What’s in your eWallet?

What’s in your eWallet?

By Kari Mattson

Digital wallets at your service

One of the many features of the Trivore Identity Service (TIS) that we are proud of is its digital wallet capability which allows an individual to make electronic transactions.The wallets can be prepaid (i.e., money is deposited in the digital wallet prior to any transactions) or they can be linked to a user’s bank account or payment card. 

Multiple wallets for many purposes

TIS enables each user account to have multiple secure personal wallets that can be used for digital transactions. The built-in anonymization features of the system allow the wallets to be connected with a strong identity while still allowing anonymous purchases. This combines transaction security with consumer privacy, a goal which is typically very difficult to achieve. 

TIS also supports another rare use case: anonymous users and identities may also have wallets. This enables bearer-based usage patterns, which typically have low-value transactions. Higher monetary values easily triggerAML and KYC requirements, which we also support, but that is another blog post.

A single user account can have an unlimited number of wallets indifferent currencies for different purposes. Value may be moved between wallets and identities. This provides a great deal of flexibility and enables numerous use cases. 

Wallets have the same level of high security as bank accounts but are otherwise deliberately much simpler and have fewer features for ease of use and convenience.

We speak corporatese…

TIS also supports corporate user accounts which may have wallets. The use cases of this are countless, but an easy example would be a corporation paying  in a very cost-effective manner for (either fully or partially) an employee’s public transportation fares while commuting. Since the wallets are always tied to a strong identity, it is easy to control what and by whom the corporate wallets can be used for. This makes life easier for the employee and the company alike and helps reduce back-office work considerably. For the service provider, this capability enables new value-added services and creates additional business opportunities.

Business rules engine support

TIS supports the attachment of a line-of-business business rule engine for the wallets. As TIS is purposely agnostic to the business processes, this allows for huge innovations. For instance, a corporate commuting wallet can be restricted so that it can only be used from 6 am to 6pm on weekdays. Or the wallets could only be used on certain routes.

Learn more about TIS

Digital wallets are just one example of the added value of TrivoreIdentity Service, that helps customers integrate identity and access management into their applications and accelerates solution development significantly.

Unlike most IDaaS platforms, TIS is built from the ground up to be easily integrated with demanding business applications and can act as the backbone of critical business workflows.

Should you be interested in how to integrate strong identities into your business, you can read more aboutTIS on our product pages.

Everything You Always Wanted to Know About eSIM

Everything You Always Wanted to Know About eSIM (But Were Afraid to Ask)

Kari Mattson, January 21, 2020

What is this eSIM thingy, anyway?

Pretty soon you may not need a SIM card in your phone as growing array of connected devices will connect to mobile using embedded SIM (eSIM) technology. eSIM is a global specification which involves aSIM card chip being embedded into a device.

eSIM technology has been around for some time, but only its adoption by Apple in late generation iPhones brought it to the public consciousness. 

One of the main advantages of eSIM is that it enables users to change operator remotely without having to acquire a new physicalSIM card – this can augur an even fiercer competition among operators and new usage modes. Theoretically, a phone using an eSIM could negotiate the rates with available operators on a call-by-call basis to get the absolute best prices.

More practically, eSIM also allows people to store multiple profiles on a single device, effectively having two or more numbers, and switch between them at ease. This is ideal for anyone who may require an additional number for travel or business, for example.

As an increasing number of devices offer eSIM technology, we are likely to see more mobile operators offering support for the service, particularly as it gives them an opportunity to up and cross-sell new service plans to their customers across the consumer and enterprise markets

But wait, that is not all…

While eSIMs can change phone usage quite abit, the technology will not just be used in smartphones. 

eSIMs will be seen in many consumer devices which require always-on connectivity. This includes wearables, such as smartwatches and smart glasses, connected home devices, and computing devices such as laptops and tablets. Technology which has traditionally connected to Wi-Fi will benefit from the wider availability and security of cellular (4G and5G) networks.

One of the first consumer devices to feature eSIM is the 4th generation Apple iWatch which is cellular capable, enabling many new use cases. The iconic Dick Tracy wrist phone is starting to be reality, thanks to eSIM.

The many benefits of eSIM

Consumers, businesses, and benefits can will all benefit from eSIM.

As eSIM enables subscribers to connect more devices to their mobile operator, operators can offer multi-device packages and bespoke data plans. 

Device bundling will b­ecome much easier, with consumers able to conveniently add new devices to their plans without having togo in store or wait for a physical SIM card to arrive in the post. This presents new revenue opportunities for operators, as it becomes easier for customers to scale up their plans by adding new devices which require data.

Businesses with a large number of mobiles used by their employees will also benefit from the convenience of eSIM. eSIM can deliver a streamlined user experience for managing cellular connectivity, enabling IT teams to provision and deploy new devices in a rapid and convenient fashion. Adding new phones to a corporate mobile service or swapping devices between users as they join and leave a company will become much more efficient, as it can be achieved remotely. Profiles for each user can also be personalized and data plans can be adjusted and optimized, via eSIM remote management tools.

Don’t forget IoT

eSIM will also benefit businesses that use IoT systems, and in particular businesses that have large m2m (machine-to-machine)deployments such as oil and gas, power plants, manufacturing facilities and warehouses. For a company using thousands of individual pieces of hardware that require mobile connectivity, installing a SIM card into each unit would be a painstaking (and expensive) task.

With eSIM, businesses can remotely connect all of this technology to a mobile network. Furthermore, if the technology is required to operate in another country, it can be programmed remotely to connect to a local operator in that region.

Because it is embedded, an eSIM uses less space and is cheaper than traditional SIM technology: mobile connectivity can now be introduced into hardware where it was previously not feasible due to cost or space restrictions.

Finally, as with the consumer market, operators can create new data plans for businesses as their connectivity requirements scale up. This could include new packages for previously unconnected devices, such as connected cars or iPads, naturally resulting in new revenue streams.

Making it a reality

While eSIM offers some exciting possibilities, its adoption is still in its infancy. Both manufacturers and operators must step up their game to drive the adoption of eSIM technology.

Technology manufacturers must support the new technology and make it available in their products. On this front, things are developing: analysts suggest all new smartphone devices will support eSIM by2030, and other types of connected technology will likely follow suit.

Operators play a crucial role. They must support the technology on their networks, create innovative new services, and provide a smooth experience for business and consumer customers looking to adopt the services. 

Operators need to create a smooth experience for onboarding customers using eSIM, via an online portal or application. Bespoke applications can be developed specifically for enterprise customers, whilst consumers can be served through operator portals.

For this customer experience to be seamless, operators must ensure that their eSIM technology is compatible with different handset manufactures and eSIM vendors and ensure they can support multiple download and activation methods.

To achieve this, operators must evolve their billing support systems and have an entitlement platform which will empower them with advanced eSIM management capabilities. This will ensure that they can make it as easy as possible for users to adopt eSIM technology, which will help drive new uses cases for it across the consumer and enterprise markets.

Trivore and eSIM

Our Trivore Device Entitlement Service (or DES among friends), is a carrier-grade solution for mobile device manufacturers and mobile operators to activate and provision cloud, on-premise, and embedded software applications from a single platform.

DES provides full support for eSIM and lets operators and manufacturers take advantage of this new technology easily and inexpensively. Just like other Trivore products, DES features a modern web-based GUI, open APIs, a powerful SDK for client development, and built-in identity management functionality.

You can find more info on DES on our product page.

Trivore supporting public transportation

Trivore supporting public transportation

Trivore and our very own Kari Mattsson were recently featured in Suomidigi, a website supporting and looking at the state of the digitalization of the Finnish public sector.

The article describes how HSL (the Helsinki Regional Transit Authority) has incorporated the national Suomi.fi and European eIDAS strong identification systems using the Trivore Identity Service (TIS).

The story, alas, is in Finnish only (it can be found here), but since has some useful information, we try to summarize some of the key points here.

Having strong identification information is crucial for the proper functioning of the system as the residents of the various municipalities in the HSL region get discounted tickets based on their place of residence. Being able to leverage national ID systems that have e.g. accurate address information allows HSL to provide the discounts easily and fairly. Discounted tickets have previously been limited to physical ticket products but with the help of TIP and the Suomi.fi service, HSL can now extend the discounts to mobile tickets, as well.

Riders from outside of Finland benefit from the pan-European eIDAS identification system support. Riders can be sure their information is handled appropriately (and following all relevant regulations) and they can ride on HSL knowing their information is secure. HSL is the first player in Finland to have a fully eIDAS compliant system and e.g. German eIDAS identification requests have been handled without any issues.

Niko Tynkkynen, the Digital Service Design Team Lead at HSL outlines the challenges of rolling out a system like this: ”We have to be sure we handle the information of our more than one million riders in full compliance of GDPR rules, yet we also want to make sure the service experience is seamless across devices and services. We also want to bring new, increasingly personalized services and experiences to our riders.”

One further benefit of TIS is the ability to federate identities across different actors and services. The system e.g. enables using identities managed by the HSL system to be used for accessing public transportation services in Tampere – or any other city in Finland.

Should you be interested, you can read more about TIs on our product pages.

Trivore Identity Service Client SDKs released

Trivore Identity Service Client SDKs released

By Kari Mattsson on September 22th, 2019

The SDKs are out!

The often requested, fully documented Trivore Identity Service Client SDKs for Java and Python are now available. The SDKs let developers increase their productivity and get the most of of the comprehensive Trivore Identity Service APIs to create beautiful identity-driven applications.

Why does the SDK matter?

The SDK helps our customers (and us, too!) to create robust Identity-driven applications powered by Trivore Identity Service faster and more easily. The SDK leverages the robust Trivore Identity Service APIs (Application Programming Interfaces) and contains technical documentation, sample code, and other tools that help a developer be more efficient and deliver better applications.

The difference between and SDK and an API

An API is essentially a clear set of rules, or protocols, for interacting with a system. As long as a programmer knows how to use the right protocols they can successfully accomplish the tasks they want to complete on the platform. An API is like a recipe, it’s a set of clear instructions. Companies often use APIs to give external parties access to their data or systems. An SDK is more like a box of cake mix. It has everything you’ll need to make a cake quickly and easily.

What about other languages?

While Python and Java are the most common languages used to develop applications powered by Trivore Identity Service, we are working on other languages, too.

The next planned languages are Go and Javascript. The release schedule is not fully confirmed yet but we expect the release to happen in late 2019 or very early in 2020. Stay tuned for details.

If you are a Trivore customer and have a need for an SDK for another language, drop us a line and we will certainly consider your request.

Where can I get it?

You can download the SDKs for both Java and Python from our Gitlab public page.

The Java version will also be shortly available on Maven Central and the Python version on PyPI.

You can find documentation and other goodies from the Trivore Identity Service support site.

About Trivore Corporation

Founded in 2001, Trivore Corporation crafts identity-driven enterprise software for business-critical applications. Trivore serves demanding customers – both enterprises and public sector actors – that need robust and scalable enterprise solutions for business-critical applications. Trivore is the Identity Authority™.

OpenID Connect™ Certification for Trivore Identity Service

OpenID Connect™ Certification for Trivore Identity Service

By Kari Mattsson on September 20th, 2019

Trivore Corporation has on August 26, 2019 certified that Trivore Identity Service 3.0 conforms to the Basic OP, Implicit OP, Hybrid OP, and Config OP profiles of the OpenID Connect protocol.

The OpenID Connect certification is a big step for Trivore and our customers. With this certification, the users of  Trivore Identity Service can easily leverage the industry-leading standard Identity Provider in their applications. This makes development faster, applications safer, and provides a great deal of ease-of-use for end-users.

What is OpenID Connect?

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.

Why Does OpenID Connect Matter?

OpenID Connect has become the leading standard for single sign-on and identity provision on the Internet. Its formula for success: simple JSON-based identity tokens (JWT), delivered via OAuth 2.0 flows designed for web, browser-based and native / mobile applications.

OpenID Connect, published in 2014, is not the first standard for Identity Provider (IdP), but, in our opion, the best in terms of usability and simplicity, having learned the lessons from past efforts such as SAML and OpenID 1.0 and 2.0.

About Open ID Foundation

The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies.

The OpenID Foundation is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID.

About Trivore Corporation

Founded in 2001, Trivore Corporation crafts identity-driven enterprise software for business-critical applications. Trivore serves demanding customers – both enterprises and public sector actors – that need robust and scalable enterprise solutions for business-critical applications. Trivore is the Identity Authority™.