By Frank Smith, ENLETS Mobile.
The current state of mobile computing and communications is the result of a long period of innovation of several technologies over many years. During that time there have been many game changing breakthroughs, and sustained improvement of ideas.
This paper looks at the journey so far, focusing on current and recent examples of mobile payments, travel, law enforcement, identity, biometrics, communications, security, and the broader context of computing. It is based on a wide range of conversations with specialists in different fields and presentations at recent conferences including the Silicon Trust Mobile ID Forum in London in April 2016; the annual Biometrics conferences in London organised by Elsevier and the Biometric Institute each October; several meetings of the ENLETS Mobile EU working group (formerly e-MOBIDIG) on mobile solutions for law enforcement; and other sources.
In this review the term ‘mobile’ is not necessarily restricted to use of mobile smartphones and similar devices but includes chips embedded in contactless cards, passports, and increasingly in the future, household and other devices known as the Internet of Things. A broad view is relevant, particularly as so many of the technologies are converging and overlapping.
Electronic and contactless payment
Multiple trends are changing how we make payments. We are first, increasingly moving from traditional cash payments to electronic payments; second, electronic payments are increasingly moving from contact-based smart cards (EMV, chip and pin) to contactless payment cards where the card is held very close to the payment reader; and third, contactless payments are increasingly being made from a secure smartphone using Near- Field Communication (NFC), the same close proximity connection as contactless cards – this is known as mobile payment, discussed next. In addition, traditional PCs and mobile devices are being widely used for home banking and payments. Visa reported at the Contactless Forum in Q2 2016 that in Europe 160 million Visa cards support contactless payment; there were 3.2 million contactless-enabled terminals; and in the 12 months to April 2016, 3 billion contactless payments were expected to be made.
Uptake of new forms of payment varies from country to country but has real attraction to customers for ease and speed of use. It would be reasonable to assume those with less take up so far will follow the earlier adopting countries.
Innovations described at the Contactless Forum included:
- bPay – wristband, key fob and stickers. Operates as a contactless payment card, but in a different physical form so that it can be carried differently from a card, on a keyring, on the wrist or glued onto another object that has a flat surface.
- Cork City, Ireland – won a Contactless and Mobile Award 2016 for promotion of contactless payment in a city that has traditionally been very much cash-based.
- Auto-vending machines – machines selling cold drinks and confectionery purchased by contactless payment as an alternative to cash.
- Charity collections – Cancer Research UK and others are exploring the use of a mobile contactless payment device equivalent to a charity cash collecting box; and donation points on charity shop windows inviting the public to make a contactless donation when passing in the street – when they do, a video message plays to thank the donor. Open all hours, not restricted to shop opening times.
- Travel – innovations are described below using the same or similar technology as contactless and mobile payments, for travel purposes, including payment.
As already mentioned, smartphones and other smart mobile devices including smart watches are increasingly being equipped with NFC communication to be able to make contactless payments, taking the place of a contactless smartcard. Security was enhanced with the introduction of ApplePay, announced in September 2014, including TouchID fingerprint verification. Other smartphones have introduced similar facilities. Various mechanisms exist to safeguard the integrity of critical data (see Security, below).
Enabling a smartphone to behave as a contactless card adds functionality such as real-time messaging that would alert the owner if his credentials had been used on another machine.
Point of Sale and online sales
Point of Sale (PoS) terminals are well established in Europe to read a chipped (contact) bank card, allowing the purchaser to input a 4-digit PIN to authenticate a payment using the EMV technical standard. This is being extended to allow contactless payments. Various new solutions are being offered to allow retailers to offer the PoS capabilities to customers based on smartphones. PoS terminals are being developed that include biometric verification. Electronic vending machines and charity collection points mentioned earlier show how innovative sale points are being developed.
Mobile solutions are also being developed to include biometric verification for online sales to increase security and to make the customer experience as ‘frictionless’ and easy as possible, reducing abandoned sales. Mastercard recently launched Identity Check Mobile in Europe for this purpose.
Electronic, contactless and mobile payments are increasing rapidly and are likely to continue to grow and see a further shift from cash payments into more sophisticated models and new forms of encounter between the customer and the vendor.
Mobile devices are also increasingly being used for travel. Several cities and regions in different countries are actively developing mobile-based ticketing where the passenger can select a journey, buy a ticket, and then board the transport or to verify their eligibility to travel to an inspector. Examples include Transport for London (TfL) and other parts of the UK, Belgium, and examples in the US.
Aviation boarding passes on a smartphone were introduced as an experiment in 2007 and is now widespread as a trusted process. The passenger buys their ticket, downloads the boarding pass to an electronic wallet on the phone: this includes a 2D barcode that is read by the check-in terminal, possibly even at unattended eGates.
Transport for London (TfL) introduced the use of contact- less payment cards replacing cash purchase of tickets across the entire fleet of London busses and underground (tube) trains in 2014. Busses adopted a single standard fare for all journeys: ‘tapping in’ to a reader with a contactless payment at the start of the journey deducts one standard fare from the holder’s account. Variable fares are necessary on the tube so the same card is used to tap in at the start and to tap out at the destination, when the correct fare can be charged. There has been a huge uptake for this solution.
ITSO, an organisation which aims to make travelling on public transport throughout the UK seamless and easier by using smart ticketing, has produced a standard for smart ticketing, and for interoperability which is important given the multiple operators who can be involved within the same region.
Complicated and incompatible pricing structures between competing transport operators in the same region can present a difficult challenge for introducing integrated travel schemes that allow passengers to switch flexibly between operators during a journey. Commercial and political change may be needed to rationalise the scheme before a good technological solution will work well.
Examples schemes discussed at the Contactless Forum include Transport for the North – bus, train, Metro and tram operators across the North of England; MoBiB, uniting transport operators in Belgium with a common MOBIB chipped card; mobile / smart payment and ticketing solutions for the Chiltern Railway (UK), and Boston, Los Angeles and New York in the US, and others involving solutions by Masabi.
Major potential exists for mobile solutions to play an important part in purchasing and ticketing transport, and in the future in co-ordinating transport operations. 5G mobile communications may in the future support better co-ordination of trans- port systems and providing real time information for travellers, including bus and train scheduling, and co-ordinating groups (platoons) of autonomous cars on trunk roads and through cities. The future may be very different from today.
Law enforcement services have developed sophisticated technology solutions which often have to be accessed back at base, in fixed offices, leaving a disconnect from the front-line officer. Mobile solutions are showing real potential to provide local, real- time access to these systems on the front line, and to bring major improvements to service.
The ENLETS Mobile EU working group on mobile solutions for law enforcement is a subgroup of the European Network
of Law Enforcement Technology Services (ENLETS). ENLETS Mobile participants are demonstrating that a tipping point is being reached where effective large-scale mobile solutions are now being delivered for some agencies and that there is a real opportunity for a major adoption by others: the group exists to help share good practice within the law enforcement community. The group promotes ideas that have been shown to work well – and to help to avoid repeating expensive mistakes made in the past – and aims to help law enforcement services make effective progress.
Mobile systems such as the MEOS solution developed by the National Police of the Netherlands have shown the importance of fully involving front line users in the design team, re-designing and improving business processes by bringing technology direct to the front line, and including the capability for agile and incremental change based on proven experience in the business. Improvements are possible in law enforcement to increase the ease and clarity of identification, streamline the process of issuing penalty tickets and increase the accuracy of data recorded, increasing the prospect of successful recovery of fines. Such solutions are able to connect directly to the core IT systems used by these organisations to deliver real-time results to the mobile officer.
Mobile solutions are on track to be a major game changer for operational law enforcement, comparable to previous reforms brought about by the introduction of fingerprinting, radios, central computers, Automatic Number Plate Recognition (ANPR) and DNA profiling.
It is becoming ever more important as an individual to be able securely to establish your identity and entitlement to something, online or face to face. Correspondingly, as a service provider it is critical you can allow the right users access to your service but detect and prevent imposters, intruders, cyberattacks or any other attempt at unauthorised access. It is also essential that personal information is only shared when that is appropriate; and that sensitive data to prove your identity are held securely.
We are used to producing a physical document to establish our identity or authority, for example a passport at a national border or a bank card when making payment. We are probably too familiar with remembering multiple passwords for online services. We may not be aware of the secure chip in our passport or bank card; we are aware that remembering so many passwords for online access is impractical or leads to insecure practice. Strengthening the security of these functions on a smart card – an electronic identity (eID) document – can improve on a purely physical document or password; combining such functions on a smart- phone that we already use for many other purposes – a mobile ID function – is a logical step, and is beginning to happen. Services to register an online identity as a central service to access other functions are also appearing.
Examples of identity schemes, including some discussed at the Silicon Trust MobileID Forum, are:
- Gov.uk/verify – identity service for online access to UK government services, supported by several identity providers including banks and credit agencies.
- Open Identity Exchange (OIX) – promotes good practice and standards on exchange of identity recognition between systems.
- FIDO (Fast Identity Online) – publishes standards interoperability between strong authentication devices, enabling the user to perform secure logon to multiple websites without having to remember logon credentials for each one. The user authenticates to their mobile device; the device stores credentials for each site and logs on when authorised by the user.
- SAML 2.0 (Security Accreditation Mark-up Language) – allows exchange of accreditation credentials between for example one system where the user is already trusted and another which he would like to access but which does not know him. SAML is the basis for single sign on, logging onto multiple systems with one logon transaction, such as via an online identity service.
- New individual identity solutions are becoming available. Examples include goID (HID), Mobile Connect (GSMA), WorldReach (visa applications) and YOTI.
To be effective, electronic and mobile ID solutions have to depend on strong, trusted means of assuring the identity in question, considered further below (biometrics and security).
It can be critical to establish that someone claiming a particular identity does not simply know the right credentials registered to that person (e.g. correct password, security answer and mobile device), but really is the actual person in question. To do this, biometrics – linking some enduring feature of the person presenting themselves to something previously recorded for that person – can help to authenticate the claim.
Mobile solutions such as a smartphone or smart card can help. Recent devices have included some biometric capability, to increase assurance on identity and make the process easier to use. Apple TouchID fingerprint verification on the iPhone 6 and its link to ApplePay contactless payment was a breakthrough for mass market; others soon offered similar functions. Similar developments are taking place in mobile Point of Sale terminals. Some examples:
- Fingerprint matching on card – EMV and MasterCard (September 2015). Match on Card means the reference biometric is held securely on the smartcard; a reader captures a fingerprint and sends that to the card, which can confirm whether the biometrics match – no reference data is disclosed. The same principle can work on a smartphone (Match on Device), as with TouchID.
- Facial verification – using advanced facial recognition to confirm that someone taking a ‘selfie’ photograph on a smartphone matches the person previously enrolled, or comparing the photo with an authenticated image on a secure passport chip
- Iris recognition – is coming into use; other modes of biometric may follow.
There is extensive knowledge amongst biometric specialists on the technologies and practical methods for effective biometric verification. Mobile use is central to current advances in biometrics: FBI specialist Jim Loudermilk said at the Biometrics 2014 conference in London that what is happening with the development of mobiles is not just taking place alongside biometrics but is at the fore- front of the development of the subject.
As more dependence is placed on biometric verification e.g. on a mobile device, the more important it is to consider the possibility of attempts to deceive biometric verification by ‘spoof’ attacks. This topic is known as presentation attack detection: standards are being developed in the area (ISO/IEC 30107). Methods of resisting attack include liveness detection, for example to detect when a photograph is presented instead of a real person – it is important to consider the possibilities and develop robust solutions.
Law enforcement such as police and borders typically require high quality biometric sensors e.g. where a fingerprint will be used to search a large database; and even higher quality and recording of all 10 fingers to enrol new records onto such as system. Where the law allows it, mobile use of biometric search can be conclusive and efficient in identifying someone and highlighting information the border or police officer should know about. This possibility is driving the development of better, lighter, higher quality biometric sensors for mobile use.
Existing mobile networks
2G, 3G and 4G networks have developed over many years since 2G was launched in 1991. 4G introduced the new Long Term Evolution (LTE) standard for mobile data communication, better suited to high speed connectivity. Ericsson has said,
“Western Europe is at the forefront of mobile broadband due to early LTE roll-out, and well developed 3G networks.”
— Ericsson Mobility Report, November 2015.
These regular reports on the progress of mobile communication show a very rapid increase in the volume of mobile data being transmitted as more users and devices are connected, demanding faster data transmission e.g. for photographs, sound, video and online gaming – Ericsson projects that mobile data will increase by more that 10 times from 2015 to 2021 (a rate equivalent to that projected in Moore’s Law for the sustained increase in processing power on integrated circuits).
Future mobile networks: 5G
5G represent the next major phase of mobile telecommunications standards beyond 4G. The Next Generation Mobile Networks Alliance defines the following requirements for 5G networks which it feels should be rolled out by 2020 to meet business and consumer demand:
- Faster – tens of megabits per second should be supported for tens of thousands of users; 1 gigabit per second to be offered simultaneously to many workers on the same office floor;
- Better – several hundred thousand simultaneous connections to be supported for massive sensor deployments; coverage, signalling, spectral efficiency and latency should all be improved; and
- New use cases – such as Internet of Things with access in buildings and vehicles, broadcast-like services and lifeline communication in times of natural disaster.
Telecom vendors expect 5G to offer data rates up to 10 Gbps over the air; latency in the order of 1ms; and enable IoT connected devices to run on battery for up to 10 years. The Economist (ref. 1) highlighted the extent of the changes 5G will represent for everyone.
The long-term strategic direction for the specialist, high reliability networks needed for critical emergency services is in a migration from predominantly voice-based TETRA and TETRAPOL networks to networks based more closely on contemporary commercial mobile networks, LTE-based (including VoLTE), progressing to 5G as it becomes available.
WiFi and Bluetooth
These are important relatively short (metres) communication between devices, e.g. to pair co-operating devices or to connect a mobile device to an internet access point.
Near Field Communication (NFC)
NFC uses low power radio communication to enable a reader to interrogate a contactless card when it is very close to the reader, without being directly connected electrically. This makes for simpler, quicker and more convenient interconnection than with an electrical contact. Smartphones can use NFC to act as a smart- card to make payment, or as a reader to interrogate a document chip such as a payment card, ID card or passport.
Security has been highlighted several times in the earlier discus- sion about mobile solutions. A number of approaches exist and are being developed to support mobile use. Mobile communication inherently raises the questions ‘Who are you? Should I trust you?’ when devices connect: strong authentication is important to be sure that the right user, device and network are making contact. Part of the solution requires trust in the integrity of critical data held on a mobile device, for example private encryption keys, PINs, passwords and biometric data used to authenticate a user. High security is essential to underpin the trust necessary for mobile services and this can be supported by mechanisms such as:
- Trusted Platform Module (TPM), Secure Element or Secure Enclave (SE) or an electronic wallet hold critical data to protect them from unauthorised access.
- Public key encryption used in a PKI system or Virtual Private Network (VPN) can be used to ‘sign’ data with a digital signature: this does not prevent data being altered, but can detect if that has happened.
- Trusted Execution Environment (TEE) protects the confidentiality and integrity of critical software on a smartphone.
- Secure partitioning of a device so that one part can be used for work purposes and another for personal use, social media, etc. without conflict.
- Certified security properties of a key component e.g. the secure chip in a passport: a definition for these purposes is known as a Protection Profile (ISO/IEC 15408).
The EU has introduced a regulation on electronic identification and trust services (eIDAS), EU Regulation 910/2014, which provides for the interoperability of national eID schemes for electronic identity and trust, at low, substantial and high security, based on eIDAS standards.
Broader context of computing
We have concentrated on mobile devices, particularly smart- phones. These will continue to develop. Besides becoming yet lighter, thinner, better, faster, able to hold more data; and to improve screens, power consumption, batteries, charging methods and wearable technology. Recent innovations have included sensors for heart rate and GPS location making navigation on a smartphone a standard feature: more will follow.
There is also a broader context affecting how we use, are using and will use technology. Some examples:
- Internet of Things (IoT) – embedding sensing, control and communications capability within physical objects so that they can be connected over existing networks, integrating the physical and computing worlds. It has been projected the IoT will include 50 Billion devices by 2020. But it will do more and enable smart co-ordination of, and mass data analysis from, large groups of multiple components.
- Cloud computing – a shared method of organising computing and storage over a network (e.g. the internet) on demand, with better flexibility, resilience, response to new demand, at less cost. The physical location of the computer being used does not need to be known to the user, and may be distributed over several data centres.
- Big data analytics – collection and analysis of very large volumes of data with the capability to process and analyse it rapidly and effectively. A powerful combination is to link the power of big data analysis with delivery to a small highly mobile device.
- Faster, better communication – including the progression to 5G will accelerate the development of improved communication, more easily and flexibly, everywhere.
- Is Moore’s Law slowing down? – Moore’s law is based on an observation or prediction by Gordon Moore, founder of chip manufacturer Intel in the 1970s that the number of transistors possible to include in a single chip was doubling every one or two years. That trend has held good for nearly half a century – an enormous increase in computing power – but with tracks on the chip now shrunk to around 100 atoms across, there is a growing recognition this trend surely has to slow down. However, denser packaging of chips, more advanced Artificial Intelligence (AI), more ubiquitous and faster data communication providing easier real-time access to effectively infinite resources on the cloud may mean the rate of progress may be maintained even if Moore’s Law no longer holds good (see the two Economist articles in the references).
- Speech recognition and synthesis – another technology that is a candidate for making a difference in the future, getting closer to real-time analysis, working over a range of speakers, accents and languages. Natural language comprehension and translation, too? Apple introduced Siri; others exist too.
- Intelligent / cognitive computing – various forms of machine or artificial intelligence have been a long-term aspiration of computing. Perhaps the most ambitious current development is IBM Watson, described as cognitive computing which ‘learns’ by analysing the meaning in very large collections of evidence on a topic, such as medical diagnosis and selection of the best treatment.
So, where next?
The first aim of this paper has been to show how profound a revolution has been taking place based on new technology, including mobile devices and mobile communications. However, this revolution is far from being just about the latest device or technology… it is a path that has developed over many years, many products and many technologies: what has got us where we are today is the totality of all this innovation. Some of it has been radical and game changing; some incremental. Many will be surprised that the first mobile telephone service was launched in 1926 (see Timeline). While that was a radical innovation, we have though progressed far beyond that first milestone.
This innovation will continue at pace. Not just to improve the products and services we are familiar with, but to re-shape the nature of those offerings. Computing is becoming far more ubiquitous: the development of the Internet of Things and super-fast 5G communications will drive further change. Voice recognition and artificial intelligence such as Siri and Watson are only beginning to make an impact but will surely develop into major features of the way we use technology. What we class as mobile technology will go further and wider: we are seeing indications of that with automated cars already in use as prototypes, off and even on our public roads. By connecting huge numbers of users on the move to central tracking of cars available for short trips, Uber introduced a completely new model for casual use of this kind of taxi service – this will develop further.
Change will affect our working and private lives. Ericsson (see reference section) have produced thought-provoking analysis on Next Generation Working Life, and Organising for Change – Digital Business Transformation.
Change can be beneficial or disrupting for the individual – or both. We cannot know in advance what the next few years, decade or century will bring, but we can see credible hints at some of the start of this in some current developments and thinking reviewed here.
Will we continue to say ‘mobile’ before ‘technology’ and ‘communications’ for ever? Surely not, once most of the technology and communications, most of the everyday devices we use, are smart and mobile – the next generation will ask us if there was ever a time when these things were not all smart and mobile (!).
We will continue to live in interesting times, for many years to come.