mobilkom austria AG
racon Software GmbH
The goal of this project is to study software architectures for mobile computing in the context of services for mobile phones. The case study application is an infrastructure for mobile phones, that allows providers to offer new services (e.g., to play Lotto, buy stuff). The primary goal of the infrastructure is that it should be technically feasible yet secure. Digital signatures provide the level of security necessary for this infrastructure.
The key problems of this project are:
Symbolon (greek: sign, signature) aims to use digital-signature technology to get rid of the personal identification and transaction authentication numbers (PIN and TAN, resp.).
Current home banking application (HBA) solutions rely on transaction authorization numbers (TAN) as main authorization mechanism. A TAN is a code that the customers uses to confirm banking transactions. The customer gets a list of TANs printed on a sheet of paper each time he used up his old ones. Each time he confirms transactions he uses up the next TAN printed on the sheet. This authentication and authorization mechanism carries several security risks (e.g., TANs have no expiration date, TANs are printed on a sheet of paper that can get lost) and also severe usability limitations (learnability: the concept of TANs, error avoidance: entering an old TAN, satisfaction and efficiency: you have to keep the TAN list with you).
Since January, 1st of 2000 Austria has laws concerning electronic signatures. The idea of this research project is to evaluate if electronic signatures can be incorporated into small devices. Furthermore it exploits the technical feasibility of using these small devices to sign banking transactions.
The project goals have been successfully accomplished. The result of this project has been a proxy-based software architecture using asynchronous messaging.
The first prototype of the Symbolon architecture is working and uses some decent hacks. The communication between the legacy software an the mobile phone is done via the extended AT command set. It allows to access the local mobile phone (e.g., to store an short message in the memory of the mobile phone).
The project is supported by Secartis AG; a company specialized on security solutions and chipcards. Furthermore I recommend everyone who wants to play around with his mobile phone to take a close look at the extended AT commands. These commands are specified in the GSM 07.07 and 07.05 standard. They can be found at the ETSI homepage. Finally the exists a nice package for Linux to communicate with the serial line (link missing).
Further links to artifacts:
back to the main project site...