Building multi-services in personal mobile devices based on partially trusted domains
1. IADIS e-Society 2004
Lisbon
Portugal
Building multi-services
in personal mobile devices
based on partially trusted domains
Miguel Pardal (mflpar@yahoo.co.uk)
Alberto Cunha (alberto.cunha@inesc.pt)
July 19th 2004
2. Overview
• Personal devices
• Self-contained services
– Examples
• Multi-services
– Opportunities
• Work in progress
– Pilot implementation
2004-07-19 Building multi-services on partially trusted domains 2
3. Personal devices
• Examples:
– Smart card
– Mobile phone
– PDA
• Enable information access anywhere
– With little effort
– At reasonable cost
• Can make service delivery more effective
2004-07-19 Building multi-services on partially trusted domains 3
4. Service delivery model
• Device-based service
– The user has a device that can be used in a terminal
– Data networks support information flows with business
servers
2004-07-19 Building multi-services on partially trusted domains 4
5. Service examples
• Transport tickets
• Automated banking
• Mobile communication
• Health card
• Public identification
• Etc.
2004-07-19 Building multi-services on partially trusted domains 5 …
6. Service components
Service Supervising
User Device Terminal Infrastructure
organization
Magnetic stripe ATM Secure private Bank(s)
Automated card network
banking Bank servers
Mobile
SIM Card Mobile Cellular Network Network
communication phone Back-end servers operator
Smart-card Point-of- Transport network Transport
sale authority
Transportation Entry
point
2004-07-19 Building multi-services on partially trusted domains 6
7. Service examples
• Transport tickets
• Automated banking
• Mobile communication
• Health card
• Public identification
• Etc.
2004-07-19 Building multi-services on partially trusted domains 7
8. Selected subset of services
• Main requirements:
– Valuable
– Large scale and widespread
– Fast interactions
• To satisfy these requirements
economically:
– Distributed architecture
– Almost-never-connected to
remote servers
• Security must be enforced on local interactions
– Consistency checked later
2004-07-19 Building multi-services on partially trusted domains 8
9. Self-contained service
• The service typically:
– Belongs to a single business area
– Has specific devices, terminals and infrastructure
– Has a supervising organization to ensure trust
• Strengths
– Standard design and technology
• Weaknesses
– ‘One device per service’
– Difficult to extend beyond their original use
2004-07-19 Building multi-services on partially trusted domains 9
10. New value approach
• Improve services
– Customers
• Same device for multiple services
• More convenience and other potential benefits
– Ex. discounts
– Service providers
• Reach customers through new channels
– Supervising organizations
• Increase infrastructure return-on-investment
2004-07-19 Building multi-services on partially trusted domains 10
11. Multi-services
• Compose different self-contained services
– Ex. device level or terminal level
• Aiming for more open and dynamic services
– Assume only partial trust
– Support restricted information and functionality sharing
2004-07-19 Building multi-services on partially trusted domains 11
12. Our goal
• Develop models and tools to produce
technical assurances that allow
organizations to establish the partial trust
relationship between them to deliver the
service
2004-07-19 Building multi-services on partially trusted domains 12
13. Related work
• Multi-application interoperability
– Standard application frameworks for cards or
other devices
• Security assurance mechanisms
• Auditing
• Device certification
– Hardware
– Software
2004-07-19 Building multi-services on partially trusted domains 13
14. Pilot implementation
• Identify benefits and limitations of approach
• Use of payment network to load new tickets in
secure transport card
– Transport operator does not give up control of its
security keys for ticket loading to the payment service
provider
2004-07-19 Building multi-services on partially trusted domains 14
16. Why partial trust?
• There are already examples of combined services:
– Co-branded credit cards
• However, they’re managed by a single dominant
organization, fully trusted by all business partners
– In this sense, they’re not much different from self-
contained services!
• True multi-services entail only partial trust
– Existing approaches assume a total trust domain
– We want to make trust explicit in models and tools
2004-07-19 Building multi-services on partially trusted domains 16
17. Questions & Answers
“Going from an issuer card to a user
card…”
In (Zóreda and Otón, 1994)
“(The device is) their electronic Identity,
their reliable key to e-services”.
In OSCIE vol. 3-5, eEurope Smart Cards, 2003
Thank you!
Miguel Pardal
mflpar@yahoo.co.uk
2004-07-19 Building multi-services on partially trusted domains 17