.png)
SilentAuth+ · TS.43 EAP-AKA · USSD Fallback · 2G–5G
Silent Authentication API For Every Device & Every Network.
SilentAuth+ is U2opia's silent network authentication API built on TS.43 EAP-AKA. Verify mobile identity without OTP, without friction, without a single user step. And unlike any other silent authentication platform, we don't stop at 4G.
2G–5G
Full device coverage via USSD fallback
0
User steps. Zero friction. Silent.
104+
Mobile operator networks
TS.43
GSMA Release 11 · EAP-AKA
WHAT IS SILENT AUTHENTICATION ?
Definition: Silent Authentication
Silent authentication (also called silent network authentication or zero-click authentication) is a method of verifying a user's mobile identity at the network level without sending an OTP, without any user interaction, and in milliseconds. The verification uses the SIM card's cryptographic credentials, not a transmitted code.
No code. No tap. No friction. Just verified.
Every time a user authenticates with SMS OTP, three things happen: a message is sent (costing money), the user waits and types (costing conversions), and the code travels over a network channel that attackers know how to exploit.
Silent authentication eliminates all three. The verification happens between the device's SIM card and the mobile operator's network — invisible to the user, instant for the enterprise, and cryptographically stronger than any OTP-based method.
SilentAuth+ implements silent authentication using the GSMA TS.43 Release 11 standard — the GSMA's authoritative framework for network-level device authentication using EAP-AKA (Extensible Authentication Protocol — Authentication and Key Agreement). This is the same cryptographic mechanism mobile operators use to authenticate devices to their networks at registration.
Silent authentication eliminates all three. The verification happens between the device's SIM card and the mobile operator's network — invisible to the user, instant for the enterprise, and cryptographically stronger than any OTP-based method.
SilentAuth+ implements silent authentication using the GSMA TS.43 Release 11 standard — the GSMA's authoritative framework for network-level device authentication using EAP-AKA (Extensible Authentication Protocol — Authentication and Key Agreement). This is the same cryptographic mechanism mobile operators use to authenticate devices to their networks at registration.
Definition: TS.43 EAP-AKA: TS.43 EAP-AKA is the GSMA standard (TS.43 Release 11) defining how a device's SIM card authenticates silently to a third-party application via an Entitlement Server and EAP-AKA cryptographic credentials. It works over both cellular (4G/5G) and Wi-Fi connections.
.png)
HOW TS.43 AUTHENTICATION WORKS
GSMA's silent network authentication standard needs USSD for global use.
TS.43 Release 11 is the GSMA's technical specification for Network Authentication via Entitlement Server. It defines how a mobile device's SIM card can prove its identity to a third-party application using EAP-AKA cryptographic credentials (the same mechanism used for SIM registration) without sending any message to the user.
The EAP-AKA protocol works as follows: the device sends an authentication request to the Entitlement Server via the data channel; the ES contacts the MNO's Home Subscriber Server (HSS); the HSS returns the device's RAND/AUTN authentication vectors; EAP-AKA challenge-response completes; the device is verified. No OTP. No user interaction.
The limitation: TS.43 EAP-AKA requires an LTE (4G) or 5G connection and an MNO-side Entitlement Server. In markets where 2G/3G penetration is still significant (Sub-Saharan Africa, South Asia, Southeast Asia) a substantial share of authentications fail. SilentAuth+'s USSD fallback solves this, extending coverage to every GSM-capable device on any network generation.
The EAP-AKA protocol works as follows: the device sends an authentication request to the Entitlement Server via the data channel; the ES contacts the MNO's Home Subscriber Server (HSS); the HSS returns the device's RAND/AUTN authentication vectors; EAP-AKA challenge-response completes; the device is verified. No OTP. No user interaction.
The limitation: TS.43 EAP-AKA requires an LTE (4G) or 5G connection and an MNO-side Entitlement Server. In markets where 2G/3G penetration is still significant (Sub-Saharan Africa, South Asia, Southeast Asia) a substantial share of authentications fail. SilentAuth+'s USSD fallback solves this, extending coverage to every GSM-capable device on any network generation.
PLATFORM: MESSAGE CENTRAL
TS.43 covers 4G and 5G. USSD covers everything else.
Every other silent authentication platform stops where LTE stops. When the device is on 2G, 3G, or when the MNO hasn't deployed a TS.43-compliant Entitlement Server, silent authentication fails — silently. The enterprise gets no verification. The user hits a fallback that was never designed for.
SilentAuth+ doesn't accept that trade-off. Our orchestration layer detects the device's network capability in real time and routes the authentication request accordingly: TS.43 EAP-AKA for LTE/5G devices, USSD for everything else. The enterprise API always gets a result. The user never notices.
In the markets U2opia serves — Africa, Southeast Asia, MENA, South Asia — 2G and 3G devices still represent a meaningful share of the addressable base. USSD fallback is not an edge case. It's the difference between a product that works everywhere and one that works only where infrastructure is already mature.
SilentAuth+ doesn't accept that trade-off. Our orchestration layer detects the device's network capability in real time and routes the authentication request accordingly: TS.43 EAP-AKA for LTE/5G devices, USSD for everything else. The enterprise API always gets a result. The user never notices.
In the markets U2opia serves — Africa, Southeast Asia, MENA, South Asia — 2G and 3G devices still represent a meaningful share of the addressable base. USSD fallback is not an edge case. It's the difference between a product that works everywhere and one that works only where infrastructure is already mature.
Why USSD is the right fallback for network authentication
Works on every mobile device
USSD operates over the GSM voice channel — no internet, no smartphone, no app. It's available on every mobile phone that can make a call.
Verified network identity not a code
USSD fallback confirms the device's network identity without transmitting a one-time password. No phishing surface. No interception risk.
Invisible to the enterpriseintegration
USSD fallback is handled entirely by SilentAuth+'s orchestration layer. The enterprise API returns the same verified signal regardless of which authentication path was used.
Outcomes over
output
For MNO partners, USSD fallback means authentication revenue isn't limited to LTE subscribers — it covers the full subscriber base.
HOW SILENTAUTH+ COMPARES
SilentAuth+ vs SMS OTP
vs IP-based vs TS.43-only
vs IP-based vs TS.43-only
Not all authentication methods are equal. Here's how silent authentication compares to the alternatives enterprises are currently using
USE CASES
Where SilentAuth+ replaces OTP in production today.
Enterprises use silent authentication wherever an OTP creates friction, fails silently, or introduces a security vulnerability.
BANKING & FINTECH
Mobile banking login & transaction verification
Banks use SilentAuth+ to verify the user is on their registered device before authorising high-value transactions — without interrupting the payment flow with an OTP that could be phished or intercepted via SS7.
E-COMMERCE
Account creation and checkout authentication
Remove the OTP step at account creation and checkout. Silent verification reduces abandonment at the point of highest drop-off and eliminates the SMS delivery failures that prevent genuine users from completing purchases.
GAMING & OTT
Frictionless onboarding at scale
Gaming and streaming platforms use SilentAuth+ to onboard users silently — no OTP delay, no copy-and-paste, no friction between a user clicking "Sign Up" and accessing content.
EMERGING MARKETS
Authentication where OTP delivery fails
In markets where SMS delivery is unreliable, SilentAuth+'s USSD fallback provides a more reliable authentication path than OTP — even on 2G feature phones with no data connection.
MOBILE NETWORK OPERATORS
Monetise network authentication as an API product
MNOs use SilentAuth+ to turn their TS.43 Entitlement Server infrastructure into a revenue-generating API product — sold to enterprises on a revenue-share model managed by U2opia.
03
Step-up authentication without app friction
Enterprise software uses SilentAuth+ for step-up authentication on sensitive operations — verify the user's device identity silently before revealing financial data, PII, or admin-level access.
FREQUENTLY ASKED QUESTIONS
Everything you need to know about Silent Network Authentication
How can telcos monetise authentication APIs?
Telcos can monetise authentication by exposing network-based identity APIs to enterprises, generating revenue from user verification instead of relying on declining SMS OTP traffic. This creates a new high-margin API revenue stream.
What is TS.43 authentication and why does it matter for operators?
TS.43 is a GSMA standard that enables SIM-based authentication using EAP-AKA across mobile and Wi-Fi networks. It allows operators to act as trusted identity providers instead of relying on third-party authentication methods.
How does silent authentication help telcos reclaim authentication from OTT players?
Silent authentication shifts identity verification from apps and SMS OTP back into the mobile network. This allows telcos to control authentication flows and capture value from every login and transaction.
What is Number Verify 2 (NV2) and how is it used by telcos?
Number Verify 2 is a GSMA Open Gateway API that confirms a phone number matches the active SIM card. Telcos can offer NV2 as a standardised API for real-time identity verification.
How does network-based authentication compare to SMS OTP?
Network-based authentication is faster, more secure, and does not require user input. Unlike SMS OTP, it is resistant to SIM swap fraud, phishing, and delivery failures.
Can telco authentication work across 2G, 3G, 4G, and 5G networks?
Yes, network-based authentication can work across all generations of mobile networks using a combination of TS.43, USSD fallback, and operator integrations.
How does authentication API revenue compare to SMS OTP revenue?
Authentication APIs provide scalable, usage-based revenue with higher margins, while SMS OTP revenues are declining due to fraud, regulation, and user friction.
What role do telcos play in digital identity and GSMA Open Gateway?
Telcos are positioned to become global identity providers through GSMA Open Gateway APIs like Number Verify. They can offer secure, interoperable identity services to enterprises worldwide.
GET STARTED
Ready To Reach Every Mobile User?
Start with SilentAuth+ and add customer experience and payments as you grow. One platform, carrier-grade, global.
Global Access for Enterprise.
Powered by Telco Rails.
