Mobile Phones Provide Secure e-Commerce
The era of mobile commerce will begin with the appearance of mobile phones equipped with smart cards. Primarily, smart cards will be utilized because they offer security functions not available through other methods of e-commerce such as personal computers or television.
In the near future, smart cards measuring only about 2cm square will appear in mobile phones, ready to markedly expand the world of e-commerce implemented through mobile phone functions.
These smart cards, which are actually integrated circuits (IC), will store key information, such as terminal identification (ID) and a credit card number, making them secure from theft. An encryption program will also be provided to safeguard communication, and these technologies will help eliminate fears about the security of e-commerce.
When this happens, the mobile phone will surge ahead of competing terminals like personal computers (PC) and televisions (TV) to become the leading e-commerce terminal for personal use.
Staffan S umlaut erqvist, president of Ericsson Mobile Communications Japan K.K., said, "In the near future, people will search for the nearest movie theatre through their mobile phones and make reservations or ticket purchases on the spot. Payment will be made through electronic fund transfer (EFT) via the mobile phone network and the Internet, or paid via a telephone bill. In any case, the mobile phone will replace the wallet."
Takeshi Natsuno, media director of Gateway Business Department, NTT Mobile Communications Network, Inc (NTT DoCoMo) of Japan agreed. "The mobile phone will be an electronic wallet," he said.
The foundations for mobile phone e-commerce are in place. A range of new services is now available for existing mobile phones, including banking, trading, shopping, travel arrangements and event bookings. More and more people are making use of these services. Natsuno revealed that at one securities firm, over 10% of the total value of its trading is now conducted via iMode.
Smart Cards Offer Security
With quick and simple Internet access through mobile phones and PCs, it has become possible to obtain a range of products and services previously unavailable due to restrictions imposed by time or distance. Search, browse and order processes are all electronic, and compared to actually visiting stores, customers can view products much more easily. Internet site eBay.com, for example, an online auction site, offers more than three million items from around the world, serving over 10 million users.
Once the order is placed, however, settlement is handled in the traditional manner, with actual funds usually being paid via bank transfer, cash in advance, or cash on delivery (COD).
There is also the option to use a credit card online, however many users are wary of this method of payment because they have to send their credit card information via a low-security network, to a person they have never met, a store they have never been to or a corporation they have never heard of.
The smart card seems likely to resolve all these problems at once (Fig 1). By mounting a smart card in a mobile phone, most of the apprehensions involved in e-commerce transactions can be eliminated. This is because it can provide a significant increase in the reliability of information exchanged between buyer and seller.
3G Smart Phones
The smart cards in third-generation (3G) mobile phones will include a processor for encryption and other processing, an electrically-erasable programmable read-only memory (EEPROM) to store user information, a program ROM, and random access memory (RAM) work space. Data on the smart card is said to be relatively secure because it is difficult to extract encrypted data from the outside and difficult to alter it. This is referred to as "resistance to tampering."
The EEPROM in the smart card stores a variety of information that requires protection, including the terminal information needed during communication, the electronic authentication certificate issued by the certifying authority to verify the identity of the user and the encryption program itself. It can also store other confidential information such as credit card numbers and personal identification details.
When mobile phones are equipped with a device to protect personal information, the security level of an entire service, including the network, improves considerably.
"In order to strengthen an entire system you have to make one part that cannot be analyzed. That is the smart card," explained Kazunori Asada, president and CEO, Open Loop Inc of Japan.
When the mobile phone is equipped with a smart card, it can show a terminal certificate verifying that it is an authorized terminal. Biometrics technology is then required to verify that the person using the mobile phone is the authorized person (authentication).
Various means exist to verify identity, including fingerprints, iris and voice patterns. A number of manufacturers are already developing biometric technologies capable of verifying user identity, and some have already entered into practical use in PCs and similar applications. It remains unclear when they will be available for use in mobile phones, since problems with size and cost remain to be resolved.
Just the development of a method for implementing terminal certificates via a network alone would represent a major step forward from what is now possible. What is needed is a communications infrastructure consisting of the smart card and the public key infrastructure (PKI). The constituent technologies of PKI are an electronic certificate issued by a special certifying party and the encryption technology based on public and private keys. The basic concept here is to swap electronic certificates through a network to mutually verify terminal identities and encrypt swapped data to prevent eavesdropping or tampering. PKI requires a secure place to store confidential data, which is where the smart card comes in.
First Products 2002
The first mobile phones with these smart cards are expected to appear in Japan after May 2001. The compact smart card, called the User Identity Module (UIM), will be mandatory in the new 3G mobile communications equipment to be deployed under the International Mobile Telecommunications 2000 (IMT-2000) standard. Mobile phones built to comply with the Global System for Mobile Communications (GSM) standard used in Europe already have a Subscriber Identity Module (SIM), equivalent to the UIM. The UIM is an expansion of the SIM, which stores user ID and other information to improve security functions (Fig 2).
In 2002, the mobile phone will begin to evolve in two forms. The first type will be an improved version of the UIM card, incorporating credit card and cash card functions. With this type of phone, the user will no longer have to carry a cash card, credit cards or even a commuter pass for public transportation. In Europe, especially, development is geared toward this type of card.
The other trend will be the creation of designs that use contactless smart cards together with UIM cards. UIM card functions will remain the same, but electronic money and other downloads made via the phone will be stored on the user's contactless smart card. In addition to the mobile phone, the user will also carry a contactless smart card for cash payments or for cash/credit procedures. Any actual payments will be made with these smart cards.
Data is divided between the UIM card and the contactless smart cards to clarify the division of responsibility between them, according to Kazumasa Miyazawa, general manager, e-Money Pj, I-Card System Solutions Division, Sony Corp. NTT DoCoMo's Natsuno agreed, "The UIM card and the mobile phone make a pair," with the UIM card issued by the telephone service operator, and the contactless smart card issued by the credit card company.
Many Japanese credit card firms, banks and telephone service operators prefer this type of operation because the scope of card processing is clearly defined. Instead of trying to handle everything with only the mobile phone, these firms are hoping to first implement e-commerce through a combination of the phone and the contactless smart card.
Regardless of which method is used, new components will have to be mounted in the mobile phone, including a connector for the UIM card and a data reader/writer for the contactless smart card. Even with these additional components, however, the cost of the phone cannot be allowed to rise.
The manufacturing cost of a typical mobile phone is currently about 25,000 Yen (Fig 3). Components account for about 60%. In order to achieve widespread use of e-commerce-capable mobile phones, component costs will have to be kept to existing levels, or as close as possible. At the same time, the new components cannot be allowed to increase power consumption.
Memory Capacity Growth
Models that only have the UIM card can use it to store a diverse range of information related to e-commerce, such as the mobile phone user ID, cash data, and applications to handle credit card functions. With just the phone and the UIM card, the user will be able to enjoy a variety of e-commerce services.
Before UIM cards can be used, the mobile phone will require a UIM card connector. The SIM card connector now in service for the standard GSM phone can be used as-is, and the cost is low.
UIM cards will be used to store a variety of data and applications, primarily in onboard EEPROM. For example, digital certificates needed for user authentication and private key data for encryption will require several kilobytes of memory capacity. This capacity will have to be provided for each card, be they credit or cash cards.
The UIM card will, therefore, require considerable memory capacity. While existing mobile phones can ". . . get by with a card with only 16 or 32 Kbytes," as Naoki Kinoshita, sales director, Smart Cards and Terminals, Schlumberger K.K. of Japan pointed out, major increases in capacity will be required in the future (Fig 4).
In some cases, it will be impossible to develop a UIM with a large memory capacity without first shrinking the EEPROM design rule. While chip manufacturers have not disclosed their design rules for the current 16- to 32-Kbyte EEPROM, Junichi Sakaki, engineering manager, Research Laboratory, Motorola Japan Ltd, warned, "It will be difficult to achieve a 1 Mbyte or larger EEPROM using the current design rule. A breakthrough is needed."
Even assuming that a UIM card with 1 Mbyte or more of onboard memory was developed, the card price would probably be steep, and could drag mobile phone prices up with it. The lower the cost of the memory in the UIM, the better.
One possible approach is to download the required application via the radio link each time it is needed. This would be possible when using a 3G mobile phone, with a peak data transfer rate of
384 kbits/s. It would make it possible to minimize the amount of memory needed on the UIM card, thus dropping card prices.
The mobile phone will also have to come equipped with Bluetooth or another wireless communication function. This is because the phone and the point of sale (POS) terminal have to swap credit and other data when the actual transaction is made.
Assuming the Bluetooth interface was adopted, the mobile phone would come with a Bluetooth chipset. This currently has three chips, but a two-chip version is slated for later this year and a single-chip implementation is set to appear in the first half of 2001. Mobile phones marketed in about 2002 will probably come with this single-chip Bluetooth interface, which has a target cost of US$5.0.
Another proposal calls for the use of the UIM card with a contactless smart card (Fig 5). In 2001, NTT DoCoMo, Sony Corp, Toshiba Corp, and Matsushita Electric Industrial Co Ltd will begin e-commerce tests and plan to use this approach.
This type of phone will require linkage with the contactless smart card and will therefore have to mount a reader/writer for the smart card. Existing reader/writer modules are expensive, and will certainly have to be made cheaper, but they are also much too large to fit into a mobile phone. The reader/writer control board released by Motorola Inc of the US, for example, measures 104mm x 67mm x 18mm -- about the size of a folded wallet (Fig 6).
The antenna must also be provided, being separate from the control board. While relatively thin, it has about the same area as the control board. "Whether or not they can be used in a mobile phone depends on how small we can make them," explained Motorola's Sakaki.
Miniaturization projects have already begun. "For example, it is possible to single-chip the major components on the control board, including the CPU and RF circuits. We are working on that now," revealed Sony's Miyazawa. The target is to manufacture the assembly, including the antenna, for 1,000 Yen or less.
Antennas are also shrinking. The reader/writer antenna, however, must maintain a balance with the size of the antenna inside the contactless smart card.
In general, it is best if the cards' internal antenna and the reader/writer antenna are about the same size. This is to optimize the power supply efficiency between the reader/writer and the smart card when the contactless card is used.
Making the mobile phone antenna smaller also means that the contactless smart card antenna must be made smaller. This antenna is currently formed along the edge of the smart card and is fairly large.
ExWAY Inc of Japan, a smart card development firm, has developed a compact antenna for contactless smart cards (Fig 7). It is about the size of a postage stamp, and, according to ExWAY president and CEO, Shin-ichiro Yamada, ". . . was made smaller through improvements in the coil winding method and other points."
There is also a possibility of cost reduction. Existing antennas are formed on a card-sized flexible circuit board, but this type of board is expensive and accounts for about a third of the cost of the smart card. The ExWAY antenna makes it possible to shrink, or even eliminate, the flexible circuit board, and therefore can slash smart card manufacturing costs to about two-thirds of the current figure, according to Yamada.
Power consumption, another critical factor together with cost, will unquestionably increase when the UIM card, Bluetooth interface and reader/writer are added.
In existing mobile phones, most of the power is consumed by the liquid crystal display (LCD) panel. The super twisted nematic (STN) color panels commonly used now draw about 40mW (backlight on), but this could jump to several hundred milliwatts under the same conditions if a transparent, color thin-film transistor (TFT) LCD panel is used. This would require fundamental design changes in the mobile phone, such as increasing the energy capacity of the battery.
The power consumption of the UIM card to be used in future mobile phones will probably be about 50mW peak. The Bluetooth interface IC is expected to dissipate about 100mW with data transmission. Existing antennas use several watts, but this can probably be cut to several dozen milli-watts through single-chipping.
All of these new components will add about 200mW to mobile phone power consumption. Still, there are few instances in which all components are in operation at once, but even when they are, the LCD panel consumes power for the longest period. "While it depends on the usage frequency, as long as the power consumption of added components is under about 100mW per component, there will probably be little impact on phone design," predicted an engineer with a phone manufacturer.
The contactless smart cards being considered for use with mobile phones are divided into three types, depending on the coupling distance to the reader/writer: close (communication distance 2mm or less), proximity (10cm or less) and near (70cm or less). The most common coupling distance for mobile phones is about 10cm, because "it is just the right range for communication with the reader/writer," according to Sony's Miyazawa.
In Japan, this proximity type is further divided into three areas: Type A, Type B and the Sony type (Table 1).
Type A and Type B are expected to be adopted as an international standard in the near future. While Type A is available for use in phone cards in Japan, it has apparently been only rarely used thus far. Type B is also seldom seen, and is expected to be promoted for widespread use in the future.
The Sony method, developed by Sony Corp, lags behind the other two in terms of its establishment as an international standard, but has achieved more widespread use. Sony claims over 10 million such cards have been issued, including for use as bus and train passes in Hong Kong and Singapore.
The Type A card does not have an internal central processing unit (CPU), so it will be difficult to utilize it for complex processing in combination with the mobile phone. As a result, Type B and the Sony design, both of which have an onboard CPU, are vying to take first place in the competition for contactless smart cards in mobile phones.
Motorola and other firms are supporting Type B. It will be released as an international standard in the near future, making it possible for many manufacturers to begin production. Motorola's Sakaki believes it has explosive market potential. The Type B specification is based on existing specifications for contact smart cards, with the obvious exception of the contactless interface. This should make it easier for users to switch over to the contactless design. The same CPU, memory and other components can also be used, according to Sakaki. Motorola already markets contact smart cards, and hopes to make effective use of existing resources to develop contactless smart card products.
Of course, Sony is the prime proponent of the Sony method, and its strongest selling point is its extensive delivery record. The data transfer rate is also a high 211 kbits/s, and it comes with the proprietary FeliCa operating system (OS) that supports high-speed data processing. This combination makes it possible to process large amounts of data very rapidly, said Miyazawa. For example, it can handle the processing window of 100ms imposed by public transportation ticket gates. In addition to data swapping between the card and the reader/writer, data exchange between reader/writers is also possible.
by Takahiro Kikuchi, Yasuo Tanokura
Ericsson Japan: http://www.ericsson.co.jp
Gemplus SA: http://www.gemplus.com
Matsusita Electric Industrial: http://www.panasonic.co.jp
Motorola Japan: http://www.mot.co.jp
Nippon Telegraph and Telephone: http://www.ntt.co.jp
NTT DoCoMo: http://www.nttdocomo.com
Open Loop: http://www.openloop.co.jp
Royal Philips Electronics NV: http://www.philips.com
Schlumberger K K: http://www.sphere.ad.jp/skk
(August 2000 Issue, Nikkei Electronics Asia)