John A. MacDonald

Overcoming Channel Bandwidth Constraints in Secure SIM Applications

In this paper we present an architecture based on a Java (J2SE, J2EE, J2ME and Java Card) platform supporting a secure channel from a Mobile Operator to the SIM card. This channel offers the possibility of end to end security for delivery of large data files to a GSM SIM card. Such a secure channel could be used for delivery of high value content that requires a high bandwidth channel — perhaps either rendered for user infotainment, or processed in the client Mobile Station (device and SIM card) for remote device management. Our methodology overcomes the bandwidth constraints of the SIM Toolkit Security scheme described in GSM standard 03.48. To validate our proposal we have developed code to create DRM and Web Service test scenarios utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Web Services tools from Apache, the KToolBar emulator from Sun, and a Gemplus Java Card.

A Web Services Shopping Mall for Mobile Users

In this paper we present a platform for the direct consumption of Web services by a Mobile Station. We give an architectural solution where Mobile Operators play the role of Trusted Third Parties supplying service credentials that allow a co-located 3GPP network application function and liberty-enabled identity provider entity to implement a controlled shopping mall service to mobile stations from multiple trust domains. We consider both the protocol and the structure and syntax of the various tokens required to minimise service latency over the bandwidth and performance constrained mobile system, whilst providing adequate security services to protect against the perceived threat model. To validate our proposal we have developed code to create a Web service test scenario utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Web services tools from Apache, the KTool-Bar emulator from Sun, and the JCOPS suite of tools for Java Card applet development

Cellular authentication & key agreement for service providers

This paper proposes an alternative to the 3GPP generic bootstrapping architecture protocol for bootstrapping security credentials in mobile networks. The proposed protocol avoids certain privacy issues arising from the use of the 3GPP protocol, which may be of particular concern in e-health applications.

Using The GSM/UMTS SIM to Secure Web Services

In this paper we present a mobile operator endorsed authentication and payment platform for the consumption of Web services by a mobile station. We propose a protocol where the mobile operator plays the role of dusted third party to issue authentication and authenticated payment authorisation tokens to facilitate a transaction between a mobile station and a Web service provider. We consider the structure and syntax of these tokens to minimise service latency, and provide security services to protect against the threat model. To validate our proposal we have developed code to create a Web service test scenario utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Wtb Services tools from Apache, the KToolBar emulator from Sun, and a Gem-plus Java Card

Mobile Web services authentication using SAML and 3GPP generic bootstrapping architecture

In this paper we present a platform for the direct consumption of web services by a Mobile Station. We give an architectural solution where Mobile Operators play the role of Trusted Third Parties supplying service credentials that allow a co-located 3GPP Network Application Function and Liberty-enabled Identity Provider entity to implement a controlled Shopping Mall service to Mobile Stations from multiple trust domains. We consider both the protocol and the structure and syntax of the various tokens required to minimise service latency over the bandwidth and performance constrained mobile system, whilst providing adequate security services to protect against the perceived threat model. To validate our proposal we have developed code to create a Web Service test scenario using SAML authentication tokens utilising readily available J2ME, Java Card, J2SE and J2EE platforms, Web Services tools from Apache, the KToolBar emulator from Sun, and the JCOPS suite of tools for Java Card applet development.

Authentication considerations for mobile e-health applications

This paper identifies serious user privacy concerns with the 3GPP generic bootstrapping architecture protocol when used as the basis for security for certain e-health applications. A possible alternative approach avoiding these concerns is also outlined.