Worry-Less Wireless

PKI, smart cards and digital signatures make m-commerce safe and secure.

Analysts expect m-commerce to be huge, but exactly how huge? Aberdeen's research indicates that by 2004, 74 million wireless users will be connected to the Web via portable devices. The number of m-commerce subscribers is expected to skyrocket from fewer than a thousand in 1999 to more than 29 million in 2004, with the value of their transactions close to $21 billion during the same time period.

According to Rick Kemper, CTIA director of wireless technology and security, in order for m-commerce to attain such lofty goals, wireless transactions will have to be secure and worry-free.

"Carriers are searching for security solutions that will ensure the facilitation of wireless data services that require strong measures of privacy and authentication," Kemper said. "When we look at high-value m-commerce transactions, such as financial or health-care applications, a robust security solution becomes an absolute necessity."

Recently, the need for more wireless-centered security implementations has grown stronger. The wireless industry doesn't want just an extension of wireline security solutions, either. The call is for solutions engineered for the m-commerce environment and not just adapted for it.

Spawning Security M-commerce security solutions need to deal with the limitations of the wireless medium. Solutions need to use little bandwidth and memory. The best m-commerce security solutions are those that have the lowest impact on the wireless device, including battery life. By not requiring any extra battery power, the solution enables providers to differentiate themselves to end users, and in turn, increase their subscribers. Although many companies and industry groups are fast recognizing the need to implement and offer secure m-commerce applications, a lack of security is said to be one of the largest barriers to the growth of m-commerce. To fill this need, many security companies have increased their development efforts in wireless security solutions such as public key infrastructure (PKI) security software, digital certificates, smart-card technology and e-signatures.

Basically, PKI works the same way in a wireless environment as it does in the wireline world. However, because a wireless environment is much more constrained, resources must be used more efficiently, especially in terms of network bandwidth and processing power.

PKI is the best method of security for wireless devices because it requires users to authenticate their device before any vital information can be transmitted.

PKI creates a certificate authority (CA) that issues and verifies digital certificates as well as a registration authority that verifies for the CA. The CA can identify individuals and also revoke their privileges if necessary.

Vendors such as Diversinet can provide security solutions that install the digital certificates on the end devices itself, optimizing the PKI implementation especially for the wireless environment.

Digital Signatures Digital signatures or e-signatures also play a key role in m-commerce security. They are easily transportable and are difficult to repudiate or imitate. This type of security is imperative in a wireless environment where security breaches are much easier due to the constrained nature of wireless data.

In a move that is sure to help catapult m-commerce into the marketplace, Congress recently approved a measure that made digital signatures legally binding.

Smart-Card Solutions Pairing up with the other security solutions, smart-card technology allows network administrators to identify users positively and confirm a user's network access and privileges. Without validation of digital identity, security solutions used for authentication, access control, data confidentiality and data integrity will provide little value to m-commerce.

Today's mobile consumers have been using smart cards for a variety of activities ranging from buying groceries to movie tickets. These cards have made it easier for consumers to securely store information and are now being used in mobile banking, health care, telecommuting and corporate network security.

Smart-card implementation allows wireless-service providers to include industry standard payment mechanisms in the service proposition to subscribers, which will stimulate the growth of m-commerce.

Memory Increase In 1988, most smart cards only held 2K of memory, according to a Gemplus report. In 2000 cards hold 32K of memory, and some predict that by 2005 the average card will carry 1Mb capacity. As the memory on cards increases, the available working space for security application deployment increases. In addition, the processing capability on cards has increased and given users the ability to enjoy more computationally intensive, high-value, transaction-based operations, such as digital signing.

Interoperability One major challenge that arises with these differing m-commerce security methods is the lack of interoperability between the products. Many PKI companies have announced collaborations to work together to guarantee the interoperability between their products. It's the companies' hope that this will solve the concern that some m-commerce security products do not work with what some may consider competing products. One such collaboration is Radicchio, a global initiative that was formed in September 1999 to define a standard security platform for m-commerce.

Radicchio's goal is to promote a PKI-based framework among certification authorities, wireless-service providers, systems integrators, device manufacturers and financial institutions. By using this framework, as m-commerce grows, there will be a universal wireless-security platform that all m-commerce software, services and devices can be based on.

Many experts believe that people only concern themselves with security issues when it's too late. This results in periods of setbacks when Web sites are hacked or virus attacks take place. Until people begin to work on solving security issues from the start, some experts feel that there may not be much improvement.

As wireless continues to grow, advanced devices will enter the marketplace. Consumers are expected to take advantage of these high-tech and exciting new technologies in record numbers. But they will not forget the importance of security. Neither should you.

Next-generation fraud will be more complex than traditional wireless fraud, according to Oded Nachmoni, NetEye's senior vice president of marketing and sales. The IP fraud solutions company is currently involved with a 3G trial in Europe.

Nachmon said that next-generation fraud will differ from traditional wireless frauds because of the nascent use of IP networks. IP networks differ from traditional networks in three ways.

1. The networks are multilayered with numerous points of entry.

2. The IP lacks a built-in security mechanism.

3. More people know how to hack into IP networks, and tools are readily available.