Cellular Device -- The Versatile Personal Identification Mechanism
(Position Paper for Joint Workshop on Mobile Web Privacy
WAP Forum & World Wide Web Consortium)
Prof. Danny Dolev (dolev@cs.huji.ac.il) (W3C)
Shmil Ginzberg (shmil.ginzberg@cform.com) (WAP
Forum)
Alex Finkelstein (alexf@cform.com) (WAP
Forum)
School of Engineering and Computer Science Hebrew University Jerusalem, 91904 Israel Phone: +972-2-6584116 Fax: +972-2-6758936 |
CFORM Shalom Tower, 9 Ehad Ha’am St. Tel-Aviv, 65251 Israel Phone: 972-3-5163733 Fax: 972-3-5163701 |
Introducing cFORM
CFORM is a software solution provider that develops a comprehensive solution for enabling transaction-based services over various platforms. Our solution enables parties that are participating in the transaction, to perform secure, encrypted, authenticated and non-repudiated transaction using arbitrary network devices, based on a combination of standard electronic interface, standard data structure and a personal information repository device. This unique software system provides a convenient and easy to use way to perform transactions electronically and automatically, while keeping personal information private and enabling verification of both parties in the transaction. Our software system creates and manages a significant volume of transactions across various platforms (web-cellular). CFORM software system is platform independent and multi-lingual.
As cFORM software handles significant amounts of information, which in most cases is confidential and private (due to the nature of the electronic transactions), over many systems and means and communication, we are interested to supply the best possible solution, relaying on the present means and devices. Primarily, we are interested in providing
In addition the system must adhere to the following guidelines:
Current challenges
As of today, some of the goals that were detailed above are implemented in an adequate level of success. There are strong encryption methods and algorithms that are available commercially and as free resources. There is also a significant progress in the field of biometrics means, voice recognition and smart cards in order to establish authentication and identification. The digital signature related processes and methods allow providing users and organization with no-repudiation and a reliable identification.
As the “pipe” used to carry the information that is involved in electronic transactions is sufficiently secured, at this point of time there are no effective means to identify positively the parties that are engaged in the transaction. So basically, we can ensure that the credit card number travels safely to the e-merchant but we cannot provide the identification of the cardholder nor any third party that is involved in the transaction.
Although a considerable effort is invested in order to promote these methods to become a common use, none of it is at a stage that allows a true massive use without adding costly and proprietary hardware or software devices. We do not yet see that every workistation or at least a majority of Internet connected machines are enabled with such identification methods. The volume of electronic transactions is constantly growing but it is not able to become a truly popular method due to the lack of an accessible, affordable and personal method of identification and authentication.
The cellular perspective
At this present stage the number of cellular users is way above the 500,000,000 mark, whereas the number of Internet users is lagging behind. Advancement of the information (data) based services is expected to push forward the number of cellular users. Although it is clear that future cellular devices will provide mainly data based services, currently it is applied as a voice centric device only.
Cellular providers are widely spread over the globe and their business as well as geographical location establish an infrastructure that may be a basis for a global system, which will provide a method for positive identification of the cellular owner.
The cellular service providers currently identify the cellular owner. The identification allows the cellular providers to bill the users and perform various activities in their behalf, with a low rate of dispute.
CFORM position
In order to provide a true and mass implementation of electronic transactions, an accessible and widely spread infrastructure is needed. Cellular devices are currently in the position that allow it to become the personal device, which can:
In order to achieve this goal, cellular devices need to be:
In order to achieve the goals above, personal identification token is likely to be positioned in the cellular device itself. Whether the solution will be SIM or other built in component, there is a need for the operating system that is installed on the cellular device to be able to address the hardware in order to accomplish the identification process. This solution, by its nature, requires a standard approach that will allow applications to create connectivity with hardware components of the cellular device, with the mediation of the operating system. Clearly, more than one operating system as well as methods for providing security and authentication are to be present in this market. Thus, we see a need to address this issue on a basic level of establishing a common way to communicate with cellular hardware components.
We see the cellular devices as the way to carry out the long standing dream of a versatile smart card that enables the owner to electronically sign transactions, safely identifies the owner, and control the access to owners approved information exchange.
We hope that the workshop may produce the move to agree on the guidelines needed to establish the cellular device as a default mean of identification and to provide the ground rules for applications that ensure this functionality.