Bond Wireless SMS Authentication and Verification
Solution for Health & Banking Industry
Clarence N W Tan, PhD, FACS, F Fin
Founder and CEO
Bond Wireless
Adjunct Professor,
Faculty of Business, Technology & Sustainable Development
Bond University
Faculty of Engineering & Information Technology
Griffith University
About Bond Wireless
• Founded in 2002 with a business presence in Australia,
Singapore, Malaysia, Germany, USA and Africa.
• Developer of Patented IP and award winning innovative
SMS application solutions
• Microsoft Gold Certified and Sun Microsystems iForce
partners
• Listed in Top 30 ICT companies in Australia 2003/2004 and
in the Q400 2005 – Top 400 Companies in Queensland
• Won the International APICTA Award for Best
Communication Application in 2002.
© Bond Wireless 2007 All Rights Reserved
2
Our Business
• Enable enterprises of all sizes to communicate via SMS and
VoIP easily, instantly, cost-effectively and confidently with
authentication and verification as required
• Provide innovative software solutions
• Operate our own global text messaging infrastructure and
wholesale international connectivity
© Bond Wireless 2007 All Rights Reserved
3
The Bond Wireless advantage
• Providing reliable cost competitive access &
global coverage text messaging and VoIP via our
own gateway
• Making easy to use scalable, customer-focused
products to encourage usage of our gateway
• Working with innovative and strategic partners
• Being Telco independent. We are connected to
over 50 telcos/carriers network around the world
to ensure competitive SMS prices and effective
global delivery
© Bond Wireless 2007 All Rights Reserved
4
Why SMS?
• Extending the capabilities of mobile messaging to the enterprise
market by overcoming the limitations of traditional SMS.
– Input
– No end-user proof of receipt or security to support high
value applications
• SMS is a stable ubiquitous platform that has been around since
1991
• Global SMS Market Trend
– Peer-Peer to Business-Peer
– US Telcos opening up to SMS
– SMS is the most cost effective method to reach large
numbers of customers in most markets
– Bridging the Digital Divide e.g. in Asia, where SMS is
much more accessible than the email
© Bond Wireless 2007 All Rights Reserved
5
SMS Text To Speech
SMS
VoIP
Internet/SMS
© Bond Wireless 2007 All Rights Reserved
6
Text to Speech Application
• Enables user to send an SMS or a text string that will then
call a recipient on a landline or mobile phone and read the
message to him/her e.g.
– Txt <phone number> <message>
• Novelty application as different text to speech engine with
different accents can be utilized.
• Enables users to send an SMS to a landline.
• Cost benefit as low cost VoIP lines can be used.
© Bond Wireless 2007 All Rights Reserved
7
Country Mobile
Networks
Country Gateway Service
All Country-bound SMS traffic
Schematic of
Bond Wireless
Products
Connectivity
© Bond Wireless 2007 All Rights Reserved
8
Verify and Authenticate Mobile Users using SMS
SMS SecureTransTM
Bond Wireless
•
In 2002 Bond Wireless developed a patent for verifying and
authenticating consumers using SMS.
•
Problems solved:
•
•
•
1. Has the correct person received the information?
2. Has the correct person read the information?
3. Has the correct person sent the information?
© Bond Wireless 2007 All Rights Reserved
10
Non-repudiation and verification of message
reception.
•
The patented SecureTrans product is designed for enterprise applications
requiring additional security with SMS messages, without expensive
modifications to SIM cards, customized phones, or phone-based
applications.
•
The SecureTrans process ensures the identity of the message recipient
before any sensitive data is delivered. In addition to ensuring only the
intended recipient reads the message, the sender is also given proof that
the recipient received the message.
© Bond Wireless 2007 All Rights Reserved
11
Bond Wireless SMS Banking Platform
• SecureTrans (non-encrypted, authenticated)
• Patented SMS Authenticate and Verify or SAV
(encrypted, authenticated)
• Java/Windows Mobile SMS applets (end-to-end
secure, handset embedded)
© Bond Wireless 2007 All Rights Reserved
12
SMS SecureTrans™ was built on SMS AV Technology
SMS SecureTransTM uses SMS AV (Authentication & Verification) a patent pending server-based
technology that permits the sending of secure SMS without modification to SIM cards or devices.
In addition, the encrypted messages may be sent inside multi-media messaging service (MMS)
pictures, using steganography techniques. An image of a person can be used to verify an
identity, while at the same time embedded content in the image can be used to transmit
information.
© Bond Wireless 2007 All Rights Reserved
13
The SecureTransTM Platform
 Will work across multiple Mobile technology platforms (GSM,
CDMA, and 3G)
 Operates with MMS as well as SMS
 Value added mobile service for consumers
 Privacy/Duty of care/Security
 Enables operators to establish a cost effective user validation
process
© Bond Wireless 2007 All Rights Reserved
14
Using SecureTrans in mobile commerce
What applications can benefit from SMS SecureTrans
TM
?
 Communication secured with proof of receipt
 Mobile Banking Broking
 M-commerce solution providers & Verification of payment
systems
 Advise of test results (educational, medical)
 Business Process Management

Authorisation of Purchase Orders

Work Activity
 Electronic/Mobile Prescription
 Dating Services
Any businesses or service requiring secure transactions
communication via cell phones
© Bond Wireless 2007 All Rights Reserved
15
Secure peer-to-peer messaging
How can phone to phone communications benefit from SMS
SecureTransTM ?

Verifying the correct recipient has control of the handset

Sending private information

Confirming receipt of the message sent
© Bond Wireless 2007 All Rights Reserved
16
Current Implementations

Implemented with a Telco in SE Asia who are using it in the
consumer market.

Implemented in the Health Industry providing test results
to patients.

Implemented in the Education sector providing State
examination results to students in Australia.

SMS Banking solution currently in development.
© Bond Wireless 2007 All Rights Reserved
17
A Telco using SMS SecureTrans as a
Premium Service
Ensures only the intended
recipient will read message
Permits sensitive information to
be sent via SMS
Solves problems of nonrepudiation
Enables mobile/e-commerce in a
secure fashion
© Bond Wireless 2007 All Rights Reserved
18
SecureTrans Application for a Telco
© Bond Wireless 2007 All Rights Reserved
19
CaraData working with Bond Wireless
CaraData introducing SHIP 7 the Sexual Health Information
Program developed in Australia with the help of professionals
working with HIV and STDs.
CaraData has been working with Bond Wireless to provide
secure SMS text messaging to patients
The solution checks patient records and automatically sends
secure SMS text messages directly to mobile phones
regarding
– test results
– appointment times
– reminders to take medication
© Bond Wireless 2007 All Rights Reserved
20
Case Study:
Using Bond Wireless SMS SecureTrans to notify
patients of medical results in a Sexual Health Clinic
 Doctors have to show duty of care in contacting
patients with communicable diseases in Australia.
 90% of medical test results are negative.
 Currently using certified/registered mail as proof of
duty of care. Cost is about US$2 per patient, with
ineffective results due to the mobility of patients.
 Australian hospital currently using Bond Wireless
SMS SecureTrans to obtain non-repudiated proof
of patients’ receiving their results via SMS and
ensuring confidentiality of results.
 End result for Hospital: Faster response time,
reduced cost of delivery, more effective results in
managing patients with less patients phoning in to
inquire about their medical results.
© Bond Wireless 2007 All Rights Reserved
21
Message stored on
Clinic Server
encryption an option
Fig. 1 Schematic SMS Pathways
SMS
message
Send Message
Message sent to Bond Wireless
Message passed to Client
Client sends PIN to
Bond Wireless Server
Receive
message
Encrypted message
unencrypted
Message status sent to
Clinic Server
Message sent to Client
Notify
Staff
Secure
SMS
message
No message kept on
Bond Wireless Server
© Bond Wireless 2007 All Rights Reserved
22
Consent to SMS by age and sex
© Bond Wireless 2007 All Rights Reserved
23
Conclusion: Advantages of SMS for GCSHC
• Solution compatible with and can be delivered through existing platform.
• 90% of the negative results resolved via SMS.
• Phone traffic for result giving has been significantly reduced.
• Staff time & effort targeted more cost–effectively on +ve results
• Appointment waiting time are reduced, meeting public health needs
• Secure SAVSMS provides non-repudiated proof of duty of care.
• Cost saving on postage.
© Bond Wireless 2007 All Rights Reserved
24
Future Applications in Health Industry
• Working with Bond University’s School of IT and School of
Medicine in developing SMS/VoIP solution to remind
patients in filling their medical prescriptions before expiry.
• Sending SMS results for PAP smears test and other
pathology test results.
• Assisting in compliance of drug trials.
• Mobile prescription utilizing SMS AV technology.
© Bond Wireless 2007 All Rights Reserved
25
SMS Banking with Verification via IVR
SMS SecureTransTM
Balance Inquiry
1. User sends an SMS shortcut to initiate
transactions with username (optional).
Example: LI CUST1.
The SMS is sent to a dedicated SIM.
1
SMS
2
3. User chooses transaction and sends the
appropriate shortcut. EXAMPLE: BI
SMS
1. BI - Balance
3
SMS
4
SMS
5
SMS
5. User chooses response for transaction.
Example: 1
2. Server verifies user using
CLI and username. A menu
is sent back to User via
SMS.Example:
2. FT - Fund Transfer
4. Server verifies user using CLI and sends the
response to the shortcut. Example: Balance
Inquiry for which Account:
1. Streamline Account No 888
2. Checking Account No. 999
7. User receives an automated telephone
call from the bank requesting user to key
in his/her password. User enters his/her
Mobile PIN, listens for the Approval
Password, and hangs up.
8. User receives an encrypted
message requesting the Approval
Password. User sends Approval
Password. Example: <Approval
Password.>
6&7
Voice/IVR
8
IVR
9
SMS
© Bond Wireless 2007 All Rights Reserved
6. Server verifies user using CLI.
An automated call is generated to the user,
announcing the transaction initiated and
requesting user to enter his/her her Mobile PIN
in order to retrieve a dynamic Approval
Password..
9. Server verifies user using CLI, decrypts the
message using the Password. Once verified, the
requested transaction is sent via SMS. Example:
You have <Balance Amount> in <Account No.>
27
Fund Transfer
1. User sends an SMS shortcut to initiate
transactions with username (optional).
Example:LI. The SMS is sent to a
dedicated SIM.
SMS
1
SMS
2
3. User chooses transaction and sends the
appropriate shortcut. EXAMPLE: FT
5. User chooses response for transaction
by choosing the accounts to transfer from
and account to transfer to with the word
‘to’ as a separator .
Example: 1 to 2 <Amount>
7. User receives an automated telephone
call from the bank requesting user to key
in his/her password. User enters Mobile
PIN, listens for the Approval Password,
and hangs up.
8. User receives an encrypted
message requesting the Approval
Password. User sends Approval
Password. Example: <Approval
Password.>
2. Server verifies user using
CLI and username. A menu
is sent back to User via
SMS.Example:
1. BI - Balance
2. FT - Fund Transfer
SMS
3
4. Server verifies user using CLI and sends the
response to the shortcut. Example: Fund
Transfer to be done on on which Accounts:
4
SMS
5
6&7
SMS
8
9
Voice/IVR
SMS
SMS
© Bond Wireless 2007 All Rights Reserved
1. Savings Account
2. Checking Account No. 999
6. Server verifies user using CLI.
An automated call is generated to the user
announcing the transaction initiated if
transaction request is confirmed, requesting user
to enter his/her Mobile PIN in order to retrieve a
dynamic Approval Password.
9. Server verifies user using CLI, and Password.
Once verified, confirmation of the requested
transaction is sent. Example: You have
transferred <Amount> from <Account No 1> to
<Account No. 2>
28
SMS mobile banking business model
• Revenue models
– Reduce cost of servicing customers
– Increase revenue stream with SMS Banking as
a value-add service to customers
– Independence from carriers and networks
– Potential mobile payment solution with global
footprint
© Bond Wireless 2007 All Rights Reserved
29
Example of SMS AV usage for SMS Banking
• Permits sensitive information to be sent to
customers with confirmation of information being
sent to customer.
• Enables transactions to be conducted using a
mobile phone without modification of SIM cards.
• No sensitive information that is encrypted is
stored on third-party servers.
• Ensures only intended recipient can read
message
• Applications include SMS Banking, SMS Transact,
SMS Billing, SMS Payments/Ticketing
© Bond Wireless 2007 All Rights Reserved
30
Why Bond Wireless
SMS Banking Solution?
• Patented proprietary technology
• Secure (possible for bank to self-host security server)
• Scalable (RDBMS, encryption engines, etc.)
• Extensible (e.g., add IVR, text-to-speech capabilities, etc.)
• Telco/handset independence
• Proven expertise- Microsoft Gold/Sun iForce certified
• Cost effective (hard-/software platform agnostic, integrates
to legacy systems readily)
• Cost effective administration (low admin overhead & end
user support cost)
• Possible deployment as micro-transactions platform
© Bond Wireless 2007 All Rights Reserved
31
Notes on SMS Banking with IVR Verification
•
Once a request for transaction request is initiated, as security measure, there
will be an automatic timed logout if user does not respond within a set time.
•
The entire process can be shortened by the user by using the appropriate
shortcuts and correct fields without the server prompting after Log in. For
example:
BI 1 <Password>
FT <A/C to txf from> to <A/C to txf to> <Password>
•
Steps 6, 7 and 8 can be reduced to just IVR verification. However, the security
and audit trail requirements may require the additional steps as voice calls can
be forwarded without knowledge of the caller while SMS can never be forwarded
with original sender’s CLI from a handset.
•
In addition, the encrypted SMS sent back to the bank provides the customer
with a ‘copy’ of the transaction done, thus providing an audit trail or receipt of
the transaction while IVR alone will not provide a journal of the transaction from
the customer’s perspective.
© Bond Wireless 2007 All Rights Reserved
32
Other Business Process Applications
 Sign-off of company purchase orders by remote or
mobile staff
 Sign-off of letter or advertising copy by remote or
mobile staff
 Alerting senior managers of organisations of KPI metrics
 Enabling organisations with remote workforces to
dispatch, track and record appointment details
 Interacting with Customers and Suppliers to confirm
receipt, shipment and status of orders
 Simple reporting tool for remote staff who may not have
ready access to an internet connection
© Bond Wireless 2007 All Rights Reserved
33
Selected References
1.
2.
3.
4.
5.
Tan, C, Teo, T. W., and Goldschmied, J., “An Authenticated SMS (Short Message
Service) System for M-Commerce Transactions: Practical Issues and Legal
Perspectives”, Hong Kong Mobility Roundtable Conference 2005, Hong Kong, June13 2005.
Clarence N.W. Tan, Bond University, Australia; Tiok-Woo Teo, Bond University,
Australia, “Mobile Telecommunications and M-Commerce Applications”, Encyclopedia
of Information Science and Technology I-V (Mobile Technologies), January 2005,
Idea Group Inc., USA, ISBN 1-59140-553-X.
C. N. W. Tan and T. W. Teo, “An Authenticated Short Message Service (SMS)-Based
Transactions System Without SIM Modification”, Proceeding of the 2003 International
Conference on Wireless Networks, 23–26 June, 2003, Las Vegas, Nevada, USA.
C. N. W. Tan and T. W. Teo, “A Short Message Service (SMS) Enabled Job Dispatch
System”, Proceeding of the 2002 International Conference on Wireless Networks,
24–27 June, 2002, Las Vegas, Nevada, USA, ISBN 1-892512-30-0.
Tan C & Teo T-W, From e-commerce to m-commerce: The Power of the Mobile
Internet”, chapter in Internet Management Issues: A Global Perspective by J Haynes
(Editor), Idea Group Publishing, Chapter 2 pp. 27-53, ISBN: 1930708211, USA,
2002.
© Bond Wireless 2007 All Rights Reserved
34
Questions?
TQ
Contact details:
clarence@bondwireless.com
© Bond Wireless 2007 All Rights Reserved
35