Secure Mobile Support of Independent Sales Agencies

Sales agents depend on mobile support systems for their daily work. Independent sales agencies, however, are not able to facilitate this kind of mobile support on their own due to their small size and lack of the necessary funds. Since their processes correlate with confidential information and include the initiation and alteration of legally binding transactions they have a high need for security. In this contribution we first propose an IT-artifact consisting of a service platform that supports multi-vendor sales processes based on previous work. We then analyze use cases of sales representatives of independent sales agencies using this system and derive their security requirements. We then propose a security extension to the IT-artifact and evaluate this extension by comparing it to existing solutions. Our results show that the proposed artifact extension provides a more convenient and secure solution than already existing approaches.

[1]  Jochen Haller,et al.  Framework and Architecture for Secure Mobile Business Applications , 2003, SEC.

[2]  Heiko Roßnagel,et al.  Mobile qualifizierte elektronische Signaturen , 2009 .

[3]  Jos Dumortier,et al.  The legal and market aspects of electronic signatures , 2003 .

[4]  C. Shapiro,et al.  Dynamic Competition with Switching Costs , 1988 .

[5]  Günter Müller Emerging Trends in Information and Communication Security , 2006, Lecture Notes in Computer Science.

[6]  E.Eugene Schultz,et al.  Mobile computing: The next Pandora's Box , 2007, Comput. Secur..

[7]  Pauline Ratnasingam,et al.  A knowledge architecture for IT security , 2007, CACM.

[8]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[9]  Anup K. Ghosh,et al.  Software security and privacy risks in mobile e-commerce , 2001, CACM.

[10]  Heiko Rossnagel,et al.  Profitability of Mobile Qualified Electronic Signatures , 2005, PACIS.

[11]  Andreas Pfitzmann Multilateral Security: Enabling Technologies and Their Evaluation , 2006, ETRICS.

[12]  Harold Thimbleby,et al.  Proceedings of HCI on People and Computers XII , 1997 .

[13]  Helmut Schneider,et al.  The domino effect of password reuse , 2004, CACM.

[14]  Heiko Rossnagel,et al.  Mobile Qualified Electronic Signatures and Certification on Demand , 2004, EuroPKI.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Smart card based authentication - any future? , 2005, Comput. Secur..

[17]  Günter Karjoth,et al.  Access control with IBM Tivoli access manager , 2003, TSEC.

[18]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[19]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[20]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[21]  Marianne Swanson,et al.  Security Self-Assessment Guide for Information Technology Systems , 2001 .

[22]  Jay F. Nunamaker,et al.  Systems Development in Information Systems Research , 1990, J. Manag. Inf. Syst..

[23]  Steven Furnell,et al.  Advanced user authentication for mobile devices , 2007, Comput. Secur..

[24]  Stuart J. Barnes,et al.  Wireless sales force automation: concept and cases , 2005, Int. J. Mob. Commun..

[25]  Oliver Höß,et al.  A Mobile Support System for Collaborative Multi-Vendor Sales Processes , 2008, AMCIS.