Monday, June 16, 2008

Gemalto SIM STK

I found that Gemalto sell excellent development kits that allow developers to develop applications that run on SIM cards. These applications can be downloaded on the SIM cards and can perform powerful functions like intercept primitive radio messages and send data to other servers. Amazing stuff! Because these applications reside on the SIM card, they can run on any phone. No more special operating systems, and applications build for the Blackberry or iPhone only. The same application runs on all phones. Now any-one can build an application and download it on their SIM card.
Only problem is the cost ot the development software. Why do Gemalto sell the software? What are they thinking? Surely by distributing the software for free, more people would see the benefit and utility of the SIM card?

Monday, June 09, 2008

Absa Mobile Banking on the Worldstage

As I follow mobile banking events all the time, I found the following two news-items interesting. The first is a reference of my friend Christo Vrey (head of Absa Mobile Banking) that would be traveling to abroad to "teach the US cellphone banking". Just to state my position, I am of the opinion that South African mobile banking experts can teach a lot of people a lot of things regarding cellphone banking. However, I would not be as bold to brief a reporter to write such an article as this. Anyhow, intrigued as I am about the conference, I checked the speakers. The official website of the conference that Christo will "address ... in New York on the issue" did not have him on as a speaker. Mmmm...

Monday, June 02, 2008

Cellphone security re-think

I found the case study of how not to implement mobile banking security as described on the Digital Soapbox very interesting. It is a fact that we cannot implement Internet banking security paradigms directly (as is) on the mobile phone. This is because of the following reasons:
  • Many security advances on the Internet (like virus checkers, firewalls, security warnings etc.) have not been implemented on phones. It is also unlikely that these will be implemented on phones as the capacity and computing speed is such that it cannot mimic computer functionality.

Phones have characteristics that computers don't have that can be utilised to make security more powerful. Think of the characteristics of the SIM card, the uniqueness of the Phone ID, or cellphone number. (Computers do not have this). GSM have built-in security on the bearer channel where-as computers have to switch their's on with SSL. One should think about using cellphone characteristics in mobile banking.

The most classic pitfall (as is described on the Digital Soapbox) is where Internet banking security is enhaced through the cellphone channel and this is then transported as is to celllphone banking. Security that have been based on dual channels is suddenly reduced to one channel with inferior security protection... Problem.