From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance

Return to Message Application Products
1Copyright Bond Wireless 2010
From E-Transactions to M-Transactions:
Enabling mobile transactions with information
assurance
Clarence N W Tan, PhD, FACS, F Fin
Founder and CEO
Bond Wireless
Entrepreneur in Residence Fellow,
Bond University/Gold Coast Innovation Centre
Adjunct Professor,
Bond University/Griffith University

About Bond Wireless
• Founded in 2002 with a business presence in Australia, Singapore,
Malaysia, Thailand, Kenya, UAE and USA.
• Developer of Patented IP and award winning innovative SMS
application solutions
• Winner of the Asia Pacific ICT Awards 2002 in Best
Communication Applications Award.
• Listed in Top 30 ICT companies in Australia 2003/2004 and in the
Q400 2005, 2007, 2008 and 2009 – Top 400 Companies in
Queensland
• Finalist in AIIA 2006 Communications Applications Award
• Winner Gold Coast Business Excellence Award 2006 in IT.

Our Business
• Enable enterprises of all sizes to communicate via SMS and
VoIP easily, instantly, cost-effectively and confidently with
authentication and verification.
• Provide innovative software solutions.
• Operate our own global text messaging infrastructure and
wholesale international connectivity and access to major
VoIP network.
• Provide messaging and VoIP gateways for system
integrators, application developers, and multinationals.

Application Specific SMS Products
• Marketing
– SMS Auction, Trivia & Competition
– VoIP and SMS Loyalty Portal
– Campaign Messenger Professional with VOIP
– Greetings2fone
• Messaging
– Campaign Messenger - demo
– Web Messenger
– SMS Print (pat. pend.) - demo
– SMS to Web
• Email Integration - demo
–SMS to Email
–Email to SMS
–SMS to SMS
• SMS Information Messenger
• SMS Callback for VoIP
• Text to Speech VoIP
• Authorization - demo
– SMS AV (pat. pend.)
• Transaction/Payment systems
• SMS Banking/Ticketing
• M-Prescription
• Verification/Authentication
• SMS Workforce
– SMS Job Dispatch
– SMS Appointment Book
– SMS Alerts
• Profile Matching
• Remote monitoring of web sites/servers
• SMS Stock Alerts
• SMS Transit
– Trans-Messenger
• Developer‟s SDK
• Case Studies

M-Transactions
• Mobile applications on handsets utilizing internet
connection
– Java Apps, iPhone Apps, Android Apps
– SimTool Kit
– WAP Apps
• Problem:
– not ubiquitous
– require internet connection, minimum of GPRS, WiFi
– security issue when accessing via public WiFi networks
– requires Smartphones

M-Transactions Market
• The value of digital and physical goods that people buy with
their mobiles will reach $200 billion globally by 2012,
compared to just less than $100 billion this year.
(Juniper Research 2010)
• Majority of mobile handsets sold globally are sub-$50
phones that only carry voice and SMS e.g. China has over
850 million mobile subscribers but is projected to have only
7%-10% 3G subscribers at the end of 2012. (Source:
Ministry of Industry and Information Technology, the
operators‟ website)
• Many global digital brands have tried and failed in China, e
– Facebook: <5% share, blocked in 2009, no access in China
– Yahoo: entered 1999, site 3721 acquired in 2003 (40%
market share), now 0.5% share

Why SMS?
• SMS is a stable platform has been around for over 17 years
• Extending the capabilities of mobile messaging to the
enterprise market by overcoming the limitations of
traditional SMS.
– Input
– No end-user proof of receipt or information assurance to
support high value applications
• Global SMS Market Trend
– Peer-Peer to Business-Peer
– US Telcos opening up to SMS
– SMS is the most cost effective method to reach large numbers
of customers in most markets
– Bridging the Digital Divide e.g. in Asia, where SMS is much
more accessible than the email

Bond Wireless solves non-repudiation of
mobile consumers
Bond Wireless has developed a patent for verifying and
authenticating consumers using SMS and its associated
technologies text2speech.
Problems solved:
1. Has the correct person received the information?
2. Has the correct person read the information?
Successfully being deployed by mobile operators and
application developers across the Asia-Pacific region.
Copyright Bond Wireless 2010

SMS Authenticate & Verify (SAV)
• Authenticated and Verifiable SMS Messages
• Server-based patented technology that permits
certified SMS transmission that is encrypted
• SIM card independent solution
• Ensures only intended recipients can read
message
• Solves non-repudiation problem by confirming
recipient has successfully retrieved message

Benefits of the Bond Wireless approach to non-
repudiation and verification of message reception
• The *patented SMS Authenticate and Verify (SAV)
technology used in our SecureTransTM product is designed
for enterprise applications providing additional business
process security with SMS messages, without expensive
modifications to SIM cards, customized phones, or phone-
based applications.
• The SecureTransTM process ensures the identity of the
message recipient before any sensitive data is delivered.
In addition to ensuring only the intended recipient reads
the message, the sender is also given proof that the
recipient received the message.
* SMS AV (SMS Authenticate and Verify) has been granted a patent in the following territories:
China - ZL 03810299.4, Hong Kong - HK1078708, USA - US 2006/0098678 A1, Australia -
2003225327 and Europe - 03720017.7

The SecureTransTM Platform
• No need for SIM Toolkit development and the issuing of
application specific toolkits.
• Will work across multiple Mobile technology platforms
(GSM, CDMA, and 3G)
• Operates with MMS as well as SMS
• Guarantees that the correct recipient is receiving the
information being broadcast
• Value added mobile service
• Privacy/Duty of care/Security
• Enables operators to establish a cost effective user
validation process
• Customers are able to self-activate and auto activate users

SMS SecureTransTM Information flows

How it works
Verification Module
• Enables senders of SMS to verify the correct user is in control of
the receiving device.
• The verification module uses the CLI and a shared password as
the validation criteria.
• The application enables a sender to manage the length of the
maximum response time.
• The verification process can be used to commence or complete a
transaction, and can be initiated from the network or the mobile
device.

Securing the handshake
Authentication Module
• Using 128 bit encryption, sensitive data is sent encrypted with the
request for verification.
• The message is only decrypted upon receipt of correct password/
verification keys.
• When in use, no content of the outgoing SMS message is stored
on the encryption server, the whole message is sent with the
request for validation.
• Allows future migration of a Java-based mobile application or SIM
Toolkit solution to provide seamless encryption/decryption at the
phone.

The SMS SecureTrans
TM
Benefit for Security
Enables organisations with confidential or sensitive
information to use the distribution capabilities and coverage
of SMS.
 Ensures only the intended recipient can read message
 Permit sensitive information to be sent via SMS
 Enable mobile/e-commerce in a secure fashion
 Solve problems of non-repudiation

Applications of SMS AV in Security and
Government
• Ubiquitous private communication via SMS from
mobile to mobile or PC to mobile with
authentication and verification of sender and
recipient globally.
– Government or security personnel can utilize any
existing mobile handsets with the service as long as
they have registered their existing mobile numbers and
pass-code with the system.
• Verification of permission or order via SMS with
an audit trail and proof of receipt that recipient
has retrieved the message.
• As a digital signature to verify recipient has
approved an order or a transaction.

Example of SMS AV usage
• Permits sensitive information to be sent to recipient with
confirmation of information being sent to recipient thus
providing an audit trail.
• Enables transactions to be conducted using a mobile phone
without modification of SIM cards.
• No sensitive information that is encrypted is stored on
third-party servers.
• Ensures only intended recipient can read message
• Applications include SMS Banking, SMS Transact, SMS
Billing, SMS Payments/Ticketing

SMS Banking Applications
• Alerts/notifications, CRM
• Marketing, advertising & promotion
• Account admin (balance enquiry, cheque book
request, etc.)
• Funds management (fund transfers)
• M-commerce (mobile payments)

SMS mobile banking business model
Revenue models
 Reduce cost of servicing customers
 Increase revenue stream with SMS Banking
as a value-add service to customers
 Create a mobile commerce platform
 Independence from carriers and networks
 Potential mobile payment solution with global
footprint

Current Implementations
 Implemented with a Telco in SE Asia who are using it
in the consumer market
 Implemented in the Health Industry providing test
results to patients, see interview with Queensland
Health Director of Sexual Health Clinic:
http://www.youtube.com/watch?v=P8uOLkJFjlc
 Implemented in the Education Industry providing
government exam results to students

SecureTrans Application delivered for a Telco

Case Study: Sexual Health Clinic
• Doctors have to show duty of care in contacting
patients with communicable diseases.
• 90% of medical test results are negative.
• Currently using certified/registered mail as proof of
duty of care. Cost is about US$2 per patient, with
ineffective results due to the mobility of patients.
• Trialing SMS AV to have non-repudiated proof of
patient‟s receiving their results via SMS.
• Faster response time, reduces cost of delivery, more
effective results in managing patients.

State Health Example
• Reminder sent to patient encrypted.
• Patient enters agreed Passcode.
• Result sent back to patients mobile phone
decrypted and able to be read.
• Notification sent and to doctor/sender that
message has been decrypted successfully.
• Log made of outcome for later audit.

CaraData working with Bond Wireless
CaraData introducing SHIP 7 the Sexual Health Information
Program developed in Australia with the help of professionals
working with HIV and STDs.
CaraData has been working with Bond Wireless to provide
secure SMS text messaging to patients
The solution checks patient records and automatically sends
secure SMS text messages directly to mobile phones
regarding
– test results
– appointment times
– reminders to take medication

Case Study:
Using Bond Wireless SMS SecureTrans to notify
patients of medical results in a Sexual Health Clinic
 Doctors have to show duty of care in contacting
patients with communicable diseases in Australia.
 90% of medical test results are negative.
 Currently using certified/registered mail as proof of
duty of care. Cost is about US$2 per patient, with
ineffective results due to the mobility of patients.
 Australian hospital currently using Bond Wireless
SMS SecureTrans to obtain non-repudiated proof
of patients‟ receiving their results via SMS and
ensuring confidentiality of results.
 End result for Hospital: Faster response time,
reduced cost of delivery, more effective results in
managing patients with less patients phoning in to
inquire about their medical results.

Send Message
Message stored on
Clinic Server
encryption an option
Message sent to Bond Wireless
Message passed to Client
Receive
message
Client sends PIN to
Bond Wireless Server
Encrypted message
unencrypted
Message sent to ClientMessage status sent to
Clinic Server
Notify
Staff No message kept on
Bond Wireless Server
SMS
message
Secure
SMS
message
Fig. 1 Schematic SMS Pathways

Consent to SMS by age and sex

Conclusion: Advantages of SMS for GCSHC
• Software compatible with and can be delivered through SHIP
• 90% of the negative results resolved via SMS
• Phone traffic for result giving has been significantly reduced
• Staff time & effort targeted more cost–effectively on +ve results
• Appointment waiting time are reduced, meeting public health needs
• Secure SAVSMS provides non-repudiated proof of duty of care
• Cost saving on postage
• Future clinical applications through SMS:
– Drug trials reminders audit process
– Reminders for medication and appointments
– VoIP/SMS marketing for disease awareness programs targeting ethnic and
younger demographic population.

SMS Mobility „Verisign‟ model

Existing Problems in M-Commerce
• Require SIM Tool Kit (STK) Solution or Smartphones to run
applications for mobile commerce thus limiting number of
users for m-commerce services.
• Inability to distinguish if the Caller ID of the sender of a
text message has been spoofed.
• No proof of receipt or acknowledgment of wilful attempt to
retrieve a message by the recipient for a sender to have
confidence that a message sent has indeed been retrieved
by the correct recipient.
• Issues of prepaid mobile subscribers not registered or not
having to go through a stringent identity check makes
conducting m-transactions difficult.

Proposal of a „Verisign Mobile‟ Model
• A „trusted‟ entity uses Bond Wireless SAV methodology in
sending and receiving of all SMS (text messages) as an
intermediary.
• The entity is responsible for registering and checking that
all users of the SAV are properly identified.
• Any messages sent from the entity unique reply number
can be trusted by the user. There is little risk of Caller ID
spoofing of the entity as the entity will always only send an
encrypted message that requires a passcode to be sent
back with the message to the entity from the user‟s phone.
• The entity will be used to send messages for m-
transactions, medical results, exam results, any critical
information that requires proof of receipt e.g. approvals,
notarization, etc.

Benefits of the „Verisign Mobile‟ Model
• Enables information assurance for mobile subscribers to
conduct mobile transactions.
• Entity is able to monitor and see all transactions going
through the system.
• Entity can provide this service globally as long as
international mobile subscribers can reply to the unique
entity‟s mobile number.

SMS SecureTransTM
SMS Banking with Verification via IVR

1. User sends an SMS shortcut to initiate
transactions with username (optional).
Example: LI CUST1.
The SMS is sent to a dedicated Mobile
Number.
2. Server verifies user using
CLI and username. A menu is
sent back to User via
SMS.Example:
1. BI - Balance
2. FT - Fund Transfer
1
2
3. User chooses transaction and sends the
appropriate shortcut. EXAMPLE: BI
4. Server verifies user using CLI and sends the
response to the shortcut. Example: Balance
Inquiry for which Account:
1. Savings Account No 888
2. Checking Account No. 999
4
5. User chooses response for transaction.
Example: 1
Balance Inquiry
6. Server verifies user using CLI.
An automated call is generated to the user,
announcing the transaction initiated and
requesting user to enter his/her her Mobile PIN
in order to retrieve a dynamic Approval
Password..
3
5
6 & 7
7. User receives an automated telephone
call from the bank requesting user to key
in his/her password. User enters his/her
Mobile PIN, listens for the Approval
Password, and hangs up.
8 9. Server verifies user using CLI, decrypts the
message using the Password. Once verified, the
requested transaction is sent via SMS. Example:
You have <Balance Amount> in <Account No.>9 SMS
SMS
SMS
SMS
SMS
SMS
Voice/IVR
IVR8. User receives an encrypted
message requesting the Approval
Password. User sends Approval
Password. Example: <Approval
Password.>

1. User sends an SMS shortcut to initiate
transactions with username (optional).
Example:LI. The SMS is sent to a
dedicated SIM.
2. Server verifies user using
CLI and username. A menu
is sent back to User via
SMS.Example:
1. BI - Balance
2. FT - Fund Transfer
1
2
3. User chooses transaction and sends the
appropriate shortcut. EXAMPLE: FT 4. Server verifies user using CLI and sends the
response to the shortcut. Example: Fund
Transfer to be done on on which Accounts:
1. Savings Account
2. Checking Account No. 999
45. User chooses response for transaction
by choosing the accounts to transfer from
and account to transfer to with the word
‘to’ as a separator .
Example: 1 to 2 <Amount>
Fund Transfer
6. Server verifies user using CLI.
An automated call is generated to the user
announcing the transaction initiated if
transaction request is confirmed, requesting user
to enter his/her Mobile PIN in order to retrieve a
dynamic Approval Password.
3
5
6 & 77. User receives an automated telephone
call from the bank requesting user to key
in his/her password. User enters Mobile
PIN, listens for the Approval Password,
and hangs up.
8 9. Server verifies user using CLI, and Password.
Once verified, confirmation of the requested
transaction is sent. Example: You have
transferred <Amount> from <Account No 1> to
<Account No. 2>
9
SMS
SMS
SMS
SMS
SMS
SMS
Voice/IVR
SMS
8. User receives an encrypted
message requesting the Approval
Password. User sends Approval
Password. Example: <Approval
Password.>

Notes on SMS Banking with IVR Verification
• Once a request for transaction request is initiated, as security measure, there
will be an automatic timed logout if user does not respond within a set time.
• The entire process can be shortened by the user by using the appropriate
shortcuts and correct fields without the server prompting after Log in. For
example:
BI 1 <Password>
FT <A/C to txf from> to <A/C to txf to> <Password>
• Steps 6, 7 and 8 can be reduced to just IVR verification. However, the security
and audit trail requirements may require the additional steps as voice calls can
be forwarded without knowledge of the caller while SMS can never be forwarded
with original sender‟s CLI from a handset.
• In addition, the encrypted SMS sent back to the bank provides the customer
with a „copy‟ of the transaction done, thus providing an audit trail or receipt of
the transaction while IVR alone will not provide a journal of the transaction from
the customer‟s perspective.

Why Bond Wireless
SMS Banking Solution?
• Patented proprietary technology
• Secure (possible for bank to self-host security server)
• Scalable (RDBMS, encryption engines, etc.)
• Extensible (e.g., add IVR, text-to-speech capabilities, etc.)
• Telco/handset independence
• Cost effective (hard-/software platform agnostic, integrates to
legacy systems readily)
• Cost effective administration (low admin overhead & end user
support cost)
• Possible deployment as micro-transactions platform
• Excellent solution for micro-financing environment

Stockbrokerage example:
a. Client instructs stockbroker over phone call
to “Sell X lots of Y”.
b. Stockbroker (Content Server) desires formal
order verification & authentication of client
(Receiver) before taking action.
c. Stockbroker sends client encrypted SMS
“Confirm sell X lots of Y” using software
package running on a PC (Security Server).
d. SMS arrives at client‟s phone with PIN
prompt.
SMS applications - Stockbroking

Stockbrokerage example (cont‟d):
e. Client replies also using SMS & enters
PIN.
f. Software on PC receives reply &
authenticates client using CLI & PIN.
g. On success, software sends client
decrypted SMS “Confirm sell X lots of
Y”.
h. Client can follow up if this instruction
is in error.
i. Stockbroker executes order if client
has been properly authenticated.
SMS applications

Other Business Process Applications
 Sign-off of company purchase orders by remote or
mobile staff
 Sign-off of letter or advertising copy by remote or
mobile staff
 Alerting senior managers of organisations of KPI metrics
 Enabling organisations with remote workforces to
dispatch, track and record appointment details
 Interacting with Customers and Suppliers to confirm
receipt, shipment and status of orders
 Simple reporting tool for remote staff who may not have
ready access to an internet connection

Selected References
1. Tan, C, Teo, T. W., and Goldschmied, J., “An Authenticated SMS (Short Message
Service) System for M-Commerce Transactions: Practical Issues and Legal
Perspectives”, Hong Kong Mobility Roundtable Conference 2005, Hong Kong, June1-
3 2005.
2. Clarence N.W. Tan, Bond University, Australia; Tiok-Woo Teo, Bond University,
Australia, “Mobile Telecommunications and M-Commerce Applications”, Encyclopedia
of Information Science and Technology I-V (Mobile Technologies), January 2005,
Idea Group Inc., USA, ISBN 1-59140-553-X.
3. C. N. W. Tan and T. W. Teo, “An Authenticated Short Message Service (SMS)-Based
Transactions System Without SIM Modification”, Proceeding of the 2003 International
Conference on Wireless Networks, 23–26 June, 2003, Las Vegas, Nevada, USA.
4. C. N. W. Tan and T. W. Teo, “A Short Message Service (SMS) Enabled Job Dispatch
System”, Proceeding of the 2002 International Conference on Wireless Networks,
24–27 June, 2002, Las Vegas, Nevada, USA, ISBN 1-892512-30-0.
5. Tan C & Teo T-W, From e-commerce to m-commerce: The Power of the Mobile
Internet”, chapter in Internet Management Issues: A Global Perspective by J Haynes
(Editor), Idea Group Publishing, Chapter 2 pp. 27-53, ISBN: 1930708211, USA,
2002.

Questions?
Contact details:
clarence@bondwireless.com

From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (13)

Semelhante a From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance

Semelhante a From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance (20)

Último

Último (20)

From E-Transactions to M-Transactions: Enabling mobile transactions with information assurance