t²r: Trusted Transaction Roaming
A global platform to unleash the potential of wireless data services
By Stefan Engel-Flechsig, CEO Radicchio Ltd.
There is currently no global network available that would serve as a common platform enabling content and service providers to reach mobile subscribers in a trusted environment. Individual Mobile Network Operators (MNOs) are implementing and piloting projects, but reaching wireless subscribers with sensitive digital content will remain an expensive and confusing proposition until the major parties involved join to build an interoperable framework for Identity, Security and Privacy Management in mobile networks.
As the leading industry forum for trusted mobile services, Radicchio is seeking to establish a trusted infrastructure for wireless data services that will meet fundamental market requirements by enabling:
- Global interoperability
- Reliable identification
- Secure network access
- Secure content access
- Privacy management
- Convenience & benefits (for end users, MNOs and service providers)
- Legal enforcement (EU support)
This Trusted Transaction Roaming Platform will benefit the wireless data services market as a whole and – most importantly – the end users, who will receive a larger variety of services, security, and privacy on an infrastructure that they can really trust.
The operator of such an extensive platform, which would deal with different parties’ confidential information, needs to be a neutral entity that is truly trusted and recognized by all the players in the data services market (including financial institutions, MNOs, service & content providers and technology providers). This neutral entity would operate the Global Identity Management on behalf of all GSM MNOs.
Radicchio has proposed the t²r (Trusted Transaction Roaming) Project to enable the construction, design, and implementation of a Trusted Platform. The t²r Project will also lay the foundation for one or many neutral entities to operate such a platform for the benefit of the end users, service providers, MNOs, and various other players in the wireless data services market.
The t²r Project was presented to the leading Mobile Network Operators at the Carrier Summit held in March 2002 in Bandol, France. Operators present included Hutchinson 3G, MTN, Orange, mm02, Sonera, T ? Mobile, and Vodafone. The aim of this summit was to reach a consensus on the best way to develop a global framework for trusted mobile and wireless transactions. The feedback was encouraging, and Radicchio believes that this summit has signalled the start of global roaming for secure wireless transactions.
The Trusted Transaction Roaming (t²r) framework will enable secure identification of all end-users in a wireless network. This allows services outside the home operator network to securely identify end-users as they roam. It also will improve service quality through secure payment and personalization. For example, the trust platform would make it possible for subscribers to safely purchase services (such as train tickets) while travelling internationally. Given the total worldwide market of wireless end-users, such services and payment process can leverage a common interface and increase revenue. Using the same global identity framework, enterprises and governments could use mobile devices to enhance access control.
Trusted Transaction Roaming makes the mobile device significantly more valuable to the user, defines new revenue streams for the mobile operator and creates a new, managed channel for service providers to extend their services to the nearly one billion global wireless users.
Based on the discussions at the Radicchio Operator Summit, the Mobile Network Operators agreed on the following general position:
Following this Summit, Radicchio has established a suitable management structure and technical framework for the t²r Project based on the input from its member companies and working groups. The results have been published in an Open Workshop in September 2002 in London and they have been discussed at the Radicchio Annual members meeting in September 2002 as well. The final White Paper on t²r is available on the Radicchio website www.radicchio.org.
- Operators recognize the strategic potential of trusted actions based on SIM-card security for current and future services, such as end-user identification, enterprise access control, online payment, etc.
- The operator and services industries need to cooperate to enable the widespread take-up of trusted transaction services.
- The potential of trusted transactions involving third-parties (e.g. banks) can only be successful if operators co-operate to extend a common, global interface that enables secure services.
- The operators will encourage the development of the necessary technical, procedural, and legal standards on a global scale to establish an open and reliable standard that can be implemented by technology providers and used by content and financial service providers.
Radicchio has also identified cooperation with international legal and regulatory authorities as an essential step towards ensuring the enforceability of digital contracts signed remotely in wireless networks. Furthermore, it will also seek to make the best possible use of standards written by other organizations to avoid duplicating efforts and to guarantee maximum interoperability.
To ensure that the framework becomes truly global, Radicchio invited the GSM Association and the Liberty Alliance to present at the Operator Summit. Follow-on efforts are planned with other leading industry bodies, such as the European Telecommunication Standardisation Institute (ETSI) and the ICT Standards Board.
In addition to the ongoing Radicchio work, Radicchio member companies with the coordination of Gemplus/France and the participation of Orange, Radicchio, SmartTrust, Ubizen/Globalsign and Vodafone submitted a research proposal within the 5th European Framework Program for R&D. The proposal received funding for one year and is looking into some technical and business aspects of trusted transaction roaming more specifically.
The EU Trusted Transaction Roaming project (t²r) defines the rules and protocols to build a global mobile signature scheme, an infrastructure that provides application service providers with services to enable the secure and trusted confirmation of transactions performed by mobile customers, using mobile signature technology.
T²r requires transaction confirmation to be independent from:
The customer SIM card is the corner stone of the T²R mobile signature mechanisms, providing the different actors with:
- The nature of the transaction (e.g. end-user authentication, access control, payment),
- The customer home Network Operator and localization when the transaction is performed (e.g. roaming to a visited network),
- The signature technologies deployed by the different actors (e.g. PKI, symmetric),
- The party that issues the end-user’s identity (e.g. MNO, bank, government)
- The transaction channel (e.g. on-line transaction, physical presence at a retail shop).
The EU t²r project is documented on the Radicchio website www.radicchio.org and all documents are available for public review. The t²r EU project held two open workshops – one on regulatory issues and one on financial issues and the results and presentations are available on the website. If you wish to receive regular updates or if you wish to comment on the t²r work please send an email to: t²r@radicchio.org
- A seed of trust,
- A secure cryptographic engine
Launched in 1999, Radicchio seeks to unleash the tremendous potential of the market for wireless data services, such as mobile e-commerce and mobile e-government.
Guided by a cross industry board of directors including Certicom, EDS, Ericsson, Gemplus, MTN, Sonera Smarttrust and Vodafone, Radicchio is the authority and the industry voice for trusted networks in the mobile world.
To pave the way for the mobile revolution by facilitating the establishment of a cross-industry platform for trusted wireless transactions.
Radicchio currently represents the interests of:
- Hardware manufacturers (handsets, cards, chips)
- Financial institutions
- Content providers
- Certification service providers
- Systems integrators
- Mobile operators
- Application service providers
To drive, develop and accelerate market developments, Radicchio seeks to:
- Bring major players together to ensure interoperability.
- Remove bottlenecks.
- Work with international legal & regulatory bodies.
- Publicize the market opportunities.
- Develop mobile transaction solutions with high acceptance among merchants and wireless subscribers.
- Security & Mobile Devices WG – Seeks interoperable security solutions for the mobile device, including security architectures, secure storage, and user authentication (biometrics).
- Best Practices WG – Establishes Radicchio guidelines for best practices, and analyzes successful mobile security implementations.
- Legal, Regulatory & Governmental WG – Provides legal support to the other WGs, seeks solutions to the legal challenges specific to mobile applications, and accelerates the acceptance of m-government applications.
- Marketing WG– Promotes solutions that will drive the market for trusted mobile data applications.
- Website as a communications platform.
- White papers and guidelines on important industry issues
- Strong conference presence.
- Radicchio Academy as an opportunity to train & learn.
- PR work and lobbying (press releases, by-lined articles, interviews, etc.)
Stefan Engel-Flechsig, Radicchio Ltd.
Stefan Engel-Flechsig is the CEO of Radicchio Ltd., a worldwide industry initiative for security in wireless e-commerce. He has held various positions in the wireless and the security industry and has been responsible for designing the world’s first comprehensive digital signaturs legislation in Germany. Mr. Engel-Flechsig has over 20 years specialized experiences in computer science, law and mobile commerce.
For further information, please contact: email@example.com or visit: www.radicchio.org