Mobile Commerce & WAP Security

> Home Page > WAP  > mcommerce

Wireless Application Protocol (WAP)
will enable a number of electronic commerce applications over GSM. 

Mobile commerce on WAP-phones is likely to be secured by Java and Wireless Identity Modules (WIMs). This will be available in WAP version 1.2 and beyond. Most WAP phones currently use WAP version 1.1

The current mobile security initatives revolve around the following

> See our main Cellphones & Security Page
    -  Cellphone Detectors
    -  Cellphone Jammers
    -  GunPhone
    -  Wireless PKI for WAP Security
     -  Security over WAP & Mobile commerce
      -  Radicchio for wireless security

They will develop a payment solution for mobile electronic commerce using Ericsson's Bluetooth wireless wallet. A smart card can be inserted into the wireless wallet, which can then connect to mobile devices through Bluetooth technology -- where devices can communicate by short range radio frequency rather than cables.

The WIM will secure Internet transactions by placing encryption and digital signatures to authorise on-line transactions in the hands of mobile internet users. 

Schlumberger’s WIM solution for example uses multi-tasking ‘logical channels’ to allow users to pass from one application to another without losing transactions that have already been carried out. 

It is the first to implement the WAP identity module user security functions to be introduced by the WAP Forum in its v1.2 specification. 

The WAP powered identity module offers unprecedented ease of use through a true multi-tasking capability never previously available on a smart card. 

It's the first multi-application solution supporting `logical channels', enabling users to pass from one application to another without losing transactions that have already been carried out. 

If the user wants to switch from one task to another - for example pausing a banking transaction to take an incoming call - operations are saved intact. 

Two types of protection are provided by the WAP powered identity module. The first is authentication between the client and the server by means of encryption using ultra-long keys of up to 1024 bits. 

This encryption can be based on RSA or new-generation elliptic curve algorithms to increase security further. For a second level of protection, the module also generates the digital signatures required to secure the application. 

Transactions such as purchase of goods, access to confidential information on an Intranet can now by proof-stamped with a totally individual code to guarantee non-repudiation. 

This extremely powerful feature hardly exists in today's Internet world, and has typically only been available for specialised applications such as funds transfer. 

Unlike an encryption-enabled browser, the secret keys handling the encryption remain in the user's smart card, by definition a tamper-resistant device, allowing it to be removed and transferred to other devices. 

Microsoft is planning a secure GSM module for its Smart Card for Windows operating system.tops. 


Latest WAP News [Go To WAP Main Page]

Vodafone UK Announces WAP Over GPRS
META Group Sees "WAP Abandonment'' Among Corporates
Warnings on GPRS/WAP Hype
Wireless Portals Face Tough Times
XHTML stripped down for handhelds 
Orange UK introduces location services
Java Will Displace WAP - Gartner
Ericsson brings WAP to enterprises

Digital Signature Toolkit Unveiled
Siemens Joins MeT mcommerce Forum

WAP Focus


:: WAP Phones - complete listing
:: New HighSpeed GPRS Terminals
:: WAP-enabled web sites


:: Configure A WAP Phone
:: WAP Technical Details
:: WML (Wireless Markup Language)
:: Wireless Internet Gateway for WAP/SMS browsing
:: New syncML WAP specification
:: SIM Application ToolKit (S@T)
:: WAP Developers Forum
:: WAP Hype: Ericsson clarrifies WAP issues
:: WAP-enabled web sites
Download WAP Software
:: See WAP Discussion Paper, by Brian Neilson

:: Wireless PKI for WAP Security
:: Security over WAP & Mobile commerce
:: Radicchio for wireless security
:: MIDP - Java on mobile phones
:: Mobile Commerce Focus
:: Mobey Forum for m-commerce
:: Radicchio for wireless security
:: MeT (Mobile Electronic Transaction)
:: Fundamo enables m-commerce
:: SIM Application Toolkit (SAT) Forum
:: eSign digital signatures
:: Wireless Application Protocol
:: WAP-enabled web sites

:: See latest WAP Phones
Go To WAP Main Page