290 likes | 657 Views
Overview. What is M-Commerce?Security IssuesUsability IssuesHeterogeneity IssuesBusiness Model IssuesCase Studies / ExamplesQ
E N D
1. Introduction to M-Commerce Copyright © 2001 by Neil Daswani, licensed for use to Venkat Rangan on November 14-15, 2001Copyright © 2001 by Neil Daswani, licensed for use to Venkat Rangan on November 14-15, 2001
2. Overview What is M-Commerce?
Security Issues
Usability Issues
Heterogeneity Issues
Business Model Issues
Case Studies / Examples
Q & A
3. What is M-Commerce? E-Commerce with mobile devices (PDAs, Cell Phones, Pagers, etc.)
Different than E-Commerce?
No, but additional challenges:
Security
Usability
Heterogeneous Technologies
Business Model Issues
But first, let’s learn a little about wireless technologies…
4. Wireless Technologies Link Layer (examples…)
WAN: Analog / AMPSCDPD: Cellular Digital Packet Data TDMA/GSM: Time Division Multiple Access, Global System for Mobile Communications (Europe)CDMA: Code Division Multiple AccessMobitex (TDMA-based)
LAN:802.11Bluetooth
Devices: Cell Phones, Palm, WinCE, Symbian, Blackberry, …
5. Examples of PDA Devices
6. Application Layer Technologies Micro-browser based:WAP/WML, HDML: Openwave iMode (HTML): NTT DoCoMo Web Clipping: Palm.netXHTML: W3C
Voice-browser based:VoiceXML: W3C
Client-side: J2ME: Java 2 Micro Edition (Sun)WMLScript: Openwave
Messaging: SMS: Part of GSM Spec.
7. Example: WAP WAP: Wireless Application Protocol
Created by WAP Forum
Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com
500+ member companies
Goal: Bring Internet content to wireless devices
WTLS: Wireless Transport Layer Security
8. Basic WAP Architecture
9. Example: WAP application
10. Security Challenges Less processing power on devices
Slow Modular exponentiation and Primality Checking (i.e., RSA)
Crypto operations drain batteries(CPU intensive!)
Less memory (keys, certs, etc. require storage)
Few devices have crypto accelerators, or support for biometric authentication
No tamper resistance (memory can be tampered with, no secure storage)
Primitive operating systems w/ no support for access control (Palm OS)
11. Wireless Security Approaches Link Layer Security
GSM: A3/A5/A8 (auth, key agree, encrypt)
CDMA: spread spectrum + code seq
CDPD: RSA + symmetric encryption
Application Layer Security
WAP: WTLS, WML, WMLScript, & SSL
iMode: N/A
SMS: N/A
12. Example: Security Concerns Performance: we’ll do an example: should we use RSA or ECC for WTLS mutual auth?
Control: WAP Gap
data in the clear at gateway while re-encryption takes place
13. Example: WTLS– ECC vs. RSA? WTLS Goals
Authentication
Privacy
Data Integrity
Authentication: Public-Key Crypto (CPU intensive!!!)
Privacy: Symmetric Crypto
Data Integrity: MACs
14. WTLS: Crypto Basics Public-Key Crypto
RSA (Rivest-Shamir-Adelman)
ECC (Elliptic Curve)
Certificates
Authentication
None, Client, Server, Mutual
18. WAP Gap: One Alternative… Dynamic Gateway Connection
Other alternatives also exist…
19. Usability Challenges Hard Data Entry
Poor Handwriting Recognition
Numeric Keypads for text entry is error-prone
Poor Voice Recognition
Further complicates security (entering passwords / speaking pass-phrases is hard!)
Small Screens
i.e., can’t show users everything in “shopping cart” at once!
Voice Output time consuming
20. Usability Approaches Graffiti (Scaled-down handwriting recognition, Palm devices)
T9 Text Input (Word completion, most cell phones)
Full alphanumeric keypad & scrollbar (Blackberry)
Restricted VoiceXML grammars for better voice recognition
Careful task-based Graphical User Interface & Dialog Design
Lots of room for improvement!
21. Heterogeneity Challenges Many link layer protocols (different security available in each)
Many application layer standards
Businesses need to write to one or more standards or hire a company to help them!
Many device types:
Many operating systems (Palm OS, Win CE, Symbian, Epoch, …)
Wide variation in capabilities
22. Heterogeneity Approaches HTML/Web screen scraping
Protocol & Mark-up language translators
Standardization
23. Business Models Issues Possible Models:
Slotting fees
Wireless advertising (text)
Pay per application downloaded
Pay per page downloaded
Flat-fees for service & applications
Revenue share on transactions
Trust issues between banks, carriers, and portals
Lack of content / services
24. Case Studies NTT DoCoMo’s I-Mode
Palm.net
Sprint PCS Wireless Web
25. NTT DoCoMo I-Mode 20 million users in Japan
HTML-based microbrowser(supports HTTPS/SSL) on CDMA-based network
10’s of thousands of content sites, ring tones, and screen savers
Pay per application downloaded and pay per page models
Invested in AT&T Wireless so we may see it here in US in next few years!
26. Palm.Net Low 100K users in USA
Web Clipping (specialized HTML) microbrowser on Mobitex (TDMA) – based network run by BellSouth (>98% coverage in urban areas)
100’s of content sites (typically no charge for applications)
Palm VII devices now selling for $100 due to user adoption problems. (Service plans range from $10 - $40 per month.)
27. Sprint PCS Wireless Web Low, single-digit millions of US users
Multi-device strategy: WAP/HDML based microbrowser on phones, Web Clipping on Kyocera, both on CDMA network
~50 content sites slotted, many others available (very hard to enter URLs, though)
Slotting-fee + rev-share on xactions model
$10 per month flat-fee to users, most phones already have microbrowser installed.