To help facilitate the development of m-commerce, a standard industry framework called the Mobile Electronic Transactions Standard (MeT) is under development by a working group that includes Nokia, Ericsson, and Motorola. MeT is an initiative designed to provide a framework for secure mobile transactions and to provide a consistent user experience that is independent of mobile device, service, and network. The idea behind this initiative is to ensure that interoperable mobile transaction solutions are developed around the world, with the goal being that consumers have seamless access to goods and services wherever they may be. An example of how this system is expected to work is shown in Figure 9.2.
The MeT provides infrastructure guidelines for the mobile device to be used as a personal trusted device (PTD). The mobile device and the mobile operator's network already provide the technical capabilities necessary to authenticate a user and provide secure key storage, cryptographic processing, and transaction processing. The core functions of MeT include the following:
Initialization: Providing the PTD with public/private key pairs for signing and authentication.
Registration: The PTD will be provided with both service certificates and root certificates.
Establishing a secure session: WTLS is used to provide a secure session for remote and local environments.
Authentication: The client is authenticated using a client certificate and PIN number.
User authorization: The PTD uses a signature key to create a digital signature of a string of text provided to the user. The user accepts the transaction by entering a signature PIN that signs the text.