on requirements for mobile commerce

Año 8, n.º 15, diciembre de 2003

7

ON REQUIREMENTS FOR MOBILE COMMERCE

Jari Veijalainen, Peter Yamakawa*, Mitsuji MatsumotoWASEDA UNIVERSITY, GLOBAL INFORMATION AND TELECOMMUNICATION INSTITUTE

JAPÓN

Jouni MarkkulaUNIVERSITY OF JYVASKYLA, INFORMATION TECHNOLOGY RESEARCH INSTITUTE

FINLANDIA

Afrodite Tsalgatidou, Stathes HadjiefthymiadesUNIVERSITY OF ATHENS, DEPARTMENT OF INFORMATICS AND TELECOMMUNICATIONS

GRECIA

ResumenLos avances en Internet y redes inalámbricas y el rápido crecimiento del número deequipos móviles han resultado en el crecimiento acelerado del comercio móvil. Conside-ramos el comercio móvil como un subconjunto del comercio electrónico en el que lastransacciones se realizan utilizando un terminal móvil y una red inalámbrica. El usuariode equipos móviles y sus requerimientos juegan un rol en el desarrollo del comerciomóvil, en adición al desarrollo tecnológico y el desarrollo de los marcos regulatorios.Este documento aborda los requerimientos para el comercio móvil de un modo sistemá-tico. Primero, establece el escenario del comercio móvil revisando los conceptos y re-querimientos básicos. Luego introduce un metamodelo publicado con anterioridad yconsistente en cuatro esferas de interés: marcos regulatorios, modelos de negocios, in-fraestructura global y tecnologías de apoyo. Los requerimientos para el comercio móvilse agrupan por estas esferas y son analizados en este contexto. El énfasis se pone enaquellos requerimientos que han de persistir. Se muestra que, muchos de ellos se origi-nan en una esfera y luego se propagan a otra esfera, de modo que con frecuencia tomanuna forma más concreta. La esfera de tecnologías de apoyo se refiere a las tecnologíasfuturas que están siendo desarrolladas ahora para responder a los requerimientos quesurjan en el futuro.

* Profesor de Tecnología de Información de ESAN.

1. Introduction

Nowadays, M-commerce and the adoptionof related technologies have become verypopular. Some of the factors that contrib-

uted to this development are the tremen-dous developments of the Internet and re-lated technologies, the understanding andexploitation of the business potentials thatrest behind this development, the boost ofE-commerce frameworks and technolo-gies, and the growth of wireless commu-


8 esan-cuadernos de difusión

nications. Wireless technologies com-bined with Internet-enabled terminals con-stitute an ideal platform for the realiza-tion of new types of business transactions.The small and light, yet powerful, mobileterminals are almost always carried bytheir owners (like wallets). They can alsostore electronic cash, credit card informa-tion, tickets, certificates of the Public KeyInfrastructure (PKI), etc. Thus, they canassume the role of an e-wallet, as well asfunction as authentication and authoriza-tion devices in various contexts. In addi-tion, the terminals can be located eitherby using satellite technologies (e.g. GPS),terrestrial network facilities, or indoormechanisms, based on WLAN/PAN tech-nologies. Recent developments in theseareas seamlessly extend the positioning ofwireless devices into several environ-ments. Thus, services based on the loca-tion of the terminals, referred to as loca-tion-based services (LBS), have becomewidely possible. They are a new serviceclass for mobile computing and open newbusiness opportunities. For these reasons,the telecom industry has begun to callportable terminals, with the above func-tionalities, Personal Trusted Devices(PTD).

Digital convergence of various sepa-rate technologies is continuing. As an im-portant indication of this, a portable high-end terminal can basically host any otherminiature device, such as a video camera.Game consoles combined with a terminalare already on the market. These devel-opments will have considerable, yet large-ly unknown, effects on M-commerce inthe future. Another convergence path isthe emergence of common IP-based corenetworks. The Internet-enabled wirelessterminals are already able to access ser-vices designed for normal Internet users

(e.g. WWW), and services specially de-signed for mobile users (e.g. WAP, I-Mode). Terminals run TCP/IP end-to-endover a wireless bearer, or a special WAPprotocol suite to the WAP-gateway (WAPForum, 2002). Further convergence of theIP and wireless technologies is anticipat-ed so that the future devices will be seam-lessly integrated with the IP infrastructure.This development started with earlier ver-sions released by 3GPP and was finalizedwith Release 5 (Kaaranen et al. 2002,3GPP 2002, MITA 2002a-c).

Concerning related work, there aremany papers, books and reports thatpresent requirements for various, mostlytechnical, aspects of M-commerce (E-Fac-tors 2002, Kalakota and Robinson 2002,MITA 2002a-b, Sadeh 2002, Varshney andVetter 2002). These are relevant to ourwork, but we are not going to repeat allpossible individual requirements that havebeen established thus far in the citedsources. The main contribution of thispaper is to present a systematic frameworkfor the most persistent M-commerce re-quirements and show their origin and re-lationships. Our goal is not only to strati-fy requirements vertically, but also to in-vestigate their life span. Some of them aremore fundamental than others, whichmeans that they originate at the legal lev-el or are dictated by, for example, the lawsof nature (bandwidth scarcity). Many re-quirements are actually established at theregulatory or business level and must findtheir implementation at the technical lev-el. These are usually more persistent thanthose emerging, for example, from the re-strictions of a particular network or ter-minal generation.

The paper is organized as follows. InSection 2 we discuss the basic definitions


9On Requirements for Mobile Commerce

of M-business and related concepts, thedefinition of requirement, and introducethe framework model. In Sections 3, 4, 5,and 6 we look at the requirements for thefour spheres of concern. Section 7 presentsour conclusions.

2. The Requirements Framework

There has been much discussion in thescientific and commercial literature aboutthe definition of E-commerce and M-com-merce (Durlacher 2000, OECD 2002, Kala-kota and Robinson 2002, Aarnio 2002,Sadeh 2002, Varshney and Vetter 2002). Wedefine M-commerce as an activity that con-sists of M-commerce transactions. AnM-commerce transaction is an E-com-merce electronic transaction (OECD 2002)that is conducted using a mobile terminaland a wireless network. Notice that the def-inition includes all portable terminals andPDAs, as well as terminals mounted invehicles that are capable of accessingwireless networks and/or use short rangewireless connections while performingM-commerce transactions. The activitiesthat precede or follow the actual M-com-merce transactions belong, strictly speak-ing, to M-business (Kalakota and Robin-son 2002). We confine ourselves below onthe M-commerce aspects.

Our goal is to treat various require-ments for M-commerce. A requirement in

this context is a statement that holds in-variably for an entity during its lifetime.An entity can be a distributed system, aterminal, a company, a state, or even aninternational organization. We adopt arather general definition of the term re-quirement.

To briefly illustrate the relationshipbetween the requirements at different lev-els, and within different regions, let usdiscuss privacy. It is a requirement thatoriginates at the legal level, for example,within the European Union, as stated inthe relevant Directive (European Union2002a). As it is incorporated into the le-gal framework, it must be taken into con-sideration when designing business mod-els (BMs). Such BMs are illegal withinthe European Union, if, for example, thelocation data of the customer is somehowused without explicit consent from thecustomer (or authorities). Privacy must besupported at the infrastructure level. Inpractice, this means that message encryp-tion should be provided in the wirelessinterface and protection for the terminal’scoordinates against misuse in any part ofthe service provider must be provided. Theuser must also be empowered to switchthe terminal positioning on and off. Therequirements are technology-dependent.The user interface for positioning controlis also highly dependent on the interfaceand positioning capabilities of a particu-lar terminal and the access network.

Figure 1: Spheres of concern in M-Commerce

Business Models

Global Infraestructure

Enabling Technologies

Regulatory

Frameworks



We use the model introduced earlierin Veijalainen and Weske (2003) as theframework to group requirements. Its ba-sic structure is presented in Figure 1.

• Regulatory Frameworks: The organi-zational and technical aspects of laws,standards and recommendations, aswell as the bodies involved in theirdefinition. The main actors here areinternational organizations, such asOECD and EU, governments, stan-dardization bodies (ISO, ANSI, ETSI),and interest groups formed by diverseindustry sectors to develop standards,such as 3GPP (3GPP 2002) and OpenMobile Software Alliance (Open Mo-bile Software Alliance 2003).

• Business Models: Business aspects,including business players, providingservices, business protocols, revenuesharing, and code of conduct are im-portant artifacts in this sphere (Tim-mers 1998). This sphere captures thepertinent business aspects, persistentconcepts and structures. At any mo-ment and in different parts of the world,the BMs have different shapes, due todifferences in regulatory environment,local (business) culture, economicstrength of the individuals and compa-nies in a particular region, etc.

• Global Infrastructure: The global in-frastructure sphere deals with the glo-bal network and the concrete termi-nals that facilitate M-commerce, aswell as the real services. The real glo-bal infrastructure is a patchwork ofmany wireless access networks andbackbones, including the Internet. Itis and will be heterogeneous at dif-ferent architectural levels at any pointin time. This is because different parts

of the world will progress at differentpaces.

• Enabling Technologies: This sphereincludes emerging technologies foruser terminals and network technolo-gies, such as cryptography, privacy-protecting technologies, positioningwith high accuracy, and new batteriesand other energy sources for the ter-minals. It also includes standardiza-tion and business interest groups andother organizations developing theseemerging technologies. Typical exam-ples are 4G (and beyond) technolo-gies, that are currently being re-searched, and that will later move intostandardization.

The spheres are interdependent in va-rious ways. For each of the above sphereswe deduce requirements pertaining to M-commerce.

Before going into the details of the fra-mework, we established two fundamen-tal aspects of the M-commerce that arevery persistent, and that penetrate thespheres. These are (1) global user mobili-ty and (2) anytime, anywhere service ac-cessibility. Without the former it is uselessto discuss mobile commerce and its parti-cular problems, albeit various other issuesin E-commerce are still relevant. Withoutthe latter guaranteed to a lesser or higherdegree, a user attempting to conduct M-commerce will experience various proble-ms, from service unavailability to all kindsof interoperability problems at differentinfrastructure levels. Thus, (1) and (2) canbe understood as requirements of a verygeneral nature for M-commerce environ-ments. They are, at the same time, the cen-tral aspects distinguishing M-commercefrom other E-commerce environments.


11

3. Requirements from theRegulatory Frameworks Sphere

The regulatory framework is the highestorganizational level imposing require-ments to M-commerce. It regulates mar-kets and existing and emerging technolo-gies. Market regulation can be divided intothree different types: regulation, self-re-gulation and co-regulation (Aarnio 2002).Regulation refers to formal regulation byauthorities (legislation). Self-regulationrefers to more informal regulation by themarket players themselves. Co-regulationrefers to a mechanism where the regula-tory authorities set up a more general fra-mework and the actual decisions are madeby the market players and the authorities.

E-commerce market regulation is mos-tly regional. The basic requirements forall commercial activities are anchored inthe states’ constitutions, statutes of certaininternational organizations, like the EU,and legislation. However, the customersacquiring M-commerce services are mo-bile and cross borders, thus introducingproblems and challenges to the develop-ment of the field.

The other bodies involved in M-com-merce, such as companies and industryconsortia, have a subordinate role regar-ding laws, i.e. they must comply withthem while designing new technology.The same holds for companies definingBMs and services that are used by consu-mers or other businesses. However, con-sortia and companies developing new tech-nology are not regulated by laws in allrespects. Often only later, in the deploy-ment phase, the laws are passed or self-regulation is applied by the industry. InEU, the regulatory framework for E-com-merce (and M-commerce) was established

in 1997 (Aarnio 2002). Currently, there isa consolidation phase going on. The cu-rrent 12 directives relevant to E-commer-ce can be found in European Union 2003b.Telecom access is regulated in EuropeanUnion 2002b and other relevant directi-ves mentioned in it. Concerning the abo-ve general requirement (2) the EU esta-blishes access to basic telecom servicesas a right. Free mobility of the users isguaranteed within the EU and betweenSchengen countries border controls havebeen dropped.

In Japan, there is also a special E-com-merce legislation, as referenced in METI2002. The purpose of this legislation is topromote the use of electronic transactio-ns for commercial activities by offeringan appropriate environment of trust amongusers. General data protection law is stillin Parliament, and is expected to be adop-ted by June 2003. Law 137/2001 concer-ning ISP service provider liability hasbeen in effect since May 2002. There is aseparate Telecommunication BusinessCode that establishes a regulatory fra-mework for the provision of telecommu-nication services in Japan. In general, Ja-pan relies on self- and co-regulation of theE and M-commerce market more thanEurope.

Requirements originating at the Regu-latory Framework (civil rights) sphere in-clude:

• Privacy of the data pertaining to theindividual, including all data gatheredby the telecom networks, such as po-sitioning data.

• Protected private communications bet-ween individuals and legal entities.This requirement imposes that networkcommunication should be encrypted.

On Requirements for Mobile Commerce



• Freedom to determine with whom andwhen to communicate. The technicalramification of this is that the commu-nication autonomy (C-autonomy) ofportable devices would be under usercontrol1. Notice that the «always on»assumption, understood as a require-ment for a user to keep the terminal«on» all the time, would restrict hisfreedom to decide upon his communi-cation behavior.

• Freedom to enter into contracts withany other party. For roaming custo-mers this would mean that they areentitled to use the services of foreignproviders. This also means that a con-tract with a certain party must not res-trict the rights of a consumer to termi-nate service contracts and enter intonew ones.

• Consumer protection . The legislationdetermines when a consumer shouldbe protected against businesses andwhich jurisdiction to use in case thereis a dispute in a border-crossing tran-saction.

Considering the global nature of M-commerce, certain demands for interna-tional regulation requirements can be set.The regulatory frameworks for M-com-merce should be interoperable. This is es-pecially important among the three leaders(USA, Japan, EU), if the desire is to maxi-mally support M-commerce over the bor-ders and business of the roaming custo-mers. The issues are taxation and consu-mer protection, including dispute resolu-tion. For the latter, the EU has envisioned

automatic mechanisms (European Union2003a). From the content-owner point ofview, Intellectual Property Rights (IPR)should be globally guaranteed.

4. Requirements for theBusiness Models

There is a wide variety of definitions forthe term BM. A recent survey (Hedmanand Kalling 2002) analyzes 66 BMs foundin the literature. Another study reviewsthem in a thorough way (E-Factors 2003).BMs should further include marketingstrategy, marketing mix, and product-mar-ket strategy. The Business Model Sphere(BMS) of concern in Veijalainen and Wes-ke 2003 is primarily based on the defini-tion of Timmers 1998 which defines a BMas «an architecture for the products, ser-vice and information flows, including adescription of the various business acti-vities and their roles; and a description ofthe potential benefits for the various bu-siness actors; and a description of the sour-ces of revenues… BMs should further in-clude marketing strategy, marketing mix,and product-market strategy». This BMSof concern also makes explicit the logicalBM level and its implementation throughservices and business protocols. The stra-tegy level remains implicit. We stick tothis view here.

The most important requirement forany BM is to be economically feasible, i.e.to generate more revenues than expendi-ture. There is a plethora of literatureanalyzing economic feasibility of E-busi-ness models. According to E-Factors2003, there are five separate groups offactors affecting this: technical, indivi-dual, organizational, industry, and socie-tal. It is beyond the scope of this paper to

1. C-autonomy means that a device is not alwaysreachable through the wireless network, andthat it can start and stop communicating at anytime with another party.


13

go deeply into this area, although it is ofoutmost practical relevance. We pick someaspects mostly related with the require-ments from the Regulatory Frameworkssphere. Thus, the possible BMs must becompatible with the applicable law andcode of conduct. As the rules are territo-rial, heterogeneity between different re-gions in the world is bound to appear, un-less deliberate countermeasures are taken.

General requirements for BMs are:

• Support for IPR in the BM. One mustspecify what rights are and are nottransferred to the customer when a M-commerce transaction is performed.

• The authentication and authorizationof the customer and authentication ofthe merchant. The authentication ofthe merchant is primarily required forcustomer protection purposes. The au-thentication of the customer is prima-rily required for protection of both themerchant and the customer.

• Support for consumer protection. Thisrequirement begins at the RegulatoryFramework level. It means that BMsmust take into consideration the rightsof a customer to return the goods pur-chased, refuse to pay non-deliveredservices and preserve privacy. In thisrespect the Automatic dispute resolu-tion mechanism suggested by the EU(European Union 2003a) is notewor-thy. Consumer trust is interrelated withprotection.

• Support for appropriate taxation. Thisis important for roaming customers,as they are often exempt from the Va-lue Added tax (VAT) or similar con-sumption taxes. The EU wants to co-

llect VAT from its own citizens, nomatter which channel they choose touse. Non-residents are basically exemptfrom VAT. The USA has allowed E-commerce to be tax-free since 1998.Japan levies a 5% tax on E-commercetransactions, as well as on other pur-chases by residents. Non-residents areexempt. In the EU, the VAT variesfrom country to country and it can bedifferent for different commodities inthe same country. Unless taxation isuniformly handled for all customers,it presents a problem for all players.

The mobile technology makes possi-ble anytime, anywhere access to M-com-merce infrastructure. As above, thisshould be understood as a requirement atthe BM level. The BMs applied in M-com-merce should be such that the customer isserved at any time no matter where he re-sides or moves to. From this requirementand the free user movement stated above,one can deduce that:

• Global coverage must be available forthe global infrastructure (network) ser-vices.

• Primarily automated services at theserver (merchant) side are needed. Thisrequirement is valid for the entire M-commerce infrastructure. Without con-tinuous accessibility, the M-commer-ce infrastructure is rather useless forglobal operation.

In addition, users must be able to ac-cess the services with a single terminal,i.e. a PTD. One can further establish thefollowing:

• Roaming contracts between the net-work operators, making it possible for




users to access both the local servicesand their home network services orInternet services irregardless of theirphysical location.

• Support for the global electronic pay-ment infrastructure so that the localservices can be reasonably acquiredby roaming customers.

• A multilingual M-commerce serviceprovision so that the roaming custo-mers can actually access the local ser-vices and use them.

It is worth noticing that requirementsfor a BM are different in different partsof the M-commerce value network. In thissection, the emphasis is on the actors thathave a direct relationship with customers.

5. Requirements for the GlobalInfrastructure

The global infrastructure changes overtime. Figure 2 presents a schematic, tech-nology-oriented network view of the glo-bal infrastructure. The view correspondsto the situation in a few years from now,after the backbone network has conver-ged to the «ALL-IP» network envisagedby 3G standardization (Kaaranen et al.2002, 3GPP 2002).

The wireline infrastructure in Figure2 that serves resource-rich terminals isalso used by mobile terminals. The blackline separating the «ALL-IP» area intotwo regions emphasizes the separation ofthe IP-networks from operator-control andfrom the «global Internet». Vertically, the

Figure 2: A schematic horizontal view on the Global Infrastructure

WirelessAccess Networks

WiredAccess Networks

Wiredterminals

Mobileterminals

Servers ServersDigi-TV/

CableUMTS

GSMBluetooth

Analog

ModemIEEE

802.11

IrDa3G Digi-TV/

Airif

IEEE

802.3

ISDN

Wireline Backbone(«All-IP»)


15

global infrastructure consists of severallayers as shown in Figure 3. As stated inKaaranen et al. 2002, the investment costin hardware and software increases as onemoves downwards through the layers, andinvestment cost in people and ideas in-creases when one moves upwards. We dis-cuss the requirements for the global in-frastructure having in mind the abovehorizontal layering.

Figure 3: UMTS Network Architecture,Service Model (Kaaranen et al. 2002)

5.1. Requirements for the Backbone

All requirements for Regulatory Fra-mework and Business Model spheres mustfind their support within the global infras-tructure. Thus, the business processesmust be implemented at this level throughsuitable services and protocols. The net-work must be able to identify the user inorder to be able to charge the right entityfor the use of resources. The concrete re-venue generation at the Network ElementLayer and the Content Provider Layermust be guaranteed by the billing and/orpayment infrastructure. Security and pri-vacy of the customers and authentication/authorization of the parties engaged in M-commerce transactions must be guaran-teed by technical means. These include

PKI certificates and encryption/decryp-tion algorithms.

• Service coverage. This is a basic re-quirement for communication networ-ks. The requirement for the maximalgeographical coverage follows theany-time, anywhere service accessibi-lity requirement.

• Dependability. This can be seen as amore detailed requirement deduciblefrom the anytime, anywhere require-ment. Dependability can be characte-rized by reliability, availability, andsurvivability of the infrastructure (Ma-lloy et al. 2002). Failures or overloadsin different parts of the infrastructurecan violate dependability and, thus,the anytime and anywhere require-ment. In practice, different applicatio-ns have different vulnerabilities as con-cerns dependability.

• Quality of Service (QoS). The QoS forthe basic data transmission and callconnection are well understood. Theparameters are connection latency, datatransfer capacity, bit-error rate, and jit-ter. For dynamic LBS, where the ac-tual position of the terminal is deter-mined and represented in a coordinatereference system, positioning accura-cy is an issue. In addition, the qualityof the data used to provide the serviceis another issue.

• Transactional Service delivery . M-commerce transactions should preser-ve the so-called goods atomicity pro-perty. Thus, all necessary steps to de-liver the service should guarantee thatthe correct goods or services are deli-vered to the customer if and only if themerchant has received the correct


Content Provider Layer

Service Creation Layer

Network Element Layer

Physical Transmission Layer



payment. The issue is further compli-cated by the consumer protection le-gislation that allows the customer toreturn the goods within a certain pe-riod of time or raise argumentsagainst the merchant, leading to adispute. A more elaborate treatmentof these issues can be found in Veija-lainen 2000.

• Interoperability. This requirement canbe divided into three broad subsets:interoperability of two backbone net-works, interoperability of a terminaland an access network and interopera-bility of any terminal and any service.

– Interoperability of two backbone net-works guarantees that voice and datatraffic flows from one wireless orwired network to another.

– Interoperability of a terminal andan access network is not currentlyguaranteed in general.

– Interoperability of any terminal andany service.

• Roaming support. A necessary condi-tion for roaming is that the terminaland network are interoperable. Fur-thermore, there are technical require-ments following from the regulatoryand BM levels. These include termi-nal authentication, profile manage-ment, and encryption key management.M-commerce transactions often requi-re service discovery in order to accessappropriate local services. The intero-perability of the terminal and servicesin the roaming situation must be gua-ranteed at all levels, up to the contentformat and natural language levels.

5.2. Requirements for Terminals

Much of the progress in M-commerce isdue to the rapid development of portabletelecom terminals and PDAs. Basic requi-rements for the terminals are portabilityand usability. Portability boils down to«sufficiently» small physical size andweight. Usability is clearly context-depen-dent: a voice terminal has different usageand usability characteristics from a termi-nal for M-commerce transactions. Usabi-lity, including battery life, tends to increa-se with terminal size and weight. Thus,terminal design should be based on anoptimum trade off between portability andusability. General terminal usability re-quirements are quality color displays, effi-cient and easy-to-use input means (key-pad, voice input), etc. The terminal shouldoffer extended battery life, high-speedprocessor(s), large memory, etc.

The functionality provided by termi-nals is crucial for M-commerce. High-endterminals (e.g., Nokia 9210i Communica-tor) support wireless voice and data com-munications on several frequency bands,Java applications, WWW and WAP brow-sers, client emails, and client faxes. In Ja-pan, J-phone allows the Java applicationsand data to be downloaded and run on ter-minals, facilitating a large variety of appli-cations.

Other essential requirements for theterminals, from a M-commerce point ofview, are:

• Interoperability with the wireless net-works and services. At the physicaland network element level this meanssupport for at least one IMT-2000 airinterface standard (voice and data);without this capability, global roaming


17

is not possible. At the higher protocollevels, WAP 1.x stack or TCP/IP+HTTP(S) (i.e. WAP 2.x) shouldrun. Further, support for short-rangewireless technologies (Infrared, Blue-tooth) is required for payment and tic-keting applications. At the highest ar-chitectural level, compliance with themobile Internet standards, specifiedby OMA (Open Mobile SoftwareAlliance 2003) and related bodies,should be available.

The requirements originating at the Re-gulatory Framework sphere, such asindividual privacy and security, mustfind adequate technical support in ter-minals. Furthermore, the additionalrequirements originating within theBusiness Models sphere must also besupported. These include:

• Authentication and authorization su-pport. Terminal authentication is han-dled by the 2G/3G networks. For ba-sic voice and data services that arebilled afterwards, this is a functio-ning option. But this is not enoughfor M-commerce services in general,because the servers providing servi-ces over Internet (cf. Figure 2), orover a short-range wireless connec-tion, cannot obtain the terminal iden-tity. Besides, even if they could ob-tain it, the connection between theterminal identity and the identity ofthe person using it remains unconfir-med. Thus, there must be end-to-enduser authentication support at theapplication level. This requires eitherserver-side login with password or useof one of the PKI certificates storedat the terminal. The latter option bringsup an extra requirement for the termi-nal; it must offer an appropriate pro-

tection mechanism to the PKI objectsstored into the WIM module.

2G/3G terminals encrypt outgoingvoice and data traffic so that basic priva-cy and security protection are provided atthe air interface. But this is not sufficientfor end-to-end message security and pri-vacy. The terminal must be able to encryptand decrypt the wireless data traffic at theapplication level using PKI and/or othermechanisms, such as SSL or TSL(HTTPS).

An optional requirement for terminalsis payment support, including credit cardinformation stored into the handset, anelectronic wallet storing cash for micro-payments and support for tickets (MobileElectronic Transactions Forum 2002).

Another set of requirements refers toLBS. The primary functionality requiredby a terminal is the capability to positionitself. This can be based on satellite ornetwork-based positioning (Kaaranen etal. 2002). The former requires that the ter-minal be enhanced with a GPS receiver.Most of the network positioning methodsalso require enhancements in the termi-nals’ functionality. Should terminal posi-tioning be possible, it is required that theterminal provides adequate privacy pro-tection means. These include the possibi-lity to prohibit tracking by an externalentity. Tracking of the terminal for emer-gency purposes should, however, alwaysbe possible.

6. Requirements for EmergingTechnologies

The Enabling Technologies in the fra-mework model presented in Veijalainen




and Weske 2003 are the non-deployedexisting and emerging technologies thathave relevance for the M-commerce.Which technologies are of relevance de-pends on many factors, including the re-gulations in force within a certain geogra-phic region, cultural issues, economicsituation of the users, etc.

One of the most important factors inthis respect seems to be terminal develo-pment, which has made it possible to en-hance the terminals’ functionality beyondvoice traffic without sacrificing portabi-lity. Steps in this development have beenminiaturization of the hardware in gene-ral. This has made possible large memo-ries, faster processors the integration ofGPS hardware and software (e.g. Bene-fon), radio receivers, etc. On the otherhand, the development of operating sys-tems with small memory requirements(e.g. Symbian) and advances in softwareplatforms for small devices have vastlyenhanced the application range usable onthose terminals. All these factors togethercontribute to the proliferation of variouscontents and, thus, of M-commerce. Fur-thermore, it is realistic to run the compli-cated PKI and other encryption and de-cryption algorithms with long keys deve-loped for resource-rich environments onsmall terminals.

An important concept that drives te-chnology and business development isdigital convergence. It means, firstly, thatdigital control and information processingconquers new areas from car engines andcommunication networks to tiny «proces-sor dust» devices. Secondly, the previo-usly separate technologies converge intointeroperable or even integrated seamlesstechnologies. Terminal development is anexample of this. Communication networ-

ks are at the heart of this development.Whereas wireless access technologiesshown in Figure 2 are currently separateand not fully integrated with the «All-IP»backbone, the goal is to make them sea-mless. The number of access technologiesdepicted in Figure 2 will not necessarilyincrease in the future, although new tech-nologies, such as 4G, will emerge. At thesame time, networks based on older tech-nologies will disappear from the global in-frastructure. It is extremely difficult topredict when this will happen and whatdegree of heterogeneity (i.e. number ofdifferent wireless access and data trans-mission technologies) the global infras-tructure will exhibit at a certain time.

One can argue that the technical requi-rements for the terminals and for the newglobal infrastructure will mainly arisefrom the convergence of different networktechnologies. This has been recognized bymanufacturers that are working in diffe-rent forums (e.g. OMA) to cater to thisneed. There are also initiatives, such asMobile Internet Technical Architecture(MITA), being pursued by a single manu-facturing company (MITA 2002a, MITA2002b, MITA 2002c).

Orthogonal to the above consideratio-ns, terminals should have a longer ope-rating time than they currently do whenconcerning battery characteristics.

On the other hand, users tend to havephone numbers, e-mail addresses, etc. Theconvergence of networks raises the ques-tion of whether one could have a singleuser identity at the technical level (MITA2002a-c). This idea would have many fur-ther ramifications for privacy, securityetc., as well as at the BM and the techno-logy level.


19

In the presence of many wireless net-works, terminals should select the bestone. This is sometimes called the «AlwaysBest Connected» requirement. From thisrequirement, one can deduce that the ter-minal must be able to operate on severalfrequency bands and host several proto-cols. Furthermore, it should be able tomake a seamless hand-over between twooverlapping access networks while theuser roams. Moving outside the coveragearea of one network, the roaming facili-ties must be exploited. At the terminal the-re must be support for several roamingprotocols. The network infrastructuremust support interoperable user profiles.Further complication comes from the factthat terminals should also be interopera-ble on the service level. An additional as-pect is Mobile Digital Rights Managementthat is intended to protect the rights ofcontent providers.

Finally, Figure 2 and convergence su-ggest that the M-commerce channel isonly one channel among several otherscapable of supporting E-commerce. Thisraises the question of inter-channel inter-operability requirements. These originatefrom the need to perform M/E-commercetransactions using more than one channeland from the channel homogeneity requi-rement. An example of this direction is thePTP protocol specified by MeT (MobileEectronic Transactions Forum 2002). Theremight also be other transaction types whe-re the PTD is used as an authentication andauthorization device, but the actual ser-vice is provisioned through another chan-nel (e.g. Digital-TV).

7. Conclusions and Further Work

In this paper we have analyzed the essen-tial requirements for M-commerce. In pre-vious papers there have been scatteredstatements about requirements and theiranalysis, but a systematic framework hasbeen missing. Furthermore, earlier workhas mostly concentrated on technical re-quirements for the Global Infrastructure,whereas in this work we have included theRegulatory Frameworks and BusinessModels sphere. We also discuss future re-quirements within the Enabling Techno-logies sphere. We show that two ratherfundamental requirements are anywhere,anytime service acquisition and free usermobility. The latter is rooted in the civillegislation of individual countries and in-ternational treaties; the former is an idealrequirement for M-commerce. Many lo-wer-level requirements can be deducedfrom these to all spheres. Privacy protec-tion of individuals, as well as consumerprotection, general laws regulating theE-commerce, and the code of conduct arefurther important sources of requirementsthat also penetrate the spheres and mustfind their support in networks, terminalsand the M-commerce infrastructure.

An additional source of requirementsis the technological development drivingtowards further convergence of many di-gital technologies (voice and video com-munications, Internet, etc.) and channels.From the merchant’s point of view, themobile and other channels should not beseparate, but integrated, as this createseconomic savings. There should be a com-mon E-infrastructure in place. Thus, ter-minals should become more and morecomplex. The general requirements forterminals are portability and usability.




The current M-commerce market israther fragmented in the sense that with aparticular terminal one can only performtransactions in the home network. Onlywith the high-end Internet-enabled termi-nals can one access normal websites andbanking services. Deliberate countermea-sures are actually required from the inter-national actors (governments, internatio-nal organizations, companies) if one wantsthe global M-commerce market to deve-lop without fragmentation. This can be

understood as a high-level requirement forthe actors within the Regulatory Fra-mework sphere.

Further research is needed about theemergence of the requirements within dif-ferent spheres of concerns. The require-ments for successful M-commerce froma user perspective should also be investi-gated because users are the ultimate sour-ces of revenue in M-commerce.


21

AARNIO, A., et al. (2002). Policy and Regu-latory Guidelines for Mobile Commerce.MobiCom Project Report.

DURLACHER RESEARCH LTD. (2000).Mobile Commerce Report. Online athttp://www.durlacher.com.

E-FACTORS, IST-2001-34868 (2003). Deli-verable 3.1. E-Factors Report Part 1:Overview and Current Trends on E-Busi-ness Models in Europe. Online athttp://www.e-factors.net/.

EUROPEAN UNION (2003a). InformationSociety, eEurope2005. Online athttp://europa.eu.int/information_society/topics/ebusiness/ecommerce/8epolicy_elaw/e_policy/index_en.htm.

——. (2003b). Information Society, E-com-merce laws. Online at http://europa.eu.int/information_society/topics/ebusiness/ecommerce/8epolicy_elaw/law_ ecom-merce/index_en.htm.

——. (2002a). Directive on Privacy and elec-tronic communications. 12.7.2002. Offi-cial Journal 201 L37 31.7.2002. Online athttp://europa.eu.int/information_society/topics/telecoms/regulatory/new_rf/docu-ments/l_20120020731en00370047.pdf.

——. (2002b). Directive on Common Re-gulatory Framework for electronic com-munication networks and Services(Framework Directive). 22.4.2002. Offi-cial Journal L108/33. Online at http://europa.eu. int/information_society/topics/telecoms/regulatory/new_rf/documents/l_10820020424en00330050.pdf.

HEDMAN, J. and T. KALLING (2002). Be-hind the Scenes of E-business Construct.In Proceedings of 4th International Con-ference on Electronic Commerce, Hong-Kong. Online at http://www.wayneyeung.com/files/papers/FP-042.pdf.

JAPAN MINISTRY OF ECONOMY, TRADEAND INDUSTRY (METI) (2002). Inter-pretative Guidelines on ElectronicCommerce. Online at http://www.meti.g o . j p / e n g l i s h / i n f o r m a t i o n / d a t a /c0205EleCome.pdf.

KAARANEN H. et al. (2002). UMTS Net-wor-ks; Architecture, Mobility, and Servi-ces.Wiley.

KALAKOTA, R. and M. ROBINSON (2002).M-Business, The Race to Mobility.McGraw-Hill.

MALLOY, A.D. et al. (2002). SupportingMobile Commerce Applications UsingDependable Wireless Networks. ACMMONET. Vol. 7, n.° 3.

MOBILE ELECTRONIC TRANSACTIONSFORUM (2002). Online at http://www.mobiletransaction.org.

MOBILE INTERNET TECHNICAL ARCHI-TECTURE (2002a). Technologies andStandardization . Edita Publishing Inc./ITPress, Finland.

——. (2002b). Solutions and Tools. EditaPublishing Inc./IT Press, Finland.

——. (2002c). Visions and Implementations.Edita Publishing Inc./IT Press, Finland.


References



OECD (2002). Measuring the InformationEconomy. Annex 4 The OECD Definitio-ns of Internet and E-Commerce Transac-tions. Online at http://www.oecd.org/.

OPEN MOBILE SOFTWARE ALLIANCE(2003). Online at http://www.openmobilealliance.org.

SADEH, N. (2002). M-Commerce, Technolo-gies, Services, and Business Models. Wiley.

TIMMERS, P. (1998). Business Models forElectronic Markets. Electronic Markets.Vol. 8, n.° 2, p. 2-8.

VARSHNEY U. and R. VETTER (eds.)(2002). ACM MONET, Special Issue onMobile Commerce: Applications and Tech-nologies. ACM MONET. Vol. 7, n.° 3.

VEIJALAINEN, J. (2000). Transactions inMobile Electronic Commerce. LNCS.N.° 1773, Springer Verlag.

VEIJALAINEN, J. and M. WESKE (2003).Modeling Static Aspects of Mobile Elec-tronic Commerce Environments. Chapterin Advances in: Lim Ee Peng, Keng Siau(eds.). Mobile Commerce Technologies.IDEA Group Publishing, p. 137-170.

WAP FORUM (2002). Official WAP 2.0: theComplete Standard . Wiley.

3GPP, TS 21.103V5.2.0 (2002). TechnicalSpecification Group Services and SystemAspects; 3rd Generation mobile systemRelease 5 specifications (Rel.5). Online athttp://www.3gpp.org.

on requirements for mobile commerce

Documents