Silent Authentication Advanced [Alpha]
Note: Silent Authentication Advanced is currently in alpha stage. Live supply onboarding is ongoing, which means end-to-end testing is not yet possible. Token retrieval from the device will not work until your carrier is supported. At this stage, all Silent Authentication Advanced documentation serves primarily as informational resources. You can use the Virtual Operator for development and testing purposes.
Silent Authentication Advanced is a passwordless user verification technology that leverages the SIM card’s hardware-backed cryptographic features. Built on the GSMA TS.43 standard, Silent Authentication Advanced verifies user identity through a secure challenge-response handshake between the SIM and the mobile network. Unlike SMS One-Time Passwords (OTPs), which can be intercepted, Silent Authentication Advanced works across cellular networks, Wi-Fi, and VPNs, providing users with frictionless and invisible authentication. Once a user is verified, the session can remain authenticated until it expires or the user revokes it.
Vonage Verify API workflow provides two methods for Silent Authentication: Silent Authentication, which uses IP-based verification, and Silent Authentication Advanced, which uses SIM-based cryptographic verification. Each method is designed for specific use cases and network environments. For a detailed comparison, see the Silent Authentication vs Silent Authentication Advanced section below.
How It Works
Silent Authentication uses IP-based verification. Silent Authentication Advanced takes a different approach, independent of IP correlation. It uses a new network-verification technology, the GSMA TS.43 protocol. This method checks directly between the SIM card and the network inside the operator's core. It cryptographically verifies that the SIM card associated with the phone number is active and present, regardless of whether the user is on mobile data, Wi-Fi, or a VPN.
For implementation details, see the Silent Authentication Advanced Asynchronous Implementation guide or Silent Authentication Advanced for Web Browsers.
Advantages
- Works Everywhere: Silent Authentication Advanced enables secure authentication even when users are on Wi-Fi or VPN.
- Hardware-Backed Security: The cryptographic handshake occurs directly between the mobile device and the carrier network using the well-established TS.43 standard - the same standard trusted for VoLTE, eSIM activation, and companion device pairing (smartwatches, tablets).
- Invisible to Users: Once authentication is triggered, no OTP input is required from the user. There are no OTP codes to enter, copy, or interact with to complete the verification.
- Phishing Resistance: No SMS or out-of-band channel susceptible to phishing.
Requirements
- Supported SIM & Network: The device must have a SIM card and be on a supported carrier with TS.43-enabled infrastructure.
- Device Capability: Currently Android-only, iOS support pending OS/vendor integration (upcoming).
- Registration: The application and service provider must be registered in the Network Registry.
- Backend & Callback: You must configure webhook endpoints to receive asynchronous authentication results.
Note: While Silent Authentication Advanced can work on any connection (cellular, Wi-Fi, or VPN), your backend must handle asynchronous callbacks effectively. Additionally, if a carrier is not yet supported, it is recommended to use a failover channel.
Environments
Production
Registration in the Network Registry is required for production integration.
Non-Production
Use the Virtual Operator for deterministic development and demonstration flows without incurring billing charges.
Registration Requirements
Registration and user consent wording for Silent Authentication Advanced are collected through the Network Registry. Silent Authentication Advanced may require similar registration requirements to Silent Authentication, including user consent wording and privacy policy language. However, depending on the carrier, additional requirements may apply. Vonage is actively working to define these as live supply onboarding progresses. For country-specific Silent Authentication requirements, refer to the Silent Authentication Registration Requirements guide.
Availability
Live supply coverage is rolling out as carriers enable GSMA TS.43.
Silent Authentication vs Silent Authentication Advanced
The following table outlines the specific distinctions between the Silent Authentication and Silent Authentication Advanced:
| Feature | Silent Authentication | Silent Authentication Advanced |
|---|---|---|
| Authentication Method | Network Based | Token-Based (SIM/eSIM Entitlement) |
| Network Connectivity | Cellular Data (attempts to force cellular connection regardless of Wi-Fi; falls back to alternative channel only if cellular is unavailable) | Wi-Fi, VPN, and Cellular |
| User Experience | Completely Frictionless (no OTP input needed) | Completely Frictionless (no OTP input needed) |
| Fraud Protection | IP address-based cryptographic matching | OS-level cryptographic token verification |
| Availability | 15 Countries | Expanding as carriers enable GSMA TS.43. |
Try It Out
Note: The Virtual Operator supports backend API calls only. It does not simulate the full end-to-end token exchange flow with the device.
You can test Silent Authentication Advanced immediately using virtual phone numbers. Learn more in the Virtual Operator guide.