Building multi-servicesin personal mobile devices
based on partially trusted domains
IADIS e-Society 2004
Miguel Pardal ([email protected])
Alberto Cunha ([email protected])
July 19th 2004
LisbonPortugal
2004-07-19 Building multi-services on partially trusted domains 2
Overview
• Personal devices• Self-contained services
– Examples
• Multi-services– Opportunities
• Work in progress– Pilot implementation
2004-07-19 Building multi-services on partially trusted domains 3
Personal devices
• Examples:– Smart card– Mobile phone– PDA
• Enable information access anywhere– With little effort– At reasonable cost
• Can make service delivery more effective
2004-07-19 Building multi-services on partially trusted domains 4
Service delivery model
• Device-based service– The user has a device that can be used in a terminal– Data networks support information flows with business
servers
2004-07-19 Building multi-services on partially trusted domains 5
Service examples
• Transport tickets• Automated banking• Mobile communication• Health card• Public identification• Etc.
…
2004-07-19 Building multi-services on partially trusted domains 6
Service componentsService
User Device Terminal Infrastructure Supervising organization
Automated banking
Magnetic stripe card
ATM Secure private network
Bank servers
Bank(s)
Mobile communication
SIM Card Mobile phone
Cellular NetworkBack-end servers
Network operator
Transportation
Smart-card Point-of-saleEntry
point
Transport network Transport authority
2004-07-19 Building multi-services on partially trusted domains 7
Service examples
• Transport tickets• Automated banking• Mobile communication• Health card• Public identification• Etc.
2004-07-19 Building multi-services on partially trusted domains 8
Selected subset of services• Main requirements:
– Valuable– Large scale and widespread– Fast interactions
• To satisfy these requirements economically:– Distributed architecture– Almost-never-connected to
remote servers• Security must be enforced on local interactions
– Consistency checked later
2004-07-19 Building multi-services on partially trusted domains 9
Self-contained service
• The service typically:– Belongs to a single business area– Has specific devices, terminals and infrastructure– Has a supervising organization to ensure trust
• Strengths– Standard design and technology
• Weaknesses– ‘One device per service’– Difficult to extend beyond their original use
2004-07-19 Building multi-services on partially trusted domains 10
New value approach• Improve services
– Customers• Same device for multiple services• More convenience and other potential benefits
– Ex. discounts
– Service providers• Reach customers through new channels
– Supervising organizations• Increase infrastructure return-on-investment
2004-07-19 Building multi-services on partially trusted domains 11
Multi-services• Compose different self-contained services
– Ex. device level or terminal level
• Aiming for more open and dynamic services– Assume only partial trust– Support restricted information and functionality sharing
2004-07-19 Building multi-services on partially trusted domains 12
Our goal
• Develop models and tools to produce technical assurances that allow organizations to establish the partial trust relationship between them to deliver the service
2004-07-19 Building multi-services on partially trusted domains 13
Related work
• Multi-application interoperability– Standard application frameworks for cards or
other devices• Security assurance mechanisms• Auditing• Device certification
– Hardware– Software
2004-07-19 Building multi-services on partially trusted domains 14
Pilot implementation
• Identify benefits and limitations of approach
• Use of payment network to load new tickets in secure transport card– Transport operator does not give up control of its
security keys for ticket loading to the payment service provider
2004-07-19 Building multi-services on partially trusted domains 15
Pilot approach
2004-07-19 Building multi-services on partially trusted domains 16
Why partial trust?
• There are already examples of combined services:– Co-branded credit cards
• However, they’re managed by a single dominant organization, fully trusted by all business partners– In this sense, they’re not much different from self-
contained services!
• True multi-services entail only partial trust– Existing approaches assume a total trust domain– We want to make trust explicit in models and tools
2004-07-19 Building multi-services on partially trusted domains 17
Questions & AnswersQuestions & Answers““Going from an issuer card to a user Going from an issuer card to a user cardcard…”…”
In (In (ZZóóreda and Otreda and Otóónn, 1994), 1994)
““(The device is) their electronic Identity, (The device is) their electronic Identity, their reliable key to etheir reliable key to e--servicesservices””..
In OSCIE volIn OSCIE vol.. 33--5, 5, eEuropeeEurope Smart CardsSmart Cards, 2003, 2003Thank you!
Miguel [email protected]
Top Related