Mobile Commerce & WAP Security
Mobile commerce on WAP-phones is likely to be secured by Java and Wireless Identity Modules (WIMs). This will be available in WAP version 1.2 and beyond. Most WAP phones currently use WAP version 1.1
The current mobile security initatives revolve around the following
- Cellphone Jammers
- Wireless PKI for WAP Security
- Security over WAP & Mobile commerce
- Radicchio for wireless security
They will develop a payment solution for mobile electronic commerce using Ericsson's Bluetooth wireless wallet. A smart card can be inserted into the wireless wallet, which can then connect to mobile devices through Bluetooth technology -- where devices can communicate by short range radio frequency rather than cables.
The WIM will secure Internet transactions by placing encryption and digital signatures to authorise on-line transactions in the hands of mobile internet users.
Schlumberger’s WIM solution for example uses multi-tasking ‘logical channels’ to allow users to pass from one application to another without losing transactions that have already been carried out.
It is the first to implement the WAP identity module user security functions to be introduced by the WAP Forum in its v1.2 specification.
The WAP powered identity module offers unprecedented ease of use through a true multi-tasking capability never previously available on a smart card.
It's the first multi-application solution supporting `logical channels', enabling users to pass from one application to another without losing transactions that have already been carried out.
If the user wants to switch from one task to another - for example pausing a banking transaction to take an incoming call - operations are saved intact.
Two types of protection are provided by the WAP powered identity module. The first is authentication between the client and the server by means of encryption using ultra-long keys of up to 1024 bits.
This encryption can be based on RSA or new-generation elliptic curve algorithms to increase security further. For a second level of protection, the module also generates the digital signatures required to secure the application.
Transactions such as purchase of goods, access to confidential information on an Intranet can now by proof-stamped with a totally individual code to guarantee non-repudiation.
This extremely powerful feature hardly exists in today's Internet world, and has typically only been available for specialised applications such as funds transfer.
Unlike an encryption-enabled browser, the secret keys handling the encryption remain in the user's smart card, by definition a tamper-resistant device, allowing it to be removed and transferred to other devices.
Microsoft is planning a secure GSM
module for its Smart Card for Windows operating system.tops.