1 / 11

Eircell - A PKI Case Study

This case study by Robbie Ingle, Business & Technical Architecture Manager at Eircell, explores the evolution of mobile banking solutions, including Visa Cash and WAP-based banking and shopping services. It highlights Eircell's goals to enhance user experiences through trusted devices that provide personalized services while ensuring security, privacy, and integrity. By examining various security modes ranging from single-user trust to mutual trust, the study underscores the importance of PKI in shaping future mobile services by combining convenience with robust security measures.

lana-ramsey
Télécharger la présentation

Eircell - A PKI Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eircell - A PKI Case Study Robbie Ingle Business & Technical Architecture Manager Eircell

  2. Agenda • Eircell’s Goal • Mobile Banking • Visa Cash • WAP-based Banking • WAP-based Shopping • Conclusions

  3. The Trusted Personal Device • Trusted: • Privacy, Authentication,Integrity, Non- repudiation • Personal: • Key to a set of personalised services • Small, lightweight, fashionable • Device: • Not necessarily a phone

  4. Security Modes • Mode 1 • Customer doesn’t know or trust Merchant • Merchant doesn’t know or trust Customer • Mode 2 • Customer knows and trusts Merchant • Merchant doesn’t know or trust Customer • Mode 3 • Customer knows and trusts Merchant • Merchant knows and trusts Customer

  5. Mobile Banking • AIB Bank • Simple Application - no Merchants • Users check Balances on Mobile Phone • SMS used as transport • SIM ToolKit (STK) based • Very popular: • Many phones supported • Easy to use

  6. Mobile Banking • Symmetric system • End-to-end security • Security Mode 3 • Inflexible • Amendments require new SIM card

  7. VISA Cash • Eircom Information Age Town - Ennis • World’s first mobile cash download • Three security levels: • 0 Purse (Visa Cash card) to Host • Triple DES • 1 Phone to Commerce Bridge • WTLS; ECC 113; 56 Bit DES for data; SHA-1 for MAC • 2 Phone to server; server to host • Diffe Hellman session key • Single DES and H/W DES for PIN privacy

  8. VISA Cash • Security Mode 3 • Approved by Visa • Special purpose hardware • Commerce Bridge • Card Reader for Nokia 7110 • No commercial application

  9. WAP-based Banking • Ulster Bank • Launched at Comms 2000 (April) • Enquiry facilities at present • Based on their Anytime Internet service • Registration model • Security Mode 3 • Transactions will require WTLS

  10. WAP-based Shopping • Extension of Eircell’s Eirshop • Launched at Easter • Registration Process • Products: • Chocolates • Books • Ready To Go phones • Records • Security Mode 3

  11. Conclusions • Eircell has been very progressive • Built on defined customer constituencies • Security processes to date have been proprietary • Lack of flexibility has hampered commercial proposition • PKI with ubiquity and convenience of mobile phone will be winning combination

More Related