Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to M-Commerce. Overview What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples.

Published byNickolas Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to M-Commerce. Overview What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples."— Presentation transcript:

1 Introduction to M-Commerce

2 Overview What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples Q & A

3 What is M-Commerce? E-Commerce with mobile devices (PDAs, Cell Phones, Pagers, etc.) Different than E-Commerce? No, but additional challenges: Security Usability Heterogeneous Technologies Business Model Issues But first, let’s learn a little about wireless technologies…

4 Wireless Technologies Link Layer (examples…) WAN: Analog / AMPS CDPD: Cellular Digital Packet Data TDMA/GSM: Time Division Multiple Access, Global System for Mobile Communications (Europe) CDMA: Code Division Multiple Access Mobitex (TDMA-based) LAN: 802.11 Bluetooth Devices: Cell Phones, Palm, WinCE, Symbian, Blackberry, …

5 Examples of PDA Devices PDAMicroprocessorSpeed Palm, HandspringMotorola Dragonball16.6 – 20 MHz RIM Interactive Pager Intel 38610 MHz Compaq Aero 1530NEC/VR4111 MIPS RISC70 MHz HP Jornada 820Intel/StrongARM RISC SA- 1100 190 MHz Casio Cassiopeia E- 100 NEC/VR4121 MIPS131 MHz Psion RevoARM 71036 MHz Psion Series 5Digital/Arm 710018 MHz

6 Application Layer Technologies Micro-browser based: WAP/WML, HDML: Openwave iMode (HTML): NTT DoCoMo Web Clipping: Palm.net XHTML: W3C Voice-browser based: VoiceXML: W3C Client-side: J2ME: Java 2 Micro Edition (Sun) WMLScript: Openwave Messaging: SMS: Part of GSM Spec.

7 Example: WAP WAP: Wireless Application Protocol Created by WAP Forum Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com 500+ member companies Goal: Bring Internet content to wireless devices WTLS: Wireless Transport Layer Security

8 Basic WAP Architecture Web Server WTLSSSL Internet WAP Gateway

9 Example: WAP application

10 Security Challenges Less processing power on devices Slow Modular exponentiation and Primality Checking (i.e., RSA) Crypto operations drain batteries (CPU intensive!) Less memory (keys, certs, etc. require storage) Few devices have crypto accelerators, or support for biometric authentication No tamper resistance (memory can be tampered with, no secure storage) Primitive operating systems w/ no support for access control (Palm OS)

11 Wireless Security Approaches Link Layer Security GSM: A3/A5/A8 (auth, key agree, encrypt) CDMA: spread spectrum + code seq CDPD: RSA + symmetric encryption Application Layer Security WAP: WTLS, WML, WMLScript, & SSL iMode: N/A SMS: N/A

12 Example: Security Concerns Performance: we’ll do an example: should we use RSA or ECC for WTLS mutual auth? Control: WAP Gap data in the clear at gateway while re-encryption takes place

13 Example: WTLS– ECC vs. RSA? WTLS Goals Authentication Privacy Data Integrity Authentication: Public-Key Crypto (CPU intensive!!!) Privacy: Symmetric Crypto Data Integrity: MACs

14 WTLS: Crypto Basics Public-Key Crypto RSA (Rivest-Shamir-Adelman) ECC (Elliptic Curve) Certificates Authentication None, Client, Server, Mutual

15 WTLS w/ Mutual-Authentication Mutual-Authentication Client Hello-----------> ServerHello Certificate CertificateRequest <-----------ServerHelloDone Certificate ClientKeyExchange (only for RSA) CertificateVerify ChangeCipherSpec Finished-----------> <-----------Finished Application Data 1. Verify Server Certificate 2. Establish Session Key 3. Generate Signature

16 WTLS Handshake Timings (Palm VII) Mutual-Authentication: RSA OperationCryptographic Primitive(s)Time Required (ms) Server Certificate Verification RSA Signature Verification (Public decrypt, e=3) 598 Session Key Establishment RSA Encryption (Public encrypt) 622 Client AuthenticationRSA Signature Generation (Private encrypt) 21734 TOTAL 22954

17 WTLS Handshake Timings (Palm VII) Mutual-Authentication: ECC OperationCryptographic Primitive(s) Time Required (ms) Server Certificate Verification CA Public Key Expansion 254.8 ECC-DSA Signature Verification 1254 Session Key Establishment Server Public Key Expansion 254.8 Key Agreement 335.6 Client AuthenticationECC-DSA Signature Generation 514.8 TOTAL 2614 The cryptographic execution time for mutually-authenticated 163-bit ECC handshakes is at least 8.64 times as fast as the cryptographic execution time for mutually-authenticated 1024-bit RSA handshakes on the Palm VII.

18 WAP Gap: One Alternative… Dynamic Gateway Connection Other alternatives also exist… Internet WAP Gateway WTLS Class 2SSL Operator Web Server SSL Content Provider WAP Gateway

19 Usability Challenges Hard Data Entry Poor Handwriting Recognition Numeric Keypads for text entry is error-prone Poor Voice Recognition Further complicates security (entering passwords / speaking pass-phrases is hard!) Small Screens i.e., can’t show users everything in “shopping cart” at once! Voice Output time consuming

20 Usability Approaches Graffiti (Scaled-down handwriting recognition, Palm devices) T9 Text Input (Word completion, most cell phones) Full alphanumeric keypad & scrollbar (Blackberry) Restricted VoiceXML grammars for better voice recognition Careful task-based Graphical User Interface & Dialog Design Lots of room for improvement!

21 Heterogeneity Challenges Many link layer protocols (different security available in each) Many application layer standards Businesses need to write to one or more standards or hire a company to help them! Many device types: Many operating systems (Palm OS, Win CE, Symbian, Epoch, …) Wide variation in capabilities

22 Heterogeneity Approaches HTML/Web screen scraping Protocol & Mark-up language translators Standardization

23 Business Models Issues Possible Models: Slotting fees Wireless advertising (text) Pay per application downloaded Pay per page downloaded Flat-fees for service & applications Revenue share on transactions Trust issues between banks, carriers, and portals Lack of content / services

24 Case Studies NTT DoCoMo’s I-Mode Palm.net Sprint PCS Wireless Web

25 NTT DoCoMo I-Mode 20 million users in Japan HTML-based microbrowser (supports HTTPS/SSL) on CDMA-based network 10’s of thousands of content sites, ring tones, and screen savers Pay per application downloaded and pay per page models Invested in AT&T Wireless so we may see it here in US in next few years!

26 Palm.Net Low 100K users in USA Web Clipping (specialized HTML) microbrowser on Mobitex (TDMA) – based network run by BellSouth (>98% coverage in urban areas) 100’s of content sites (typically no charge for applications) Palm VII devices now selling for $100 due to user adoption problems. (Service plans range from $10 - $40 per month.)

27 Sprint PCS Wireless Web Low, single-digit millions of US users Multi-device strategy: WAP/HDML based microbrowser on phones, Web Clipping on Kyocera, both on CDMA network ~50 content sites slotted, many others available (very hard to enter URLs, though) Slotting-fee + rev-share on xactions model $10 per month flat-fee to users, most phones already have microbrowser installed.

Download ppt "Introduction to M-Commerce. Overview What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples."

Similar presentations

Theodoros Chrysafis - Computer Science Department - CITY Liberal Studies - (24-25/05/2002) 1 Issues and Limitations on Mobile Computing Contents Wireless.

Theodoros Chrysafis - Computer Science Department - CITY Liberal Studies - (24-25/05/2002) 1 Issues and Limitations on Mobile Computing Contents Wireless.
Mobile Commerce (M-commerce) Alex Maldonado Mercy College INBS 510 Intro to Internet Business Systems May 11, 2002.

Mobile Commerce (M-commerce) Alex Maldonado Mercy College INBS 510 Intro to Internet Business Systems May 11, 2002.
Mobile Computing Advantages and limitations of mobile computing

Mobile Computing Advantages and limitations of mobile computing
Cryptography and Network Security

Cryptography and Network Security
Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS

Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS
Internet Security Protocols

Internet Security Protocols
Security of Mobile Banking

Security of Mobile Banking
 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.

 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.
M - Commerce 20042512 Mi Yul Park. 2005-08-092 Table of Contents Introduction Attributes of M-Commerce Examples M-commerce: Hardware M-commerce: Software.

M - Commerce Mi Yul Park Table of Contents Introduction Attributes of M-Commerce Examples M-commerce: Hardware M-commerce: Software.
By: Christopher M. Logan Date: April 19, 2001.

By: Christopher M. Logan Date: April 19, 2001.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000.

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000.
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Wireless Application Protocol John Bollen MBA 651.

Wireless Application Protocol John Bollen MBA 651.

Similar presentations

Ads by Google