Unit 5 m commerce


Published on

University of Madras, MBA (Systems), E-Business Technology and Management, Unit 5: M Commerce

Published in: Education
1 Comment
  • Sir, I am unable to download the required all the three unit presentation as download is being disabled.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Copyright © 2001 by Neil Daswani, licensed for use to Venkat Rangan on November 14-15, 2001
  • Unit 5 m commerce

    1. 1. Introduction to M-Commerce
    2. 2. Overview <ul><li>What is M-Commerce? </li></ul><ul><li>Security Issues </li></ul><ul><li>Usability Issues </li></ul><ul><li>Heterogeneity Issues </li></ul><ul><li>Business Model Issues </li></ul><ul><li>Case Studies / Examples </li></ul><ul><li>Q & A </li></ul>
    3. 3. What is M-Commerce? <ul><li>E-Commerce with mobile devices (PDAs, Cell Phones, Pagers, etc.) </li></ul><ul><li>Different than E-Commerce? </li></ul><ul><li>No, but additional challenges: </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Usability </li></ul></ul><ul><ul><li>Heterogeneous Technologies </li></ul></ul><ul><ul><li>Business Model Issues </li></ul></ul><ul><li>But first, let’s learn a little about wireless technologies… </li></ul>
    4. 4. Wireless Technologies <ul><li>Link Layer (examples…) </li></ul><ul><ul><li>WAN: Analog / AMPS CDPD: Cellular Digital Packet Data TDMA/GSM: Time Division Multiple Access, Global System for Mobile Communications (Europe) CDMA: Code Division Multiple Access Mobitex (TDMA-based) </li></ul></ul><ul><ul><li>LAN: 802.11 Bluetooth </li></ul></ul><ul><li>Devices: Cell Phones, Palm, WinCE, Symbian, Blackberry, … </li></ul>
    5. 5. Examples of PDA Devices PDA Microprocessor Speed Palm, Handspring Motorola Dragonball 16.6 – 20 MHz RIM Interactive Pager Intel 386 10 MHz Compaq Aero 1530 NEC/VR4111 MIPS RISC 70 MHz HP Jornada 820 Intel/StrongARM RISC SA-1100 190 MHz Casio Cassiopeia E-100 NEC/VR4121 MIPS 131 MHz Psion Revo ARM 710 36 MHz Psion Series 5 Digital/Arm 7100 18 MHz
    6. 6. Application Layer Technologies <ul><li>Micro-browser based: WAP/WML, HDML: Openwave iMode (HTML): NTT DoCoMo Web Clipping: Palm.net XHTML: W3C </li></ul><ul><li>Voice-browser based: VoiceXML: W3C </li></ul><ul><li>Client-side: J2ME: Java 2 Micro Edition (Sun) WMLScript: Openwave </li></ul><ul><li>Messaging: SMS: Part of GSM Spec. </li></ul>
    7. 7. Example: WAP <ul><li>WAP: Wireless Application Protocol </li></ul><ul><li>Created by WAP Forum </li></ul><ul><ul><li>Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com </li></ul></ul><ul><ul><li>500+ member companies </li></ul></ul><ul><ul><li>Goal: Bring Internet content to wireless devices </li></ul></ul><ul><li>WTLS: Wireless Transport Layer Security </li></ul>
    8. 8. Basic WAP Architecture Web Server WTLS SSL Internet WAP Gateway                                                                                                
    9. 9. Example: WAP application
    10. 10. Security Challenges <ul><li>Less processing power on devices </li></ul><ul><ul><li>Slow Modular exponentiation and Primality Checking (i.e., RSA) </li></ul></ul><ul><ul><li>Crypto operations drain batteries (CPU intensive!) </li></ul></ul><ul><li>Less memory (keys, certs, etc. require storage) </li></ul><ul><li>Few devices have crypto accelerators, or support for biometric authentication </li></ul><ul><li>No tamper resistance (memory can be tampered with, no secure storage) </li></ul><ul><li>Primitive operating systems w/ no support for access control (Palm OS) </li></ul>
    11. 11. Wireless Security Approaches <ul><li>Link Layer Security </li></ul><ul><ul><li>GSM: A3/A5/A8 (auth, key agree, encrypt) </li></ul></ul><ul><ul><li>CDMA: spread spectrum + code seq </li></ul></ul><ul><ul><li>CDPD: RSA + symmetric encryption </li></ul></ul><ul><li>Application Layer Security </li></ul><ul><ul><li>WAP: WTLS, WML, WMLScript, & SSL </li></ul></ul><ul><ul><li>iMode: N/A </li></ul></ul><ul><ul><li>SMS: N/A </li></ul></ul>
    12. 12. Example: Security Concerns <ul><li>Performance: we’ll do an example: should we use RSA or ECC for WTLS mutual auth? </li></ul><ul><li>Control: WAP Gap </li></ul><ul><li>data in the clear at gateway while re-encryption takes place </li></ul>
    13. 13. Example: WTLS– ECC vs. RSA? <ul><li>WTLS Goals </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Privacy </li></ul></ul><ul><ul><li>Data Integrity </li></ul></ul><ul><li>Authentication: Public-Key Crypto (CPU intensive!!!) </li></ul><ul><li>Privacy: Symmetric Crypto </li></ul><ul><li>Data Integrity: MACs </li></ul>
    14. 14. WTLS: Crypto Basics <ul><li>Public-Key Crypto </li></ul><ul><ul><li>RSA (Rivest-Shamir-Adelman) </li></ul></ul><ul><ul><li>ECC (Elliptic Curve) </li></ul></ul><ul><li>Certificates </li></ul><ul><li>Authentication </li></ul><ul><ul><li>None, Client, Server, Mutual </li></ul></ul>
    15. 15. WTLS w/ Mutual-Authentication <ul><li>Mutual-Authentication </li></ul>Client Hello -----------> ServerHello Certificate CertificateRequest <----------- ServerHelloDone Certificate ClientKeyExchange (only for RSA) CertificateVerify ChangeCipherSpec Finished -----------> <----------- Finished Application Data <----------> Application Data 1. Verify Server Certificate 2. Establish Session Key 3. Generate Signature
    16. 16. WTLS Handshake Timings (Palm VII) <ul><li>Mutual-Authentication: RSA </li></ul>Operation Cryptographic Primitive(s) Time Required (ms) Server Certificate Verification RSA Signature Verification (Public decrypt, e=3) 598   Session Key Establishment RSA Encryption (Public encrypt) 622 Client Authentication RSA Signature Generation (Private encrypt) 21734 TOTAL   22954
    17. 17. WTLS Handshake Timings (Palm VII) <ul><li>Mutual-Authentication: ECC </li></ul>The cryptographic execution time for mutually-authenticated 163-bit ECC handshakes is at least 8.64 times as fast as the cryptographic execution time for mutually-authenticated 1024-bit RSA handshakes on the Palm VII. Operation Cryptographic Primitive(s) Time Required (ms) Server Certificate Verification CA Public Key Expansion 254.8 ECC-DSA Signature Verification 1254 Session Key Establishment Server Public Key Expansion 254.8 Key Agreement 335.6 Client Authentication ECC-DSA Signature Generation 514.8 TOTAL   2614
    18. 18. WAP Gap: One Alternative… <ul><li>Dynamic Gateway Connection </li></ul><ul><li>Other alternatives also exist… </li></ul>Internet WAP Gateway WTLS Class 2 SSL Operator Web Server SSL Content Provider WAP Gateway
    19. 19. Usability Challenges <ul><li>Hard Data Entry </li></ul><ul><ul><li>Poor Handwriting Recognition </li></ul></ul><ul><ul><li>Numeric Keypads for text entry is error-prone </li></ul></ul><ul><ul><li>Poor Voice Recognition </li></ul></ul><ul><ul><li>Further complicates security (entering passwords / speaking pass-phrases is hard!) </li></ul></ul><ul><li>Small Screens </li></ul><ul><ul><li>i.e., can’t show users everything in “shopping cart” at once! </li></ul></ul><ul><li>Voice Output time consuming </li></ul>
    20. 20. Usability Approaches <ul><li>Graffiti (Scaled-down handwriting recognition, Palm devices) </li></ul><ul><li>T9 Text Input (Word completion, most cell phones) </li></ul><ul><li>Full alphanumeric keypad & scrollbar (Blackberry) </li></ul><ul><li>Restricted VoiceXML grammars for better voice recognition </li></ul><ul><li>Careful task-based Graphical User Interface & Dialog Design </li></ul><ul><li>Lots of room for improvement! </li></ul>
    21. 21. Heterogeneity Challenges <ul><li>Many link layer protocols (different security available in each) </li></ul><ul><li>Many application layer standards </li></ul><ul><li>Businesses need to write to one or more standards or hire a company to help them! </li></ul><ul><li>Many device types: </li></ul><ul><ul><li>Many operating systems (Palm OS, Win CE, Symbian, Epoch, …) </li></ul></ul><ul><ul><li>Wide variation in capabilities </li></ul></ul>
    22. 22. Heterogeneity Approaches <ul><li>HTML/Web screen scraping </li></ul><ul><li>Protocol & Mark-up language translators </li></ul><ul><li>Standardization </li></ul>
    23. 23. Business Models Issues <ul><li>Possible Models: </li></ul><ul><ul><li>Slotting fees </li></ul></ul><ul><ul><li>Wireless advertising (text) </li></ul></ul><ul><ul><li>Pay per application downloaded </li></ul></ul><ul><ul><li>Pay per page downloaded </li></ul></ul><ul><ul><li>Flat-fees for service & applications </li></ul></ul><ul><ul><li>Revenue share on transactions </li></ul></ul><ul><li>Trust issues between banks, carriers, and portals </li></ul><ul><li>Lack of content / services </li></ul>
    24. 24. Case Studies <ul><li>NTT DoCoMo’s I-Mode </li></ul><ul><li>Palm.net </li></ul><ul><li>Sprint PCS Wireless Web </li></ul>
    25. 25. NTT DoCoMo I-Mode <ul><li>20 million users in Japan </li></ul><ul><li>HTML-based microbrowser (supports HTTPS/SSL) on CDMA-based network </li></ul><ul><li>10’s of thousands of content sites, ring tones, and screen savers </li></ul><ul><li>Pay per application downloaded and pay per page models </li></ul><ul><li>Invested in AT&T Wireless so we may see it here in US in next few years! </li></ul>
    26. 26. Palm.Net <ul><li>Low 100K users in USA </li></ul><ul><li>Web Clipping (specialized HTML) microbrowser on Mobitex (TDMA) – based network run by BellSouth (>98% coverage in urban areas) </li></ul><ul><li>100’s of content sites (typically no charge for applications) </li></ul><ul><li>Palm VII devices now selling for $100 due to user adoption problems. (Service plans range from $10 - $40 per month.) </li></ul>
    27. 27. Sprint PCS Wireless Web <ul><li>Low, single-digit millions of US users </li></ul><ul><li>Multi-device strategy: WAP/HDML based microbrowser on phones, Web Clipping on Kyocera, both on CDMA network </li></ul><ul><li>~50 content sites slotted, many others available (very hard to enter URLs, though) </li></ul><ul><li>Slotting-fee + rev-share on xactions model </li></ul><ul><li>$10 per month flat-fee to users, most phones already have microbrowser installed. </li></ul>