Introduction to M-Commerce

What is M-Commerce?
  

E-Commerce with mobile devices (PDAs, Cell Phones, Pagers, etc.) Different than E-Commerce? No, but additional challenges:
   

Security Usability Heterogeneous Technologies Business Model Issues

But first, lets learn a little about wireless technologies

Wireless Technologies


Link Layer (examples)



WAN: Analog / AMPS CDPD: Cellular Digital Packet Data TDMA/GSM: Time Division Multiple Access, Global System for Mobile Communications (Europe) CDMA: Code Division Multiple Access Mobitex (TDMA-based) LAN: 802.11 Bluetooth

Devices: Cell Phones, Palm, WinCE, Symbian, Blackberry,

Examples of PDA Devices

PDA Palm, Handspring RIM Interactive Pager Compaq Aero 1530 HP Jornada 820 Casio Cassiopeia E100 Psion Revo Psion Series 5 Microprocessor Motorola Dragonball Intel 386 NEC/VR4111 MIPS RISC Intel/StrongARM RISC SA1100 NEC/VR4121 MIPS ARM 710 Digital/Arm 7100 Speed 16.6 20 MHz 10 MHz 70 MHz 190 MHz 131 MHz 36 MHz 18 MHz

Application Layer Technologies



 

Micro-browser based: WAP/WML, HDML: Openwave iMode (HTML): NTT DoCoMo Web Clipping: Palm.net XHTML: W3C Voice-browser based: VoiceXML: W3C Client-side: J2ME: Java 2 Micro Edition (Sun) WMLScript: Openwave Messaging: SMS: Part of GSM Spec.

Example: WAP
 

WAP: Wireless Application Protocol Created by WAP Forum



 

Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com 500+ member companies Goal: Bring Internet content to wireless devices

WTLS: Wireless Transport Layer Security

Basic WAP Architecture

WTLS SSL

Web Server

Internet

WAP Gateway

Example: WAP application

Security Challenges


Less processing power on devices



Slow Modular exponentiation and Primality Checking (i.e., RSA) Crypto operations drain batteries (CPU intensive!)

   

Less memory (keys, certs, etc. require storage) Few devices have crypto accelerators, or support for biometric authentication No tamper resistance (memory can be tampered with, no secure storage) Primitive operating systems w/ no support for access control (Palm OS)

Wireless Security Approaches



Link Layer Security

  

GSM: A3/A5/A8 (auth, key agree, encrypt) CDMA: spread spectrum + code seq CDPD: RSA + symmetric encryption WAP: WTLS, WML, WMLScript, & SSL iMode: N/A SMS: N/A

Application Layer Security

  

Example: Security Concerns



Performance: well do an example: should we use RSA or ECC for WTLS mutual auth? Control: WAP Gap data in the clear at gateway while re-encryption takes place

Example: WTLS ECC vs. RSA?



WTLS Goals
  

Authentication Privacy Data Integrity

  

Authentication: Public-Key Crypto (CPU intensive!!!) Privacy: Symmetric Crypto Data Integrity: MACs

WTLS: Crypto Basics



Public-Key Crypto
 

RSA (Rivest-Shamir-Adelman) ECC (Elliptic Curve)

 

Certificates Authentication


None, Client, Server, Mutual

WTLS w/ Mutual-Authentication

Mutual-Authentication
Client Hello -----------> ServerHello Certificate CertificateRequest ServerHelloDone

<-----------

1. Verify Server Certificate

Certificate ClientKeyExchange (only for RSA) 2. Establish Session Key CertificateVerify 3. Generate Signature ChangeCipherSpec Finished -----------> <----------Application Data <----------> Finished Application Data

WTLS Handshake Timings (Palm VII)

Mutual-Authentication: RSA
Operation Cryptographic Primitive(s) Time (ms) Required

Server Certificate Verification Session Establishment Key

RSA Signature Verification (Public decrypt, e=3) RSA Encryption encrypt) (Public

598

622

Client Authentication

RSA Signature Generation (Private encrypt)

21734

TOTAL

22954

WTLS Handshake Timings (Palm VII)

Mutual-Authentication: ECC
Operation Server Certificate Verification Cryptographic Primitive(s) CA Public Key Expansion ECC-DSA Signature Verification Server Public Key Expansion Key Agreement ECC-DSA Signature Generation Time Required (ms) 254.8 1254 254.8 335.6 514.8 2614

Session Key Establishment

Client Authentication TOTAL

The cryptographic execution time for mutually-authenticated 163-bit ECC handshakes is at least 8.64 times as fast as the cryptographic execution time for mutually-authenticated 1024-bit RSA handshakes on the Palm VII.

WAP Gap: One Alternative



Dynamic Gateway Connection

WTLS Class 2 SSL

Operator

WAP Gateway

Internet

Content Provider


WAP Gateway

SSL

Web Server

Other alternatives also exist

Usability Challenges


Hard Data Entry

   

Poor Handwriting Recognition Numeric Keypads for text entry is error-prone Poor Voice Recognition Further complicates security (entering passwords / speaking pass-phrases is hard!) i.e., cant show users everything in shopping cart at once!

Small Screens


Voice Output time consuming

Usability Approaches
     

Graffiti (Scaled-down handwriting recognition, Palm devices) T9 Text Input (Word completion, most cell phones) Full alphanumeric keypad & scrollbar (Blackberry) Restricted VoiceXML grammars for better voice recognition Careful task-based Graphical User Interface & Dialog Design Lots of room for improvement!

Heterogeneity Challenges
   

Many link layer protocols (different security available in each) Many application layer standards Businesses need to write to one or more standards or hire a company to help them! Many device types:


Many operating systems (Palm OS, Win CE, Symbian, Epoch, ) Wide variation in capabilities

Heterogeneity Approaches
  

HTML/Web screen scraping Protocol & Mark-up language translators Standardization

Business Models Issues



Possible Models:
     

Slotting fees Wireless advertising (text) Pay per application downloaded Pay per page downloaded Flat-fees for service & applications Revenue share on transactions

 

Trust issues between banks, carriers, and portals Lack of content / services

Case Studies
  

NTT DoCoMos I-Mode Palm.net Sprint PCS Wireless Web

NTT DoCoMo I-Mode

 

  

20 million users in Japan HTML-based microbrowser (supports HTTPS/SSL) on CDMA-based network 10s of thousands of content sites, ring tones, and screen savers Pay per application downloaded and pay per page models Invested in AT&T Wireless so we may see it here in US in next few years!

Palm.Net
 

 

Low 100K users in USA Web Clipping (specialized HTML) microbrowser on Mobitex (TDMA) based network run by BellSouth (>98% coverage in urban areas) 100s of content sites (typically no charge for applications) Palm VII devices now selling for $100 due to user adoption problems. (Service plans range from $10 - $40 per month.)

Sprint PCS Wireless Web

 

  

Low, single-digit millions of US users Multi-device strategy: WAP/HDML based microbrowser on phones, Web Clipping on Kyocera, both on CDMA network ~50 content sites slotted, many others available (very hard to enter URLs, though) Slotting-fee + rev-share on xactions model $10 per month flat-fee to users, most phones already have microbrowser installed.

New Frontiers in E-Commerce: M-Commerce and L-Commerce

Mobile Vignettes


Bus riders in San Francisco can find when the next bus is due from their cell phone or Palm VII NextBus tracks in real time Dine One One uses AT&T PocketNet service to link driver cell phones to central network.
  

System locates and notifies driver to get to restaurant Emails order to restaurant Food ready to be delivered

DoCoMo I-Mode in Japan offers wireless services that include shopping guides, maps, ticketing, news, gambling, dining and reservations

What is M-Commerce?


Also known as pervasive computing

 

E-commerce done in a wireless environment Any transaction with a monetary value that is conducted via a mobile telecommunications network.

Attributes of M-Commerce
Characteristics Mobility Value-Added Attributes
Product and service localization Product personalization

M-Commerce

Ubiquity Instant connectivity

Reachability

Convenience

Other Drivers of E-Commerce

       

Widespread availability of devices No need for PC Cell phone culture Vendors push Declining prices Improvement in bandwidth E-commerce growth in general Digital divide (more cell phones in developing countries)

Generations of Mobile networks



First Generation (1G)

 

1979-1992 Analog cell communications Digital Technology in place today Mostly text Interim technology based on standards (GPRS and EDGE) that can accommodate graphics Non-IP based interface Supports rich multimedia 2001 introduced in Japan 2002 introduced in Europe 2003 Verizon introduces 3G in US

Second Generation (2G)

 

2.5G


Third Generation (3G)

    

3G Communications


Global wireless communication technology that makes possible packet-based transmission of digitized voice, data and video ITU Guidelines from 2000
  

2Mbits/s for fixed position 144Kbits/sec in moving vehicles Allow global roaming 1710 to 1855 MHz and 2520 to 2670 MHz 1.7GHz currently used by military for satellite control Billions of $ plus a decade to change

Race for spectrum

  

Where are we today?



The first 3G network released in Japan, Oct. 1, 2001. This new service will allow users to receive data at six to 40 times faster than current speeds, making fast mobile Internet access and video downloads possible.

How about 3G in the US?



On January 28, 2002, Verizon Wireless rolled out its 3G Express Network along the nations east coast, thus making it the first US carrier to offer such services to the public (Computerworld, Jan 29, 2002). The same day, Cingular Wireless and AT&T Wireless announced a joint-venture project to make wireless web access available along 3000 miles of interstate highways in Arizona, Colorado, Kansas, Minnesota, New Mexico, Nebraska, Oklahoma, Texas and Utah (AT&T Wireless News Release, Jan 28, 2002).

A quote from the 3G Forum



The Promise of 3G technologies is a combination of high-speed wireless access w/ internet protocol(IP) Based services will bring the world to your fingertips. It is a world in which we will be able to check emails, book holidays, organize share portfolios, hold video conferences or download video clips of the latest film, instantly & simply from our mobiles. The capability of mobile networks to pinpoint a mobile users location opens opportunities for the creation of new situational information on, and directions to, the nearest restaurant or hotel.

10 Key Trends in M-Commerce




M-Commerce hype will peak

Over 1 billion phone worldwide capable of Internet access in 2003




Enterprise Applications Will Become the White Hot Center of Mobile eBusiness
Wireless CRM

 


Consumer Use of Mobile Will Revolve Around Information, Not Transactions Embedded Barcode Readers in Phones
Sidesteps problem of data entry

Key trends


  

Smart Handheld Displays Will Show Some Improvement Mobile Security Will Become a Hot Issue Voice Navigation Will Remain a Work in Progress Convergence Will Continue, but It Will Still Be a Multiple-Device World Advertising Will Continue to Expand to Wireless Devices Carriers Must Shift Their Distribution Strategies
Shift from end users to enterprise

L-Commerce



location, location, location

Satellite-based location technology that is capable of finding people on foot or in vehicles General Motors Corp. in Detroit has installed over 1 million of its OnStar GPS-enabled systems in vehicles FCC sets 2005 deadline for E911 Location-tracking technology also creates potential Big Brother issues

 

Global Positioning System

 

GPS-enabled devices allow exact identification of location Supported by 24 US government satellites

  

 

Orbits earth every 12 hours 10,900 miles altitude Satellite transmits position and time signal from onboard atomic clock Receivers have synchronized clock Using speed of signals (~186,000 mps), possible to pinpoint location to within 50 feet. See www.trimble.com/gps for a tutorial

Obstacles to M-Commerce and LCommerce

      

Usability issues


Effectiveness, efficiency, satisfaction

Lack of standardized security protocol Insufficient bandwidth 3G licenses Transmission limitations



GPS does not work in cities with skyscrapers

Power consumption Wireless and Health hazards

MOBILE COMMERCE (M-COMMERCE) (M-

Wireless Mobile devices are starting to be used for purchasing goods and services as well as transmitting messages. M-COMMERCE APPLICATIONS AND SERVICES M-commerce Applications have taken off for services that are time-critical, that appeal to people on the move, or that accomplish a task more efficiently than other methods.  1. Content and Location-Based Services 2. Banking and Financial Services 3. Wireless Advertising 4. Games and Entertainment

MOBILE COMMERCE (M-COMMERCE) (M1. Content and Location-Based Services Location-

Searching for Services, such as Local Business, Local movie shows, Local restaurants, Hotels, Train schedules, Airline flights, weather forecasts by accessing Wireless Web services.
e.g. Go2 Mobile Directory users NTT DoCoMo Wireless Services in Japan

2. Banking and Financial Services

Wireless alerts about changes in Account information such as balance on

Mobile phones that support text messaging or Web access operated by many Banks.

MOBILE COMMERCE (M-COMMERCE) (M3. Wireless Advertising

Some major Wireless Services Providers are starting to include advertising on their sites.
e.g. When consumers use Go2 Mobile Directory to search for local Go2 restaurants or movie theatres, Yahoo-sponsored advertisers appear Yahooin the list of search restaurants.

MOBILE COMMERCE (M-COMMERCE) (M4. Games and Entertainment Cell phones are quickly turning into portable entertainment platforms. Mobile phone services offer downloadable Digital games and ringtones. Users with broadband services can down load on demand movie clips, news clips and weather reports. Film companies are starting to produce short films explicitly designed to play on mobile phones. e.g. MobiTV features live TV programs.

MOBILE COMMERCE (M-COMMERCE) (MACCESSING INFORMATION FROM THE WIRELESS WEB Although Cell phones, PDAs and other handheld mobile devices are able to access Web at anytime from anyplace, the amount of information that they can actually handle is very limited. Until 3G Broadband services comes into widespread use, the hand held mobile devices will not be able to transmit or receive large amount of data; since the amount of information displayed on the screen is limited. Some Web sites have been specially designed for m-commerce. They feature mWeb pages with very few graphics and just enough information (that users are most likely to need) to fit on a small mobile handheld screen. e.g. Special Wireless Portals (Mobile Portals) such as MSN Mobile Portal, Portal, provides access to news, sports, local traffic reports, restaurant listings. Yellow pages, and Stock market reports, as well as managing e-mail emessages and instant messaging.

MOBILE COMMERCE (M-COMMERCE) CHALLENGES (MThe number of Wi-Fi hotspots for Wireless Internet access has been Wimushrooming in many countries because the technology combines high speed Internet access with a measure of flexibility and mobility. However, rollout of mobile m-commerce services, has proved to be more mproblematic since: a) Keyboards and screens on cell phones are still tiny and awkward to use; b) The data transfer rate on second generation 2G cellular network are very slow compared to dial-up high speed Internet connections for PCs. dialEach second of waiting for download costs money to customers; c) Most Internet-enabled phones have limited memory and power supplies. InternetM-commerce will benefit from 3G networks and other cellular broadband services and from standardize Mobile Payment Systems.