 |
|
|
Wireless communications is inexorably shifting from voice-only services to a mixture of voice and data. Coming along with this shift is the need to allow mobile devices to conveniently and securely participate in financial transactions – wireless e-commerce, often known as ‘m-commerce’. This encompasses phone-related transactions, such as purchasing a new ring-tones or phone display background, product purchases, banking transactions or even more sophisticated business-to-business transactions.
The role of wireless carriers in m-commerce has not yet been firmly established. Some see the carriers as simply access providers, supplying the pipes that transparently connect mobile devices to vendors. Others see the carriers as a critical participant in each transaction, providing security and financial services. The reality will probably encompass a full spectrum, containing these models, and many shades in between.
There is no question that wireless carriers are primarily in the business of providing access. They are usually compensated for this in the form of airtime charges. Wireless access must be secure, for the benefit of the carrier, the consumer, and whomever or whatever the wireless consumer connects to. This involves ensuring the validity of the parties involved, and ensuring that their communications are private and transmitted without interference.
Cellular and PCS systems have incorporated increasingly sophisticated methods to authenticate users to prevent the theft of access. 3G systems will support even stronger and more sophisticated methods. By contrast, 802.11 standard security (WEP – Wireless Equivalence Protocol) attempted to cut corners to obtain greater simplicity of key management and resulted in an unacceptably low level of security, which is now being fixed.
Authentication of wireless system access illustrates the importance of a backbone signaling network. This is one of the competitive advantages that cellular and PCS carriers enjoy today, and one of the reasons why wireless carriers are increasingly involved in the provision of public wireless LANs (e.g. WiFi). The backbone authentication network (either ANSI-41 for TDMA, CDMA and analog systems or GSM MAP for GSM systems) connects the home system’s Authentication Centre (AC or AuC) with the system currently serving a mobile, including the serving MSC (Mobile Switching Centre).
The purpose of authentication is to verify the identity of a mobile. Every mobile sends its identity (MIN or IMSI) to the serving system, but how can we be sure that it isn’t just spoofing a legitimate mobile by transmitting the same identifying numbers? In the mid-1990’s prior to the widespread implementation of authentication, cloning became a $500 million a year problem for US wireless carriers. This system attack involves re-programming a mobile to fraudulently transmit the identity of a legitimate mobile. Even insisting that the correct ESN (Electronic Serial Number) was transmitted only made cloning a bit more difficult.
The mathematical whizzes who created authentication were, luckily for the carriers, smarter than the criminals. They realized that proof of identity had to be indirect, and settled on a Challenge/Response authentication method. A large random number is sent to the mobile, which uses it along with a secret key (known only to it and the Authentication Centre) to perform a mathematical calculation. The calculation is known as a ‘one way function’ because performing it in this direction is quite easy, but back-calculating to obtain the secret key from the result is probably more time consuming than counting all the grains of sand on Canadian beaches. The result of this calculation is sent back to the network where it is compared to a value calculated based on Authentication Centre data. If the values match, it is almost certain that the legitimate mobile is performing the access, and not a clone.
This might not seem relevant to encrypted m-commerce transactions, but there are important advantages to carriers and consumers that arise from using the same authentication data to generate keys that can be used to encrypt voice communications (digital only), data communications and some radio interface signaling. It is important to note that this has to be handled carefully to ensure that a published weakness in one key does not result in successful attacks on other keys.
Much financial information and personal information is so sensitive that it must not pass through the wireless carrier unencrypted, because of the small possibility of wireless carriers or their employees misusing the data. Wireless consumers will not want information such as their bank account number and PIN or complete credit card information to be accessible to any unauthorized person or organization, and wireless carriers will have to convince their customers that this is so.
WAP has been viewed as less than satisfactory for m-commerce because it did not provide encryption through the WAP-gateway, allowing someone at the WAP gateway access to the cleartext of m-commerce sessions. This problem can best be solved by providing a ‘tunnel’ from the mobile to the other m-commerce transaction participant. This is implemented by a two level internet message structure, with the upper portion encrypted, while the lower portion (including the IP addresses) is unencrypted, protecting the data, but allowing routing. While this adds security, providing this capability makes it impossible for the wireless carrier to provide billing services that may rely on some information within the data stream.
An ideal solution should provide security of some data, while providing the carrier with enough access to perform billing and value-added services.
If the wireless carrier takes a completely passive role in e-commerce, it forces users to perform a second authentication, possibly through the entry of a username and password. This makes m-commerce more cumbersome, and does not add an additional level of security. In fact, it may even reduce it. If the wireless carrier can act as a third party to the transaction, it can guarantee the identity of the mobile. The mobile identity can be used by the other m-commerce participant as the key to unlock data such as a bank account or a credit card number. This capability will leverage the network that wireless carriers have in place already. Alternatively, the wireless carrier could even generate a key for the m-commerce participant, with the MS able to generate the same key based on a published algorithm and its independent access to the same key as the Authentication Centre.
Single sign-on requires participation by the wireless carrier in the transaction, something that is impossible if they are unable to see any transaction-related information due to encryption. A solution may be to define ‘tunnels’ two levels of tunneling, providing some data to the wireless carrier, while keeping the critical information encrypted from end-to-end. This segregation will make it possible for wireless carriers to provide services such as billing, while turning a ‘blind eye’ to the information that should not be revealed to them.
Wireless e-commerce standards are often unfortunately not building on the existing infrastructure. Many wireless vendors and carriers are convinced that future wireless systems will completely abandon traditional protocols, and embrace the internet and its IP family of protocols entirely. In this model, wireless phones will simply be internet addresses, able to participate in any IP-based transactions.
One of the advantages of 802.11 (WiFi) is that it is at heart an internet protocol. Once a connection has been established using its MAC layer (Medium Access Control), IP packets can be transmitted to perform any internet functions that the available bandwidth provides. By comparison, cellular and PCS protocols were not originally designed for internet access, and have tried a dizzying array of data access models, with limited success so far.
But, there is more to a protocol than sheer bandwidth. The internet does not yet have mature mobility management and billing protocols, and protocols like Mobile IP have to work around the static nature of internet addresses. Although the internet is designed with few explicit references to telecommunications protocols, they are in fact adopting techniques that are very similar to those that ANSI-41 and GSM networks have used for over a decade. Mobile IP uses a temporary IP address, for example, that is fundamentally the ANSI-41/GSM TLDN/Routing Number concept. These internet protocols are not as mature, nor as widely supported. Furthermore, their ‘flexibility’ is often a code-word for ‘lack of standardization’. The IETF standardization process takes a more evolutionary approach where only the fittest protocols (RFCs) survive, leaving many that wither and die on the vine.
The internet-foundation of WiFi and many other wireless data protocols is not taking advantage of the infrastructure that wireless carriers have built to authenticate and charge for services. In theory, authentication and charging can be provided in a pure IP environment, but this requires the construction of a new (albeit virtual) infrastructure.
There are a number of advantages to attempting to recognize that internet and telecom protocols both have their place, and that they can work together without undue difficulty.
Wireless carriers may decided to provide some m-commerce services directly to their customers, particularly those that enhance or customize their customer’s wireless experience. In this case, it is easy for the carrier to validate the transaction and natural for them to arrange for it to be charged to whatever type of account the customer maintains, such as a monthly bill.
Wireless carriers cannot provide all m-commerce services. When an independent third party is involved, the carrier can provide charging access (either postpaid billing or prepaid charging). Third parties can advertise services that can be accessed by wireless consumers. Wireless carriers can authenticate the identity of the terminal to the third party, validate that the terminal user requested the service at the advertised price and that the service (e.g. MP3 music or software application download) was completed. They can then place the charge on the subscriber’s bill or decrement their prepaid account (having ascertained ahead of time that the account contained enough credits to pay for the transaction). The third party will be compensated by a ‘settlement’ process whereby all transactions are summarized over a time period and the wireless carrier pays the agreed-to portion of the charges. Both parties can maintain records to allow the process to be audited to ensure that the appropriate amount is paid.
An advantage of the wireless carrier providing charging or billing services is that it isolates the provider of a services from the charging model applicable to an individual consumer. Third parties will be compensated by a wireless carrier in the same way – no matter whether the consumer purchased the product using a prepaid account or a postpaid account paid by monthly bill or automatically charged to a credit card.
Wireless carrier charging provides a convenient way for consumers to pay for services. Credit cards have some advantages, but often require a separate sign-on process that can be quite time consuming, and are not available to people with credit limited by their income, past history or age. Third parties can establish a direct billing relationship, but this is quite expensive, also requires a separate sign on and carries either considerable delay (e.g. invoice/cheque cycle) or considerable risk (delivering the goods before payment is received). All of these models are valid under some circumstances, but using the wireless carrier as a billing agent provides an attractive combination of security and convenience.
It is likely that this billing model will be applicable to services that have some association with the wireless device, and that sell for amounts that aligned with current wireless expenditures. It is not likely, for example, that wireless carriers or consumers would be comfortable adding the cost of a car to a monthly phone bill, nor would carriers be willing to take the risk of non-payment that this would involve!
Providing an authenticated identity is a lesser, but also useful service. For example, if the wireless carrier can assure a credit card company that a specific phone did initiate a service, it can help the credit card company bypass the sign-on process. They can instead associate the mobile’s identity with the subscriber’s credit card information, obtaining it indirectly, but securely. This is like the ‘cookie’ mechanism that is often used on internet systems to identify a user. Although phones can be stolen, wireless carriers already have mechanisms in place to disable the phone or provide new security data when this is reported. Furthermore, wireless devices can protect access to m-commerce services by a password, providing another level of security beyond physical possession of the device.
An additional m-commerce service that carriers can provide is reliable delivery. They may cache a download, perhaps providing transmission in pieces as the mobile transitions between systems and is turned off and on again. This requires a notification process to ensure that charges do not occur for products that, after an extended period, cannot actually be delivered. This services offloads some of the transaction management from the m-commerce vendor, and can be done without the wireless carrier being apprised of the contents of the download (if it is encrypted).
There may be services that are provided by a third party to a wireless user at no charge, but m-commerce concepts may still apply. The third party may want to provide this only to certain users, and may want the information protected as the transaction proceeds. They may also want to be informed whether the transaction completed.
If it is done right, m-commerce can be an opportunity for wireless carriers to graft new revenue-generating services on their existing networks. There are many capabilities that they can provide (at a price) to grease the wheels of this new technology. It is a big challenge to provide both security and convenience, and all the necessary pieces do not yet exist. Wireless carriers need to inform themselves of the various technologies that exist, and get involved in the standardization process to ensure that emerging standards benefit both them, and their customers. Without benefits being obvious to the public, m-commerce will not achieve its full potential.
© – Copyright