identity for your customers as the centerpiece of their interconnected world. It supports multi-factor authentication (MFA) mechanisms such as biometrics and one-time passwords issued via SMS. And, it provides the authorization capabilities needed to securely establish and activate new services, such as obtaining the user’s consent for a credit check.
The combination of HPE DEG and HPE SIB addresses the full spectrum of subscriber devices and experiences. Your subscribers can securely connect new eSIM-enabled wearables, laptops, and other devices in seconds, on their own. At the same time, you can use OIDC to securely authorize services for eSIM devices, manage authentication for Wi-Fi and voice services, and even support new identity-based use cases such as GSMA account takeover protection. (For details, see the section HPE DIGITAL IDENTITY IN ACTION.)
eSIM orchestration—enabling on-device activation
Managing authentication and entitlement, as customers add different types of devices, as well as coordinating diverse back-end systems and touchpoints can get quite complex.
If you want to give your customers the seamless interconnected experiences they expect, you have to make the process simple.
The HPE eSIM Orchestrator module provides end-to-end orchestration for the entire process. It ties together multiple independent business and operations systems, providing a single entry-point to simplify the registration, activation, and interconnection of eSIM devices. It also enables federated identity to tie those devices together. One primary device—such as the subscriber’s smartphone—can trigger each device’s unique authentication processes and then link all devices together under that primary digital identity.
For your customers, it’s no longer necessary to scan QR codes, log into multiple interfaces, follow complex steps, or call customer support when adding a new eSIM device. Instead, they can drive the complete activation process right from their device in a single, uninterrupted flow. The whole experience takes seconds. (For details, see the following section.)
HPE Digital identity in action
The best way to appreciate the value of trusted, flexible identity management is to see how it operates in the real world.
With HPE’s comprehensive digital identity toolkit, a broad spectrum of new interconnected experiences become possible—with the operator at the center of the multidevice and multiservice ecosystem, enabling all of them.
Let’s take a closer look at some of the most popular and innovative use cases for both consumer and enterprise customers.
Consumer digital identity use cases
Today, the primary driver for building up digital identity capabilities is the explosion of new consumer devices with eSIM. Your customers want to use the latest wearables, make calls from their smart watches, and use their eSIM-enabled tablets and laptops anywhere. And, they want everything to securely share services under their primary phone number.
The HPE Digital Identity tools make it quick and easy for subscribers to add new eSIM companion devices to their account. They can set up a new subscription, transfer a subscription, or enable new devices to share their existing subscription in seconds—it’s self‑service, right from their smartphone.
At the same time, by bringing on-device Subscription activation to your customers’ primary smartphones—and seamlessly orchestrating all the systems and touchpoints in the background—you can support many new use cases:
- New device and service activation: Give subscribers the ability to transfer their account from a previous SIM/eSIM-based phone to a new eSIM phone, or activate new services on a device, entirely on their own—without having to visit a store or call customer service.
- Work-from-home account: Workers transitioning to working from home can set up a second subscription on their mobile phones. They can then switch between personal and work plans on the same device, while preserving separate accounts and billing.
- Temporary subscription for travel and tourism: Generate new revenues by making it easy for tourists visiting your region to purchase temporary prepaid subscriptions. Use the same tools to let your own customers activate temporary subscriptions with roaming partners when they travel—right on the device, using your branded interface.
- Try and buy: Grow your subscriber base by giving customers with other carriers the option to evaluate your services by activating a temporary subscription on their eSIM device.
- Wi-Fi and VoLTE calling setup: Make it quick, simple, and transparent for subscribers to use voice services across networks.
On-Device Subscription Activation
One of the most compelling use cases for digital identity for both consumers and enterprises is on-device subscription activation (ODSA). For consumers, the ability to activate new SIM/eSIM devices right from their phone, in seconds, is a huge improvement over alternate approaches.
For enterprises, the benefits of ODSA are even greater. Enterprises looking to support employee eSIM devices must navigate many layers of complexity—enforcing enterprise security policy, integrating with mobile device management (MDM) systems, and safeguarding access to corporate resources from both company-issued and employee‑owned devices. With digital identity management from HPE, you can help make onboarding and provisioning new devices quick, easy, and secure—for both employees and enterprise IT.
The process of onboarding new laptops or adding secondary eSIM devices to corporate accounts is similar to that used by consumers, but here it is performed by enterprise IT. Unlike models based on QR codes, enterprises don’t need preallocated activation codes. Instead, HPE DEG communicates with the enterprise MDM platform via an on-device activation API, requesting activation for a specific enterprise device. The platform generates new eSIM profiles on-demand as devices are on boarded.
The HPE platform handles entitlements and authentication and orchestrates everything for the enterprise. As these eSIM-enabled devices proliferate, enterprises have the option to use eSIM as a secure, trusted method for authenticating users seeking to access corporate resources—whether via a direct relationship with their carrier, or through an open marketplace like Mobile Connect.
Enterprise digital identity use cases
Identity management services aren’t just for the consumer market. Enterprises, for instance, want to give employees the same kinds of interconnectivity experiences with the devices they use for work. Financial institutions want to add new layers of protection against identity theft and fraud. Retailers, gaming companies, vehicle OEMs, and many others can benefit from the ability to authenticate users and use their digital identity to securely manage devices and services.
All of this requires trusted, flexible identity management and enterprises are looking to MNOs to help deliver it. HPE can help you meet this growing market demand and build up lucrative enterprise identity management services—both today and in the future.
Account takeover protection
With advanced HPE authentication and OIDC capabilities, you can offer enterprises an extra layer of protection against identity theft via a fraudulently cloned SIM—an ongoing threat in some regions.
A bank, for example, can use its carrier’s identity and authentication capabilities to ensure that customers initiating a financial transaction on a smartphone are actually who they claim to be. The bank uses MFA to send a pin code to the subscriber’s phone before authorizing the transaction. The MNO shares the user’s attributes with the bank, verifying that the SIM on that device is legitimately associated with that user and has not been reported lost or stolen.
Differentiated Wi-Fi experiences
As enterprises move forward in a more interconnected world, the lines separating cellular and Wi-Fi services are starting to blur. For example, large venues like sports arenas and concert halls want to offload cellular traffic to Wi-Fi to give users in the venue a more reliable, better-performing connection. Other enterprises want to give their employees ubiquitous, high-performing connectivity such as paying for priority access to carrier-sponsored Wi-Fi at airports, convention centers, and other venues.
For these and other revenue-generating use cases to succeed, enterprises need trusted, flexible identity services. HPE provides everything carriers need to deliver a comprehensive, standards-based Wi-Fi authentication and settlement gateway.
Help your customers provide simple, secure Wi-Fi access in large, dense locations. Provide seamless offload from cellular to Wi-Fi networks based on trusted subscriber SIM credentials or enterprise certificates.
OpenID identity services for secure authentication
Support new enterprise use cases and partnerships by using OpenID Connect to authenticate enterprise users on the go. With the HPE Digital Identity platform, you can support standardized OpenID frameworks such as GSMA Mobile Connect. Or, you can use OpenID to deliver the same kinds of capabilities through your own branded portal.
Closing the IoT security gap
5G promises to spur massive growth in the IoT, allowing operators and businesses to more efficiently connect sensors, water and power meters, vehicles, industrial equipment, and much more. To enable these use cases, however, businesses must be confident that the devices they’re connecting are trusted and secure. For devices connecting via SIM or eSIM, you can provide a mature, trusted mechanism to confirm that devices are what they claim to be.
For tomorrow’s IoT applications, SIM can be used as the hardware Silicon Root of Trust from HPE, the foundation of scalable, standardized authentication. In these scenarios, MNOs provide a secure key via the SIM, which is stored locally on the client device. The device can be authenticated on initial activation and enable secure connectivity far more easily than alternative ad-hoc IoT security options.
As the number of IoT devices worldwide explodes, these kinds of carrier-provided identity and authentication services will be in high demand. You can’t support them if your identity management platform is limited to just onboarding wearables. With the HPE Digital Identity platform, you have the flexibility to pursue these and other emerging opportunities.
Driving toward industry standards
Standards play an important role across the technology landscape, but nowhere more so than in secure device connectivity. As the number of global connections increases exponentially in the coming years, the last thing carriers want is to have to rebuild end‑to‑end digital identity capabilities every time a new device comes along. This is the reason the HPE Digital Identity platform provides a single, reusable entry point into the carrier’s back-end. It’s also the reason why HPE plays an active role in standards bodies such as GSMA, where we help develop and maintain standardized device interfaces for the full range of digital identity use cases, not just wearables.
We’ve been leading the charge to provide consistency and reusability in the mechanisms that digital identity platforms use to communicate with devices and systems. HPE played a major role in the development of the GSMA TS.43 specification, which outlines a consistent, standardized way to manage device entitlements for ODSA, SMSoIP, VoWi-Fi, and VoLTE. In fact, HPE Distinguished Technologist, Jerome Sicard, led the TS.43 committee at GSMA and was the driving architect for standard.
Industry efforts like these lay the groundwork for tomorrow’s digital identity use cases. By collaborating with carriers, device vendors, and industry groups, we can help expand the ecosystem of interconnected experiences across vendors while helping minimize complexity and costs.
Start your digital identity journey
We’ve come a long way since the early days of smartphones and tablets. The next decade promises amazing connected devices and experiences, along with consumer and enterprise use cases we’ve only begun to imagine.
But, one thing is clear—all of them will depend on trusted digital identity.
As a longtime leader in entitlement, HPE is the right partner to help you capitalize on the interconnectivity revolution. We can provide:
- Versatile digital identity platform: Some vendors offer effective identity solutions but only for smart watches and eSIM wearables. HPE provides a flexible, comprehensive platform to support digital identity use cases, both consumer and enterprise.
- Proven leadership: HPE is a market leader in trusted digital entitlement. Right now, service providers around the world are using HPE Digital Identity technology to manage more than 150 million devices and securely connect over 650 million subscribers.
- Standards-aligned, vendor-agnostic solutions: HPE is one of the industry’s strongest advocates for consistent, reusable identity mechanisms for connected devices and services. We continue to lead these efforts within industry groups like GSMA, as well as working directly with device manufacturers and network vendors. No matter which vendors you use for core, access, and IMS solutions, you can benefit from HPE Digital Identity technology.
Let HPE help you position your business as a leader in trusted digital identity management. You can bring secure, flexible identity capabilities to the full range of emerging use cases and power a new world of interconnected experiences.
- 1 Emerging Device Technologies (EDT), Strategy Analytics, 2020
- 2 The 2021–2026 World Outlook for Universal Log-in and Mobile Identity Services, Research and Markets, 2019