Who Holds the Keys?
M-commerce has the potential to give customers access to companies’ goods and services regardless of where they are. However, before m-commerce takes off, there are obstacles that companies and service providers will need to overcome. Security concerns probably top the list.
Industry News
Blogs
Briefing Room
advertisement
To date, wireless m-commerce efforts have been based on a 1-to-1 relationship between a customer and a commerce company. Typically, the customer would be able to conduct transactions with, for example, a bank or financial institution such as a brokerage house using a wireless phone or portable terminal.
In this situation, the service provider would provide the security for these transactions. The most common way to secure such transactions is to use a symmetric encryption technology where both the user and the institution encrypt and decrypt the data using a single encryption key called a private key.
Such an approach to security has a lot of appeal in commerce applications. Symmetric encryption, or private-key encryption, has been used for many years by banks, the financial industry and the government. And there are international standards as well as industry-specific standards for the use of this type of encryption.
However, this type of security breaks down in the m-commerce environments that are expected in the near future.
True m-commerce consists of making it possible for a wireless customer to conduct business with and make purchases from many different companies. It is not just a 1-to-1 relationship between a customer and a specific company or institution, but a 1-to-many relationship between the customer and the companies.
Symmetric encryption is not well suited to this environment. With symmetric encryption, people would need to use either the same key for business with multiple companies or they would need one private key for each company with which they planned to do business.
Neither approach is acceptable. Companies likely would object to sharing a single private-encryption key used by other companies. And the task of distributing multiple keys (one for each company a customer does business with) to many users would be burdensome for a service provider.
PKI Approach
Wireless-service providers could get around these sticky issues and
deliver a valuable service to their customers by having an
easy-to-manage security system in place. What wireless m-commerce will
require is a public-key infrastructure (PKI).
A PKI offers a way to manage and distribute encryption keys. Rather than using the same key for both the encryption and decryption of data, each customer is given two keys — a private key that he does not share with anyone and a public key, which is shared with everyone. A service provider using this PKI encryption approach then could provide any merchant with the ability to conduct secure transactions with customers. The merchant or organization that wants to conduct business only needs the customer’s public key. The service provider could make this available in any number of ways including e-mailing it to the company or posting it on a Web site.
The merchant would use the public key to encrypt any transactional data for the customer who, in turn, would use his private key to decrypt the data. In this way, only one key, the customer’s public key, would be used by all merchants rather than having a unique private key for each merchant.
Providing an easy-to-deliver security infrastructure, supporting multiple devices, and supporting access to numerous applications are formidable challenges that service providers will face when deploying m-commerce services.
The key to delivering m-commerce services will be the ability to adapt to a quickly changing market. Service providers will need to be able to quickly develop and deploy new services and applications as user demand dictates.
The SIM Card
Some of these demands can be met by using software-based approaches.
But it is more likely that service providers will rely on smart cards
within digital wireless phones and terminals. Such SIM (subscriber
identity module) cards already are used extensively in all GSM phones
where they help providers reduce fraud. Other technologies are at
various stages of adopting SIMs for the same purposes.
A SIM card gathers all of the subscription information and service configuration needed by terminals to provide the level of service corresponding to the subscription. SIM holds the subscriber’s ID number, security information and has memory for a personal directory of phone numbers. One advantage of using SIMs vs. a software approach is portability and independence from the terminal. A user can move the SIM from one wireless terminal to another. This allows the user to get wireless service from any SIM-accepting subsidy-free terminal.
SIM cards allow easy introduction of new applications without requiring any modifications of terminals. SIMs offer help when it comes to enabling applications, programming terminals and supporting new applications and services. For one thing, there are industry standards for SIMs used in digital wireless phones that help ensure that all SIM-based terminals can support all SIM applications and services a provider develops.
Additionally, the Java Card Forum has developed specifications for implementing Java on smart cards. Support of Java on SIMs will allow wireless terminals to reach the Java-developers community, simplifying the development process for providers and the creation of new services.
As they are responsible for authentication and secure storage of authentication keys, SIM cards provide an added measure of security in order to enable m-commerce. For instance, all transactions in GSM terminals have been secured thanks to the SIM using symmetric and public-key algorithms. Transactions will be secured under WAP version 1.2 using the public-key-based WAP-identity-module functions, likely to reside in a SIM in most WAP handsets.
Finally, SIMs are used for service provisioning, service profiling (configuring the access to services, storing user preferences) and for transaction security (enabling the confidentiality, integrity and mostly non-repudiation of transactions). Independently of terminals and roaming networks, SIMs help create a level of comfort in the mobile environment for end users.
We already are starting to see the first applications that let users conduct business or get information using portable wireless terminals or handsets. The potential of this market is only going to expand as broadband wireless-communications services become more widely available. To take full advantage of the increased bandwidth and to give customers more useful services, wireless terminals must have more intelligence and the capability to support rapid modifications to keep pace with new services as they are developed. And customers must have confidence in the security of their transactions.
A Global Lock
M-commerce-specific help and information is available online through the Global Mobile Commerce Forum (GMCF) at www.gmcforum.com. GMCF includes a diverse group of companies from around the world that want to enable the delivery of services and information directly into the hands of consumers, wherever they may be. It links to the Wireless Data Forum in the United States. Specific GMCF groups deal with m-commerce issues in the areas of banking and finance, ticketing, contracts and insurance, and information services.
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
advertisement
Learning Library
Webcasts
Using Real-Time Offers, Alerts and Interactions To Improve the Mobile Broadband Experience
In this Webinar you will learn how to create a real-time relationship with your customers, how to proactively improve the customer experience, and how to successfully target and cross-sell services to boost incremental revenue.
- Megabytes to Megabucks, Bandwidth to Business Models: How 4G Is Changing Everything
- How to Unplug Your Redundant Telco Apps To Save Money and Improve Efficiency
- When IaaS Isn't Enough: Service Provider Business Models to Drive Growth and Build Margin
- How to Transform Your Aging Telco Voice Network to Drive New Profits and Revenue
- Creative Licensing Approaches for Telcos & Their Network Equipment Vendors
- Smart Home Opportunity: Balancing Customer Data & Privacy
White Papers
The Role of Diameter in All-IP, Service-Oriented Networks
This paper discusses the rise of Diameter and benefits of Diameter Protocol.
- Conducting The Orchestration – Order Management at the Speed of Business
- Toward a Converged Network Edge
- Beyond Spam – Email Security in the Age of Blended Threats
- 6 Important Steps to Evaluating a Web Filtering Solution
- The Expertise to Protect You from Botnet and DDoS Attacks
- Seeing is Believing – Bridging the Order Visibility Gap
Featured Content
A time and money saving approach to fiber deployment
Service providers are under tremendous pressure to turn up new services faster then before and, at the same time,
to do it at less expense - and intra-office fiber is one of the biggest challenges in terms of both cost and service
turn-up.
Stay Connected
of interest
The Latest
News
From the Blog
Briefingroom
Join the Discussion
advertisement
Resources
Get more out of Connected Planet by visiting our related resources below:
Connected Planet highlights the next generation of service providers, as well as how their customers use services in new ways.
Subscribe Now