Return to Message Application Products 1 Copyright Bond Wireless 2010 From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance Clarence N W Tan, PhD, FACS, F Fin Founder and CEO Bond Wireless Entrepreneur in Residence Fellow, Bond University/Gold Coast Innovation Centre Adjunct Professor, Bond University/Griffith University
42
Embed
From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance
Presentation given at the World Computer Congress 2010 in Brisbane on Bond Wireless' SMS Authentication and Verification Technology (Pat.) Applications.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Return to Message Application Products1Copyright Bond Wireless 2010
From E-Transactions to M-Transactions: Enabling mobile transactions with information
assurance
Clarence N W Tan, PhD, FACS, F Fin
Founder and CEOBond Wireless
Entrepreneur in Residence Fellow, Bond University/Gold Coast Innovation Centre
Adjunct Professor, Bond University/Griffith University
Return to Message Application Products2Copyright Bond Wireless 2010
About Bond Wireless
• Founded in 2002 with a business presence in Australia, Singapore,
Malaysia, Thailand, Kenya, UAE and USA.
• Developer of Patented IP and award winning innovative SMS
application solutions
• Winner of the Asia Pacific ICT Awards 2002 in Best
Communication Applications Award.
• Listed in Top 30 ICT companies in Australia 2003/2004 and in the
Q400 2005, 2007, 2008 and 2009 – Top 400 Companies in
Queensland
• Finalist in AIIA 2006 Communications Applications Award
• Winner Gold Coast Business Excellence Award 2006 in IT.
• Mobile applications on handsets utilizing internet
connection
– Java Apps, iPhone Apps, Android Apps
– SimTool Kit
– WAP Apps
• Problem:
– not ubiquitous
– require internet connection, minimum of GPRS, WiFi
– security issue when accessing via public WiFi networks
– requires Smartphones
5Copyright Bond Wireless 2010
Return to Message Application Products
M-Transactions Market
• The value of digital and physical goods that people buy with
their mobiles will reach $200 billion globally by 2012,
compared to just less than $100 billion this year.
(Juniper Research 2010)
• Majority of mobile handsets sold globally are sub-$50
phones that only carry voice and SMS e.g. China has over
850 million mobile subscribers but is projected to have only
7%-10% 3G subscribers at the end of 2012. (Source:
Ministry of Industry and Information Technology, the
operators‟ website)
• Many global digital brands have tried and failed in China, e
– Facebook: <5% share, blocked in 2009, no access in China
– Yahoo: entered 1999, site 3721 acquired in 2003 (40%
market share), now 0.5% share
6Copyright Bond Wireless 2010
Return to Message Application Products7Copyright Bond Wireless 2010
Why SMS?
• SMS is a stable platform has been around for over 17 years
• Extending the capabilities of mobile messaging to the
enterprise market by overcoming the limitations of
traditional SMS.
– Input
– No end-user proof of receipt or information assurance to
support high value applications
• Global SMS Market Trend
– Peer-Peer to Business-Peer
– US Telcos opening up to SMS
– SMS is the most cost effective method to reach large numbers
of customers in most markets
– Bridging the Digital Divide e.g. in Asia, where SMS is much
more accessible than the email
Return to Message Application Products
Bond Wireless solves non-repudiation of mobile consumers
Bond Wireless has developed a patent for verifying and authenticating consumers using SMS and its associated technologies text2speech.
Problems solved:
1. Has the correct person received the information?2. Has the correct person read the information?
Successfully being deployed by mobile operators and application developers across the Asia-Pacific region.
Copyright Bond Wireless 2010
Return to Message Application Products
SMS Authenticate & Verify (SAV)
• Authenticated and Verifiable SMS Messages
• Server-based patented technology that permits
certified SMS transmission that is encrypted
• SIM card independent solution
• Ensures only intended recipients can read
message
• Solves non-repudiation problem by confirming
recipient has successfully retrieved message
Copyright Bond Wireless 2010
Return to Message Application Products
Benefits of the Bond Wireless approach to non-repudiation and verification of message reception
• The *patented SMS Authenticate and Verify (SAV) technology used in our SecureTransTM product is designed for enterprise applications providing additional business process security with SMS messages, without expensive modifications to SIM cards, customized phones, or phone-based applications.
• The SecureTransTM process ensures the identity of the message recipient before any sensitive data is delivered. In addition to ensuring only the intended recipient reads the message, the sender is also given proof that the recipient received the message.
* SMS AV (SMS Authenticate and Verify) has been granted a patent in the following territories: China - ZL 03810299.4, Hong Kong - HK1078708, USA - US 2006/0098678 A1, Australia -2003225327 and Europe - 03720017.7
Copyright Bond Wireless 2010
Return to Message Application Products
The SecureTransTM Platform
• No need for SIM Toolkit development and the issuing of
application specific toolkits.
• Will work across multiple Mobile technology platforms
(GSM, CDMA, and 3G)
• Operates with MMS as well as SMS
• Guarantees that the correct recipient is receiving the
information being broadcast
• Value added mobile service
• Privacy/Duty of care/Security
• Enables operators to establish a cost effective user
validation process
• Customers are able to self-activate and auto activate users
Copyright Bond Wireless 2010
Return to Message Application Products
SMS SecureTransTM Information flows
Copyright Bond Wireless 2010
Return to Message Application Products
How it works
Verification Module
• Enables senders of SMS to verify the correct user is in control of
the receiving device.
• The verification module uses the CLI and a shared password as
the validation criteria.
• The application enables a sender to manage the length of the
maximum response time.
• The verification process can be used to commence or complete a
transaction, and can be initiated from the network or the mobile
device.
Copyright Bond Wireless 2010
Return to Message Application Products
Securing the handshake
Authentication Module
• Using 128 bit encryption, sensitive data is sent encrypted with the request for verification.
• The message is only decrypted upon receipt of correct password/ verification keys.
• When in use, no content of the outgoing SMS message is stored on the encryption server, the whole message is sent with the request for validation.
• Allows future migration of a Java-based mobile application or SIM Toolkit solution to provide seamless encryption/decryption at the phone.
Copyright Bond Wireless 2010
Return to Message Application Products
The SMS SecureTransTM
Benefit for Security
Enables organisations with confidential or sensitive information to use the distribution capabilities and coverage of SMS.
Ensures only the intended recipient can read message
Permit sensitive information to be sent via SMS
Enable mobile/e-commerce in a secure fashion
Solve problems of non-repudiation
Copyright Bond Wireless 2010
Return to Message Application Products
Applications of SMS AV in Security and
Government
• Ubiquitous private communication via SMS from mobile to mobile or PC to mobile with authentication and verification of sender and recipient globally.
– Government or security personnel can utilize any existing mobile handsets with the service as long as they have registered their existing mobile numbers and pass-code with the system.
• Verification of permission or order via SMS with an audit trail and proof of receipt that recipient has retrieved the message.
• As a digital signature to verify recipient has approved an order or a transaction.
Copyright Bond Wireless 2010
Return to Message Application Products
Example of SMS AV usage
• Permits sensitive information to be sent to recipient with
confirmation of information being sent to recipient thus
providing an audit trail.
• Enables transactions to be conducted using a mobile phone
without modification of SIM cards.
• No sensitive information that is encrypted is stored on
third-party servers.
• Ensures only intended recipient can read message
• Applications include SMS Banking, SMS Transact, SMS
Billing, SMS Payments/Ticketing
Copyright Bond Wireless 2010
Return to Message Application Products
SMS Banking Applications
• Alerts/notifications, CRM
• Marketing, advertising & promotion
• Account admin (balance enquiry, cheque book
request, etc.)
• Funds management (fund transfers)
• M-commerce (mobile payments)
Copyright Bond Wireless 2010
Return to Message Application Products
SMS mobile banking business model
Revenue models
Reduce cost of servicing customers
Increase revenue stream with SMS Banking
as a value-add service to customers
Create a mobile commerce platform
Independence from carriers and networks
Potential mobile payment solution with global
footprint
Copyright Bond Wireless 2010
Return to Message Application Products
Current Implementations
Implemented with a Telco in SE Asia who are using it
in the consumer market
Implemented in the Health Industry providing test
results to patients, see interview with Queensland
• Doctors have to show duty of care in contacting patients with communicable diseases.
• 90% of medical test results are negative.
• Currently using certified/registered mail as proof of duty of care. Cost is about US$2 per patient, with ineffective results due to the mobility of patients.
• Trialing SMS AV to have non-repudiated proof of patient‟s receiving their results via SMS.
• Faster response time, reduces cost of delivery, more effective results in managing patients.
Copyright Bond Wireless 2010
Return to Message Application Products
State Health Example
• Reminder sent to patient encrypted.
• Patient enters agreed Passcode.
• Result sent back to patients mobile phone
decrypted and able to be read.
• Notification sent and to doctor/sender that
message has been decrypted successfully.
• Log made of outcome for later audit.
Copyright Bond Wireless 2010
Return to Message Application Products24Copyright Bond Wireless 2010
CaraData working with Bond Wireless
CaraData introducing SHIP 7 the Sexual Health Information Program developed in Australia with the help of professionals working with HIV and STDs.
CaraData has been working with Bond Wireless to provide secure SMS text messaging to patients
The solution checks patient records and automatically sends secure SMS text messages directly to mobile phones regarding
– test results
– appointment times
– reminders to take medication
Return to Message Application Products25Copyright Bond Wireless 2010
Case Study: Using Bond Wireless SMS SecureTrans to notify
patients of medical results in a Sexual Health Clinic
Doctors have to show duty of care in contacting
patients with communicable diseases in Australia.
90% of medical test results are negative.
Currently using certified/registered mail as proof of
duty of care. Cost is about US$2 per patient, with
ineffective results due to the mobility of patients.
Australian hospital currently using Bond Wireless
SMS SecureTrans to obtain non-repudiated proof
of patients‟ receiving their results via SMS and
ensuring confidentiality of results.
End result for Hospital: Faster response time,
reduced cost of delivery, more effective results in
managing patients with less patients phoning in to
inquire about their medical results.
Return to Message Application Products26Copyright Bond Wireless 2010
Send Message
Message stored on Clinic Server
encryption an option
Message sent to Bond WirelessMessage passed to Client
Receive message
Client sends PIN to Bond Wireless Server
Encrypted message unencrypted
Message sent to ClientMessage status sent to Clinic Server
• Cost effective (hard-/software platform agnostic, integrates to
legacy systems readily)
• Cost effective administration (low admin overhead & end user
support cost)
• Possible deployment as micro-transactions platform
• Excellent solution for micro-financing environment
Return to Message Application Products38Copyright Bond Wireless 2010
Stockbrokerage example:
a. Client instructs stockbroker over phone call to “Sell X lots of Y”.
b. Stockbroker (Content Server) desires formal order verification & authentication of client (Receiver) before taking action.
c. Stockbroker sends client encrypted SMS “Confirm sell X lots of Y” using software package running on a PC (Security Server).
d. SMS arrives at client‟s phone with PIN prompt.
SMS applications - Stockbroking
Return to Message Application Products39Copyright Bond Wireless 2010
Stockbrokerage example (cont‟d):
e. Client replies also using SMS & enters PIN.
f. Software on PC receives reply & authenticates client using CLI & PIN.
g. On success, software sends client decrypted SMS “Confirm sell X lots of Y”.
h. Client can follow up if this instruction is in error.
i. Stockbroker executes order if client has been properly authenticated.
SMS applications
Return to Message Application Products40Copyright Bond Wireless 2010
Other Business Process Applications
Sign-off of company purchase orders by remote or
mobile staff
Sign-off of letter or advertising copy by remote or
mobile staff
Alerting senior managers of organisations of KPI metrics
Enabling organisations with remote workforces to
dispatch, track and record appointment details
Interacting with Customers and Suppliers to confirm
receipt, shipment and status of orders
Simple reporting tool for remote staff who may not have
ready access to an internet connection
Return to Message Application Products41Copyright Bond Wireless 2010
Selected References
1. Tan, C, Teo, T. W., and Goldschmied, J., “An Authenticated SMS (Short MessageService) System for M-Commerce Transactions: Practical Issues and LegalPerspectives”, Hong Kong Mobility Roundtable Conference 2005, Hong Kong, June1-3 2005.
2. Clarence N.W. Tan, Bond University, Australia; Tiok-Woo Teo, Bond University,Australia, “Mobile Telecommunications and M-Commerce Applications”, Encyclopediaof Information Science and Technology I-V (Mobile Technologies), January 2005,Idea Group Inc., USA, ISBN 1-59140-553-X.
3. C. N. W. Tan and T. W. Teo, “An Authenticated Short Message Service (SMS)-BasedTransactions System Without SIM Modification”, Proceeding of the 2003 InternationalConference on Wireless Networks, 23–26 June, 2003, Las Vegas, Nevada, USA.
4. C. N. W. Tan and T. W. Teo, “A Short Message Service (SMS) Enabled Job DispatchSystem”, Proceeding of the 2002 International Conference on Wireless Networks,24–27 June, 2002, Las Vegas, Nevada, USA, ISBN 1-892512-30-0.
5. Tan C & Teo T-W, From e-commerce to m-commerce: The Power of the MobileInternet”, chapter in Internet Management Issues: A Global Perspective by J Haynes(Editor), Idea Group Publishing, Chapter 2 pp. 27-53, ISBN: 1930708211, USA,2002.
Return to Message Application Products42Copyright Bond Wireless 2010