Building multi-servicesin personal mobile devices

based on partially trusted domains

IADIS e-Society 2004

Miguel Pardal (mflpar@yahoo.co.uk)

Alberto Cunha (alberto.cunha@inesc.pt)

July 19th 2004

LisbonPortugal

2004-07-19 Building multi-services on partially trusted domains 2

Overview

• Personal devices• Self-contained services

– Examples

• Multi-services– Opportunities

• Work in progress– Pilot implementation

2004-07-19 Building multi-services on partially trusted domains 3

Personal devices

• Examples:– Smart card– Mobile phone– PDA

• Enable information access anywhere– With little effort– At reasonable cost

• Can make service delivery more effective

2004-07-19 Building multi-services on partially trusted domains 4

Service delivery model

• Device-based service– The user has a device that can be used in a terminal– Data networks support information flows with business

servers

2004-07-19 Building multi-services on partially trusted domains 5

Service examples

• Transport tickets• Automated banking• Mobile communication• Health card• Public identification• Etc.

…

2004-07-19 Building multi-services on partially trusted domains 6

Service componentsService

User Device Terminal Infrastructure Supervising organization

Automated banking

Magnetic stripe card

ATM Secure private network

Bank servers

Bank(s)

Mobile communication

SIM Card Mobile phone

Cellular NetworkBack-end servers

Network operator

Transportation

Smart-card Point-of-saleEntry

point

Transport network Transport authority

2004-07-19 Building multi-services on partially trusted domains 7

Service examples

• Transport tickets• Automated banking• Mobile communication• Health card• Public identification• Etc.

2004-07-19 Building multi-services on partially trusted domains 8

Selected subset of services• Main requirements:

– Valuable– Large scale and widespread– Fast interactions

• To satisfy these requirements economically:– Distributed architecture– Almost-never-connected to

remote servers• Security must be enforced on local interactions

– Consistency checked later

2004-07-19 Building multi-services on partially trusted domains 9

Self-contained service

• The service typically:– Belongs to a single business area– Has specific devices, terminals and infrastructure– Has a supervising organization to ensure trust

• Strengths– Standard design and technology

• Weaknesses– ‘One device per service’– Difficult to extend beyond their original use

2004-07-19 Building multi-services on partially trusted domains 10

New value approach• Improve services

– Customers• Same device for multiple services• More convenience and other potential benefits

– Ex. discounts

– Service providers• Reach customers through new channels

– Supervising organizations• Increase infrastructure return-on-investment

2004-07-19 Building multi-services on partially trusted domains 11

Multi-services• Compose different self-contained services

– Ex. device level or terminal level

• Aiming for more open and dynamic services– Assume only partial trust– Support restricted information and functionality sharing

2004-07-19 Building multi-services on partially trusted domains 12

Our goal

• Develop models and tools to produce technical assurances that allow organizations to establish the partial trust relationship between them to deliver the service

2004-07-19 Building multi-services on partially trusted domains 13

Related work

• Multi-application interoperability– Standard application frameworks for cards or

other devices• Security assurance mechanisms• Auditing• Device certification

– Hardware– Software

2004-07-19 Building multi-services on partially trusted domains 14

Pilot implementation

• Identify benefits and limitations of approach

• Use of payment network to load new tickets in secure transport card– Transport operator does not give up control of its

security keys for ticket loading to the payment service provider

2004-07-19 Building multi-services on partially trusted domains 15

Pilot approach

2004-07-19 Building multi-services on partially trusted domains 16

Why partial trust?

• There are already examples of combined services:– Co-branded credit cards

• However, they’re managed by a single dominant organization, fully trusted by all business partners– In this sense, they’re not much different from self-

contained services!

• True multi-services entail only partial trust– Existing approaches assume a total trust domain– We want to make trust explicit in models and tools

2004-07-19 Building multi-services on partially trusted domains 17

Questions & AnswersQuestions & Answers““Going from an issuer card to a user Going from an issuer card to a user cardcard…”…”

In (In (ZZóóreda and Otreda and Otóónn, 1994), 1994)

““(The device is) their electronic Identity, (The device is) their electronic Identity, their reliable key to etheir reliable key to e--servicesservices””..

In OSCIE volIn OSCIE vol.. 33--5, 5, eEuropeeEurope Smart CardsSmart Cards, 2003, 2003Thank you!

Miguel Pardalmflpar@yahoo.co.uk