M-commerce API Package for Mobile Phones
by Ioannis G. Askoxylakis, Diomedes D. Kastanis and Apostolos P. Traganitis
M-commerce, the new buzzword in todays mobile industry, opens new horizons for mobile phones and services. Originally used to place voice calls, todays mobile phone uses data, multimedia, entertainment, and mobile commerce services, which are expected to overtake voice in revenue generation for operators.
The market for mobile phones, handheld computers and wireless PDAs is increasingly driven by multimedia-based Internet applications. New demands relevant to mobile commerce services include the electronic purchase of tickets, goods, or audio/visual content. The Telecommunications and Networks Laboratory (Netlab) of ICSFORTH is developing and implementing an M-commerce API package for mobile phones, intended to provide mobile commerce services, achieve widespread usage, and offer unique benefits over and above the alternatives. The design of the corresponding API complies with secure hardware modules already installed on mobile phones (eg SIM cards) and upcoming advanced secure memory modules (SecMMCs).
To achieve this, M-commerce has to be based on secure applications and solutions to gain trustworthiness. SecMMC at ICS-FORTHs NetLab places strong security at the centre of this project. The challenge is to implement a security scheme that meets the end-user requirements and which, at the same time, is convenient and simple to use. The potential revenue that multimedia and data services can bring to the industry depends on the end-user perception of security and trust, ie, whether the mobile can become a 'digital wallet'. M-commerce should be viewed in the context of the number of ways that end users will be able to pay for goods and services.
To that end, we are developing secure mobile phone applications, and establishing a framework for secure mobile transactions to support a variety of applications and services. In order to maximise the potential of such services, a number of factors are crucial for success.
Firstly, end users require device ownership: although anyone can pick up the device, only its owner must be allowed to carry out transactions involving personal data. Secondly, end users require secure and reliable networks. Thirdly, all brands and companies supplying services must be able to be trusted. This is true for all components of the value chain, including the financial institution, the retailer, the network operator and the device manufacturer. Other important factors include allowing end users to record and print transactions, ensuring that services are simple, easy to use, and reasonably priced.
Mobile commerce applications require the existence of a secure module. In our case we consider a variety of security modules, including:
- the broadly used SIM-card module
- the forthcoming Secure Multimedia Card (SecMMC) module
- similar smart memory devices as specified in the draft standard 'Mobile Commerce Extension Standard-McEX; Core specification' by the 5C group (The 5C Group is an industrial standardisation group of the five main Multimedia Card manufacturers: Infineon Technologies Flash Ltd, Hitachi Ltd, Matsushita Electric Industrial Co Ltd (MEI), Toshiba Corporation, and SanDisk Corporation.)
The SecMMC can be viewed as a classical Multimedia Card with an integrated smart-card kernel, which combines the high security of smart cards with the large memory capabilities of classical Multimedia Cards. Obviously the supported services depend on the security module being used (SIM module or SecMMC). For example, whereas both module types can provide an electronic payment system, memory-demanding multimedia applications can only be supported by the SecMMC.
The SecMMC is being developed by a consortium consisting of Guardeonic Solutions AG Germany (project coordinator), Infineon Technologies Flash Ltd Israel, IAIK University of Graz, Technische Universität München, Fraunhofer-Gesellschaft-IGD, FORTH, Infineon Technologies, Flash GmbH&Co KG and Mühlbauer AG.
Our development of the M-commerce API for mobile phones focuses on three basic areas of application:
- mobile payment
- mobile entertainment (or infotainment)
- mobile business.
Mobile Payment applications allow personal payment transactions like e-ticket purchase, local merchant payments, stock trading, and eventually telematic and transportation usage. This type of application can be supported by both SIM and SecMMC modules. Key characteristics of this application are:
- Anonymity: during an economic transaction nobody can extract any information concerning the corresponding transaction pair.
- Off-line operation: two parties can complete a transaction without the intervention of a third centralised intermediary entity.
- Transferability: each entity of the system should have a hybrid role, both as a payer and as a payee.
- User mobility: the payment process is independent of the location of the transaction pair.
In addition, Mobile Entertainment applications involve copyrighted content (music, video and eventually navigation content). Consumers want to personalise their mobile phones with ringtones, graphics and picture messages from content providers. Games, downloadable applications, music and video feeds are sure to follow, as secure modules like the SecMMC become available for integration into mobile phones. In some regions of the world this type of system is already in use to a limited degree.
Mobile Business applications securely connect mobile users to both internal company and external public organisations. This type of application is an essential part of comprehensive sales force automation implementation.
All these emerging mobile services involve large volumes of multimedia data and require high levels of security to protect the transmission and storage not only of financial accounts and PIN codes but also of the multimedia data that is downloaded and stored.
Apostolos P. Traganitis, ICS-FORTH
Tel: +30 2810 391724
Ioannis G. Askoxylakis, ICS-FORTH
Tel: +30 2810 391723
Diomedes D. Kastanis, ICS-FORTH
Tel: +30 2810 391723