Date: Wed, 12 May 1999 16:19:54 +0100
From: Walter Eaves <Walter.Eaves@bigfoot.com>
To: java-security@java.sun.com, rmi-comments@java.sun.com, jni@java.sun.com,
Subject: Research Note for JavaCard
Hello,
I've written a paper which describes an application of Java technology which
I've been working on.
Distributed Computing
This paper proposes some extensions to architectures for distributed processing.
It recommends that the software stack, the channel, should be extended to allow
other sub-systems to add parameters to an application's messages and to
transform them if needed. Such a system would prove useful in implementing
authentication and authorization protocols.
http://xxx.lanl.gov/abs/cs.DC/9904020
This paper was mentioned in a research note:
"DIALING FOR DOLLARS"
If electronic commerce is to take off as predicted, people need to be wired into
a network 24 hours a day, 7 days a week, and they must be able to authenticate
their identity as quickly and as easily as possible. While there are a number of
biometric authentication technologies floating around--fingerprint readers,
retinal eye scanners, face recognizers--Walter Eaves of Brunel University
(Uxbridge, UK) believes that an authentication system based on mobile phones
will make e-commerce a lot easier and safer.
By combining open distributed processing (ODP) channel objects with Sun
Microsystems's Java and the Java smart card, the architecture Eaves has
developed will provide the control software for electronic payment validation
using a mobile phone as a smartcard reader. Eaves's architecture for a
distributed processing system allows remote procedure calls to invoke other
services as messages are passed between clients and servers. This is done by
locating an additional class of data processing objects in the software
communications channel. Those objects would be used to enforce protocols on
client-server applications--without any additional programming. Services such as
key-management, time-stamping, sequencing, and encryption can be implemented at
different levels of the software communications stack to provide a complete
authentication service.
Eaves describes a typical scenario: You're standing in line for a movie and your
cell phone rings. There's a message on the screen stating an amount and a
transaction. You key in a personal identifier number and, possibly as an extra
level of security, leave a voice-print recording. This then validates your
purchase and informs your credit card company. The channel objects are loaded
into a web-service that prepares the messages to be sent to your phone. The
web-service communicates with your phone and with the vendor's
terminal.
"In the near-term, it will cost Sun Microsystems and ORB (Object Request Broker)
vendors like IONA a lot of money. They'll have to re-implement a small part of
their systems to make them support the channel objects I've proposed," says
Eaves. "In the long-term, it should allow different companies to insert an agent
acting on their behalf into an application at both the client's and the server's
end. My hope is that this will allow new support services for Internet-based
transactions."
For his software to work, Eaves must find the right hardware. He's looking at
Symbian, a UK software company that produces an operating system for smartphones
that have a 1/8 VGA screen and can be fitted with a smartcard reader and enough
processing power to encrypt voice. Eaves wants to be able to use these
telephones as smartcard terminals.
The market potential for Eaves's architecture is huge. A new report by Jupiter
Communications predicts that online transactions will total about $7.3 billion
annually by 2000, with new payment methods, such as electronic money and
smartcards, used for half that total. Eaves is looking for development partners
and other opportunities, probably in the US, where he says most of the advanced
product work in smartphones is being done.
R990124, 2051299, Copyright 1999, John Wiley & Sons, Inc., New York, NY 10158
>From "INSIDE R&D ALERT", May 7, 1999
TECHNICAL INSIGHTS ALERT, Phone: 201-568-4744
Use of this information is determined by license agreement; any unauthorized use
is prohibited. Copyright 1999, John Wiley & Sons, Inc. ISSN 0300-757X
--------------------------------------------------------------------------------
Walter.Eaves@bigfoot.com http://www.bigfoot.com/~Walter.Eaves
--------------------------------------------------------------------------------