Web3 dapps have been flourishing with developers and starups, however, when user authentication is involved it has to fall back to web2. I would like to propose a web3 native authentication system based on SBT (Soul Bound Token) verified by the SIM and Ethereum network. The mobile cellular networks (2G+3G+4G+5G) built by the Mobile Network Operators (MNOs) actually serve much larger population than the internet, including those who use dumb phones or feature phones.
The SIM can be designed as the secure element for wallet, a low cost and universal hardware wallet, provided with an applet (an application running over the operating system of the SIM) for producing the digital fingerprint by hash functions over the IMSI (International Mobile Identity Subscriber Identity, an unique identity of the mobile phone user). User privacy is assured since the hash function is performed based on confidential computing withing the hardware boundary of the SIM hardware chip.
IMSI includes 3 parts:
MCC: Mobile Country Code
MNC: Mobile Network Code
MSIN: The serial number assigned by the network operator
MCC for respective countries and MNC for licensed network operators within the countries are public information and can be included as parameters for verifying a valid SIM user in the contract to facilitate the autonomous attestation.
The fingerprint can be categorized by MCC and MNC and verified by the smart contracts for its validity. When a fingerprint is validated by the contract for the first time, a SBT called SIM Verified Account (SVA) will be available for airdrop to the associated wallet address of the SIM.
For smart phones, the fingerprint is transmitted to the blockchain gateway through BIP protocol (a mobile specification supported by most of the smart phones for end to end communication between the SIM and websites), which interact with the smart contract. BIP can only be triggered by the SIM when the SIM is authorized by the MNO who issue the SIM. When the fingerprint is further verified by the Ethereum contract with it’s uniqueness, SVA will be available for the wallet address. The BIP connectivity ensures the SIM is active as authenticated by the MNO.
For feature phones, the fingerprint is transmitted through SMS to the blockchain gateway, which connect to the contract. The drawback is that the phone number is disclosed to the blockchain gateway. With major use cases for features phones like mobile money in African countries where mobile money are driven by mobile numbers as identity, the privacy issue can be mitigated by offchain solutions which are commonly accepted and regulated.
With matured standardization of the global mobile cellular network as well as the massively distributed SIMs in place, they become an autonomous attestation platform for SVA to bootstrap the native web3 ecosystem. The assumption is the trust to the existing licensed MNOs who issue the SIM with proper KYC in place, for which most of the countries have implemented properly. For countries where KYC may not be facilitated, the SBT can be issued with moderated credit scores.
Feedback, discussions, and comments are welcome.