Scribd
Upload
142 views

Introduction M Commerce

M-commerce refers to e-commerce conducted on mobile devices. It faces challenges related to security, usability on small screens with limited input/output capabilities, supporting many different technologies ("heterogeneity"), and determining effective business models. Examples provided demonstrate approaches to these challenges and the use of technologies like WAP, ECC for encryption, and payment models by companies including NTT DoCoMo, Palm.net, and Sprint PCS.

Uploaded by

Aditya Nagda
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
142 views

Introduction M Commerce

M-commerce refers to e-commerce conducted on mobile devices. It faces challenges related to security, usability on small screens with limited input/output capabilities, supporting many different technologies ("heterogeneity"), and determining effective business models. Examples provided demonstrate approaches to these challenges and the use of technologies like WAP, ECC for encryption, and payment models by companies including NTT DoCoMo, Palm.net, and Sprint PCS.

Uploaded by

Aditya Nagda
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 27

Introduction to M-Commerce

Overview
 What is M-Commerce?
 Security Issues
 Usability Issues
 Heterogeneity Issues
 Business Model Issues
 Case Studies / Examples
 Q&A
What is M-Commerce?
 E-Commerce with mobile devices (PDAs,
Cell Phones, Pagers, etc.)
 Different than E-Commerce?
 No, but additional challenges:
• Security
• Usability
• Heterogeneous Technologies
• Business Model Issues
 But first, let’s learn a little about wireless
technologies…
Wireless Technologies
 Link Layer (examples…)
• WAN:
Analog / AMPS
CDPD: Cellular Digital Packet Data TDMA/GSM:
Time Division Multiple Access, Global System for
Mobile Communications (Europe)
CDMA: Code Division Multiple Access
Mobitex (TDMA-based)
• LAN:
802.11
Bluetooth
 Devices: Cell Phones, Palm, WinCE, Symbian,
Blackberry, …
Examples of PDA Devices
PDA Microprocessor Speed

Palm, Handspring Motorola Dragonball 16.6 – 20 MHz

RIM Interactive Intel 386 10 MHz


Pager
Compaq Aero 1530 NEC/VR4111 MIPS RISC 70 MHz

HP Jornada 820 Intel/StrongARM RISC SA- 190 MHz


1100
Casio Cassiopeia E- NEC/VR4121 MIPS 131 MHz
100
Psion Revo ARM 710 36 MHz

Psion Series 5 Digital/Arm 7100 18 MHz


Application Layer Technologies
 Micro-browser based:
WAP/WML, HDML: Openwave
iMode (HTML): NTT DoCoMo
Web Clipping: Palm.net
XHTML: W3C
 Voice-browser based:
VoiceXML: W3C
 Client-side:
J2ME: Java 2 Micro Edition (Sun)
WMLScript: Openwave
 Messaging:
SMS: Part of GSM Spec.
Example: WAP
 WAP: Wireless Application Protocol
 Created by WAP Forum
• Founded June 1997 by Ericsson,
Motorola, Nokia, Phone.com
• 500+ member companies
• Goal: Bring Internet content to wireless
devices
 WTLS: Wireless Transport Layer
Security
Basic WAP Architecture
                   
                              
WTLS SSL

Web Server

Internet

WAP
Gateway

             
                           
Example: WAP application
Security Challenges
 Less processing power on devices
• Slow Modular exponentiation and Primality Checking
(i.e., RSA)
• Crypto operations drain batteries
(CPU intensive!)
 Less memory (keys, certs, etc. require storage)
 Few devices have crypto accelerators, or
support for biometric authentication
 No tamper resistance (memory can be
tampered with, no secure storage)
 Primitive operating systems w/ no support for
access control (Palm OS)
Wireless Security Approaches
 Link Layer Security
• GSM: A3/A5/A8 (auth, key agree,
encrypt)
• CDMA: spread spectrum + code seq
• CDPD: RSA + symmetric encryption
 Application Layer Security
• WAP: WTLS, WML, WMLScript, & SSL
• iMode: N/A
• SMS: N/A
Example: Security Concerns
 Performance:
we’ll do an example:
should we use RSA or ECC
for WTLS mutual auth?

 Control: WAP Gap


data in the clear at gateway while
re-encryption takes place
Example: WTLS– ECC vs.
RSA?
 WTLS Goals
• Authentication
• Privacy
• Data Integrity

 Authentication: Public-Key Crypto (CPU


intensive!!!)
 Privacy: Symmetric Crypto
 Data Integrity: MACs
WTLS: Crypto Basics
 Public-Key Crypto
• RSA (Rivest-Shamir-Adelman)
• ECC (Elliptic Curve)

 Certificates

 Authentication
• None, Client, Server, Mutual
WTLS w/ Mutual-Authentication

• Mutual-Authentication
Client Hello ----------->
ServerHello
Certificate
CertificateRequest
<----------- ServerHelloDone
1. Verify Server Certificate
Certificate
ClientKeyExchange (only for RSA) 2. Establish Session Key
CertificateVerify
ChangeCipherSpec
3. Generate Signature
Finished ----------->

<----------- Finished

Application Data <----------> Application Data


WTLS Handshake Timings (Palm VII)

• Mutual-Authentication: RSA
Operation Cryptographic Primitive(s) Time Required
(ms)

Server Certificate RSA Signature Verification 598


Verification (Public decrypt, e=3)  

Session Key RSA Encryption (Public 622


Establishment encrypt)

Client Authentication RSA Signature Generation


(Private encrypt) 21734

TOTAL   22954
WTLS Handshake Timings (Palm VII)

• Mutual-Authentication: ECC
Operation Cryptographic Primitive(s) Time Required
(ms)
Server Certificate CA Public Key Expansion 254.8
Verification
ECC-DSA Signature 1254
Verification
Session Key Server Public Key 254.8
Establishment Expansion
Key Agreement 335.6

Client Authentication ECC-DSA Signature 514.8


Generation
TOTAL   2614

The cryptographic execution time for mutually-authenticated 163-bit ECC


handshakes is at least 8.64 times as fast as the cryptographic execution time
for mutually-authenticated 1024-bit RSA handshakes on the Palm VII.
WAP Gap: One Alternative…
 Dynamic Gateway Connection
WTLS Class 2 SSL

Operator WAP
Gateway

Internet

WAP Web
Content Gateway
SSL

Server
Provider

 Other alternatives also exist…


Usability Challenges
 Hard Data Entry
• Poor Handwriting Recognition
• Numeric Keypads for text entry is error-prone
• Poor Voice Recognition
• Further complicates security (entering
passwords / speaking pass-phrases is hard!)
 Small Screens
• i.e., can’t show users everything in “shopping
cart” at once!
 Voice Output time consuming
Usability Approaches
 Graffiti (Scaled-down handwriting
recognition, Palm devices)
 T9 Text Input (Word completion, most cell
phones)
 Full alphanumeric keypad & scrollbar
(Blackberry)
 Restricted VoiceXML grammars for better
voice recognition
 Careful task-based Graphical User Interface
& Dialog Design
 Lots of room for improvement!
Heterogeneity Challenges
 Many link layer protocols (different
security available in each)
 Many application layer standards
 Businesses need to write to one or more
standards or hire a company to help them!
 Many device types:
• Many operating systems (Palm OS, Win CE,
Symbian, Epoch, …)
• Wide variation in capabilities
Heterogeneity Approaches
 HTML/Web screen scraping
 Protocol & Mark-up language
translators
 Standardization
Business Models Issues
 Possible Models:
• Slotting fees
• Wireless advertising (text)
• Pay per application downloaded
• Pay per page downloaded
• Flat-fees for service & applications
• Revenue share on transactions
 Trust issues between banks, carriers, and
portals
 Lack of content / services
Case Studies
 NTT DoCoMo’s I-Mode
 Palm.net
 Sprint PCS Wireless Web
NTT DoCoMo I-Mode
 20 million users in Japan
 HTML-based microbrowser
(supports HTTPS/SSL) on CDMA-based
network
 10’s of thousands of content sites, ring
tones, and screen savers
 Pay per application downloaded and pay
per page models
 Invested in AT&T Wireless so we may see
it here in US in next few years!
Palm.Net
 Low 100K users in USA
 Web Clipping (specialized HTML)
microbrowser on Mobitex (TDMA) – based
network run by BellSouth (>98% coverage
in urban areas)
 100’s of content sites (typically no charge
for applications)
 Palm VII devices now selling for $100 due
to user adoption problems. (Service plans
range from $10 - $40 per month.)
Sprint PCS Wireless Web
 Low, single-digit millions of US users
 Multi-device strategy: WAP/HDML based
microbrowser on phones, Web Clipping on
Kyocera, both on CDMA network
 ~50 content sites slotted, many others
available (very hard to enter URLs, though)
 Slotting-fee + rev-share on xactions model
 $10 per month flat-fee to users, most phones
already have microbrowser installed.

You might also like