A new standard is emerging in the telecommunications world. GSMA’s Open Gateway is an initiative for creating a framework for Network APIs that establishes vendor interoperability and access to novel network features.

The standardization and new network features provided by these APIs will enable developers to create applications that can work across networks and across nations. They will enable a new set of smart applications, from IoT-based Smart Factories to remote surgeries. These new features will foster the proliferation of Smart Devices and act as a driving force behind the growth of 5G.

Today we will go through the APIs already developed in the Open Gateway initiative and discuss:

• How they work,

• Applications they enable,

• Business potential,

• Possible pricing plan.

As Defne, we’ve been following the emergence of GSMA’s Open API framework closely, as we believe it holds great significance for the future of 5G and telecommunications. We talked with industrial analysts and GSMA members about the potential of these APIs in private discussions and by attending industry-leading events, like the 38th GTI Workshop.

We want to thank Gartner Senior Analyst Ajit Patankar for greatly enhancing our knowledge and understanding of the markets, specifically about what CPaaS vendors and MNOs can and cannot do, and the ease of implementation for each of these APIs.

We picked some particularly impactful APIs to talk about in this issue. We will cover the following:

• Device Location APIs

• Quality on Demand

• SIM Swap

Device Location

The device location APIs of the Open Gateway Initiative consists of three APIs, which are the Device Geofencing API, Location retrieval API, and Device Location Verification API.

How it works

• Device Geofencing API allows triggered events to occur when the mobile device subscriber enters or exits an area [1].

• Location Retrieval API returns a circular or polygonal area that a subscriber may be located inside. The shape and accuracy of this area change depending on network conditions [2].

• Location Verification API allows the API user to check if an area they specify matches the user’s location and returns a response according to different conditions [3].

Applications Unlocked

Geotargeted Marketing and Operational Efficiency: Whenever someone needs to trigger certain operations related to a mobile device upon entering a certain area, the Geofencing API can be used. Whenever a customer enters a shopping area, a retail business can send location-triggered advertisements or coupons, and a logistics service may keep track of shipments.

Fraud Prevention: When managing high-value online transactions, having fool-proof safety checks is of the highest importance. Banks can rely on the location verification and retrieval APIs to put in place location-based safety measures against fraud.

In a fraud attempt, the location APIs can check whether the location a transaction is being made from corresponds to the location of their customers’ mobile phone devices. If they don’t match up, it’s highly likely that the transaction is fraudulent activity, and the customer should be notified immediately.

Smart Operations: Businesses that require managing different moving parts benefit from Location APIs. Multi-device operations like Smart Factories, Multi-Drone Missions, or IoT Houses can use the APIs to keep track of devices entering and exiting certain locations and trigger location-based events to manage their activities.

Business Potential

MNOs today already do a lot of implementation with network-based positioning. This ability is not available to CPaaS vendors. Since Location APIs can enable many highly advanced applications and are unique in the communications landscape today, they have the potential to generate a lot of growth for businesses and MNOs.

Possible Pricing Model

This API could charge per use, for each call upon Location Verification or Retrieval APIs, or each event triggered by the Geofencing API. Prices could be different for each, and could possibly be in the $0.2 - $0.3 range.

Quality on Demand

Many modern applications that form the backbone of 5G services require an optimized and unwavering network connection. Changes in connectivity for these applications might mean total disruption of operations. To avoid such downfalls, the Quality on Demand (QoD) API ensures clients receive the high-quality connection that they need.

How it works

QoD API ensures that required network conditions are met for certain application flows. Using the API, the client can select certain app flows between the client and the server to be prioritized, and queue Quality of Session (QoS) profiles to be activated for select durations. These QoS profiles have specific network qualities, like latency, throughput, or bandwidth. QoD API will ensure that the app flow will receive the qualities specified in the QoS profile for the determined period of time [4].

In case these network conditions cannot be met, the QoD API will “negotiate” with the client to establish reliable connectivity for the application. This ensures that operations are carried out with the best possible connectivity, which is crucial for applications that can’t function if requirements are not met.

This API can function over private 5G networks and utilize network slicing capabilities, which are important current developments in 5G.

Applications Unlocked

The QoD API works best with applications whose network demands change depending on their mode of operation. Such applications may include operating drones or mobile gaming. For example, drone search & rescue missions require low latency for the flight phase, and high throughput for sending video back from the disaster zone. QoD API finds the best possible network conditions that it can reliably serve in each one of them and allows the application to run smoothly and avoid potential failures. You can read more about drone applications in our blog about the QoD API [5].

Business Potential

A high-quality network connection that meets specific requirements for given periods of time is a premium service and is required mostly by high-level applications. As such, the QoD API has high business potential.

The QoD API is unique in its offering. Currently, there are no other network APIs that can offer what the QoD API accomplishes. This is due in part to the technical complexity of its implementation. 5G networks have to implement network slicing to be able to afford Quality on Demand. However, as long as the required infrastructure can be established, the QoD API will return its weight in gold.

Possible Pricing Model

The QoD API works through QoS sessions serviced to the client per demand. The pricing model can revolve around these sessions to properly set up a pricing plan. Different prices can be attributed to different QoS profiles, and charging may be done per session that’s serviced.

SIM Swap

SIM Swap Fraud

The SIM Swap API provides users with the ability to verify when the SIM card associated with an MSISDN phone number has changed.

Now, you could ask why this is necessary. This is because there is a specific type of fraud that’s carried out using SIM Swaps.

This type of fraud exploits the ‘Mobile Number Portability’ feature provided by mobile network operators. This feature allows a user to retain their MSISDN phone number when switching to another SIM card. Users changing operators or renewing their SIM cards do need this feature, so it is something that MNOs will continue to provide. However, the same feature can be used by fraudsters to hack into accounts.

If a fraudster is able to get verification details necessary to perform a SIM swap, they can get the victim’s MSISDN attached to their own SIM card, and reroute the two-factor authentication messages necessary for logging in to accounts. This can allow them access to bank accounts. Notably, in 2019 Twitter CEO Jack Dorsey’s Twitter account was hacked into using the SIM Swap fraud [6], and in 2018, $23 million was stolen from a cryptocurrency investor’s bank account using the SIM Swap fraud technique [7].

How it works

The SIM Swap API provides security against such frauds by establishing a way to check if an MSISDN has recently been ported to another SIM card. The API can provide the client with the timestamp of the latest SIM swap, or the client can ask the API whether a SIM swap has been performed in a specified past period of time [8].

Applications Unlocked

With access to information from the SIM swap API, any application that uses two–factor authentication based on mobile can implement additional safety measures. The API can be used to check if a SIM Swap has happened in the last 24 hours, and deny operations or enforce additional checks if it has. In the software-heavy world we have today, those who can benefit from additional security include every sector from the government, to finance and to social media. All of these carry sensitive information and can really benefit from SIM Swap functionality.

Business Potential

The SIM Swap API is not unique to MNOs, there are CPaaS vendors who implement it. At the same time, it can be game-changing for the global mobile association to set down the official API framework for SIM Swap. An official and global SIM Swap API can eradicate SIM swap fraud, like how global vaccination programs eradicated diseases like smallpox.

As it is so crucial for many critical applications, the SIM Swap API has high business potential.

Possible Pricing Model

The SIM swap API can be priced per use of the API, but in the higher range like the Device Location APIs, so $0.2-$0.3 per SIM swap check.

References

[1]CAMARA Project, “Geofencing API,” GitHub. https://github.com/camaraproject/DeviceLocation/blob/main/code/API_definitions/geofencing.yaml (accessed Nov. 08, 2023).

[2]CAMARA Project, “Location Retrieval API,” GitHub. https://github.com/camaraproject/DeviceLocation/blob/main/code/API_definitions/location-retrieval.yaml (accessed Nov. 08, 2023).

[3]CAMARA Project, “Location Verification API,” GitHub. https://github.com/camaraproject/DeviceLocation/blob/main/code/API_definitions/location-verification.yaml (accessed Nov. 08, 2023).

[4]CAMARA Project, “Quality on Demand API,” GitHub. https://github.com/camaraproject/QualityOnDemand/blob/main/code/API_definitions/qod-api.yaml (accessed Nov. 08, 2023).

[5]G. Arat, “GSMA Open Gateway - Quality on Demand API,” Defne, Jun. 14, 2023. https://www.defne.com.tr/single-post/gsma-open-gateway-quality-on-demand-api (accessed Nov. 08, 2023).

[6]R. Brandom, “The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account,” The Verge, Aug. 31, 2019. https://www.theverge.com/2019/8/31/20841448/jack-dorsey-twitter-hacked-account-sim-swapping

[7]J. Stempel, “U.S. cryptocurrency investor sues suburban NYC teen for $71.4 million over alleged swindle,” U.S., May 07, 2020. https://www.reuters.com/article/us-crypto-currency-lawsuit-idUSKBN22J32V

[8]CAMARA Project, “SIM Swap API,” GitHub. https://github.com/camaraproject/SimSwap/blob/main/code/API_definitions/sim_swap.yaml (accessed Nov. 09, 2023).