A Privacy Enhancing Service Architecture for Ticket-based Mobile Applications

Network operators gradually open their interfaces to formerly hidden services. This fosters the development of a new class of mobile applications that take into account user's location and presence information. However, this development also raises problems especially the lack of protection of privacy in location-based services. This paper proposes a service architecture that is aimed at overcoming some of the shortages of currently existing context-aware applications that make use of network providers services as well as existing mobile payment systems. We therefore introduce the combination of tickets together with a novel privacy enhancing mechanism that is based on the notion of pseudonyms. Compared to other privacy enhancing solutions our pseudonym mechanism can also be implemented on mobile devices that have some restrictions regarding resources like memory or processing power. Due to their flexibility tickets can be used for many different kinds of applications. One important aspect in this respect is the highly postulated pay-as-you-go model. We give an example of a transport ticket application and explain the message interaction patterns for the basic functionalities of the systems, regarding aspects like data and privacy protection. This example further shows how 3rd party application providers can build meaningful mobile applications that are accepted by users

[1]  Tai-Yun Kim,et al.  Ticket based authentication and payment protocol for mobile telecommunications systems , 2001, Proceedings 2001 Pacific Rim International Symposium on Dependable Computing.

[2]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[3]  Yanchun Zhang,et al.  A Global Ticket-Based Access Scheme for Mobile Users , 2004, Inf. Syst. Frontiers.

[4]  Levente Buttyán,et al.  Accountable anonymous access to services in mobile communication systems , 1999, Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems.

[5]  Jon Crowcroft,et al.  Ticket based service access for the mobile user , 1997, MobiCom '97.

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Key Pousttchi,et al.  An Analysis of the Mobile Payment Problem in Europe , 2004 .

[8]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[9]  Anelia Mitseva,et al.  Context-aware Adaptive Privacy Protection for Wireless Sensor Networks , 2006 .

[10]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[11]  Tom Rodden,et al.  A lightweight approach to managing privacy in location-based services , 2002 .

[12]  Iris A. Junglas,et al.  A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[13]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..