Aradiom | FAQs

The idea behind AMF™ is to improve mobile development productivity and at the same time, produce a highly compelling rich user experience in mobile software development. There are a number of features which set AMF apart from other development platforms for mobile devices - most notably they are:

- No Coding Requirements - AMF™ is set up so that anyone can build an application without any coding knowledge. The components for building a rich, usable interface rapidly are available out of the box.
- Write Once, Run on Any Phone - a constantly updated phone database is a core part of AMF™. Device fragmentation, with a multitude of screen sizes and device capabilities is a very real problem in the mobile software space. Frequently software must be customized multiple times to work on different devices or many devices are simply not supported, reducing the reach of many mobile efforts. Very little additional work is needed in creating mobile applications with AMF™ to have them created for devices of differing screen sizes and technical capabilities.
- Updatability - thanks to a smart update engine, the vast majority of updates to a program are made without the need to re-download the application. Changes are seamless to the end user.
- Security - AMF™ produces mobile Java applications built on the MIDP 2.0 profile which means that communications can be encrypted via standard HTTPS, the same encryption methodology used in secure online transactions. Additionally, Aradiom's 2 Factor Authentication solution, SolidPass, can be integrated for heightened or graded security.
- Speed - AMF uses a number of smart caching algorithms along with a variety of other techniques to minimize data exchange between the mobile phone and back end servers. In real world testing, the amount of data exchanged via a WAP connection is anywhere from 3 to 10 times as much as AMF's smart client. AMF's smart client therefore minimizes data traffic for users and allows for a better user experience, with a quick, reponsive GUI.
top

Does AMF™ have multilingual support?

Yes. Aradiom Mobile Framework supports special language characters for various international languages so it is possible to develop multiple language versions of the application.
top

Banking Security and Two Factor Authentication

Banking Security

What is sufficient online banking security?

Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in many countries. There are two prominent security methods used in online banking for additional security:
• The PIN/TAN system where the PIN represents a password used for the login, and TANs (transaction authentication numbers) represent one-time passwords (OTPs) to authenticate transactions. TANs can be distributed in different ways. The most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
• Signature based online banking where all transactions are signed and encrypted digitally. The keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
top

What are the common cyber fraud attacks in online banking?

Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger / Trojan horses can also be used to steal login information. A method to attack signature based online banking methods is to manipulate the used software so that correct transactions are shown on the screen and faked transactions are signed in the background.
top

What precautions can one can take to avoid online cyber fraud?

Several countermeasures exist to avoid attacks or minimize their surface area. Digital certificates are used against phishing and pharming. Class-3 card readers are used as a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.
top

Two Factor Authentication

What is Two Factor Authentication (2FA)?

Two Factor Authentication is a system wherein two different factors are used to authenticate, since two factors provide a high level of authentication assurance. Using more than one factor is sometimes called strong authentication and provides a high level of security. Commonly used verification factors are generally separated into three types of information:

• Something the user has (for example, an indexed TAN List, hardware token, or software token)
• Something the user knows (for example, a user ID, password or PIN)
• Something the user is or does (e.g., fingerprint or retinal pattern, DNA sequence, signature or voice recognition, unique bio-electric signals, or another biometric identifier)
top

Who are the likely end users of Two Factor Authentication (2FA)?

Bank consumers or others who need secured access could use 2FA in order to protect themselves against increasing and ever more complex cyber fraud.
top

Why do banking institutions need 2FA (two factor authentication)?

2FA more secure, reduces fraud and is governed by regulatory pressures in many regions - i.e. FFIEC 2009 Guideline and ECBS. For more information on these guidelines, please visit:
• Federal Financial Institutions Examination Council (FFIEC), Authentication in an Internet Banking Environment,

http://www.ffiec.gov/pdf/authentication_guidance.pdf

(October 2005)
• European Committee for Banking Standards, ECBS TR 411 Security Guidelines for Electronic Banking Security Principles and Recommendations
(August 2004)
top

What alternative solutions are there for 2FA?

• Traditional: Tan lists, iTan, Scratch Cards, Passmark picture recognition, hard tokens, Challenge-response readers;
• Mobile based: Sim and Memory cards with embedded security keys and also Java ME soft tokens.
• Software-based security token which works in a Java-enabled mobile device - used to authenticate users and authorize transactions, based on a challenge/response method.
top

What are Indexed TAN Lists?

In a conventional Transaction Authentication Number (“TAN”) system, the user is requested to provide an arbitrary TAN number he previously received as a random list from the corporation for validation of future transactions. Afterwards, this TAN is marked as used by the system and cannot be reused. An Indexed TAN list represents a more secure system. When the user wants to validate a transaction, the server requests a specific unused TAN from the list according to the index. This makes that particular TAN number bound to a specific transaction and the number cannot be used for another transaction.
top

What are Hardware Tokens?

Hardware tokens, also known as security tokens, are physical devices that users have to carry and use when validation of a transaction is required. These hardware tokens generally run the same algorithm with the corporate server to generate a One Time Password (OTP). As they are a standalone piece of hardware, they run on batteries and require periodic maintenance or replacement.
top

What is a Soft Token?

Soft token is short for software token.
top

What are Soft(ware) Tokens?

Software tokens are two factor authentication applications that can be installed and run from a wide variety of devices, including but not limited to personal computers, mobile phones, PDAs, and smart phones. In contrast to hardware tokens, software tokens do not require dedicated hardware or ongoing user maintenance.
top

What are the advantages of Mobile Phone based Software Tokens?

• Accessibility: Users always have their phones with them. There is no additional wallet filler card or physical token to carry. Additionally, theft or loss of a mobile devices is very quickly noticed.
• Delivery: Users carry their phones all the time and delivery costs to the end user are negligible.
• Total Cost of Ownership: Hardware tokens exhibit a high TCO (Total Cost of Ownership) often running into more than five times the actual hardware cost over 5 years, including the maintenance, replacement and logistical delivery headaches.
• Updatability: Soft tokens, by their very nature are adaptable and can be easily updated against new security threats. Hardware tokens cannot be updated in this manner.
top

SolidPass™

What is SolidPass?

SolidPass is Aradiom's on phone 2FA security product.
top

What OTP (One Time Password) generation methods does the SolidPass system offer?

• Time Based OTP Generation
• Challenge Response Based OTP
• Time and Challenge Response Based OTP Generation
• Challenge Response (with or without Time) Based OTP Generation with Security Question
• Challenge Response (with or without Time) Based OTP Generation with Transaction Signing
• Challenge Response (with or without Time) Based OTP Generation with Security Question and Transaction Signing
top

How does SolidPass™ guard against Trojans?

A Trojan attack cannot be executed even if a Trojan is installed on the phone because the client is built according MIDP2.0 specifications. The client stores the PIN in secure RMS storage, where access is denied to other applications.
top

How does SolidPass™ guard against a Stolen Phone?

The attacker cannot decrypt the private key without knowing the PIN. Even if the login credentials are known for online banking, the lack of a PIN will prevent any potential fraudulent transactions since a valid One Time Password ("OTP") cannot be generated without the PIN.
top

How does SolidPass™ guard against a Brute Force attack?

A Brute Force attack on the SolidPass™ Mobile Application is not feasible since mistyping the PIN 3 times in a row deletes all data from the phone and the user is then required to reactivate.
top

How does SolidPass™ guard against Compromised Midlet Download?

The user receives the SolidPass™ Mobile Application via WAP Push to his mobile phone. Theoretically, an attacker could convince the user to download and install a malicious application instead by sending an SMS that imitates the bank’s WAP push. This makes it possible to get the secret activation code, as the user, thinking he is using the SolidPass™ Mobile Application on his phone, enters his application code into a malicious application which transmits the code to the attacker. But even if the attacker receives the secret activation code in this manner, he still has no access to the user’s online banking login. Thus, compromising the midlet download may lead to a leakage of secret information used on the mobile phone, but nothing else. The security of the whole system is still not compromised because the attacker does not have the online banking login, which is the second authentication factor into the system.
top

How does SolidPass™ guard against Phishing Attacks?

A phishing attack occurs when the user (or the user’s computer) is tricked into thinking it is accessing the real web site, and enters credentials such as user name and password into a malicious web site. Using this technique, the attacker may get the login data to the online banking system. However, modified parameters or stolen credentials are useless with the use of the SolidPass™ System since the additional knowledge of the private data stored on the phone is required. There is a counter whose value is shared by the mobile phone application and the server. The challenge contains a cryptographically strong checksum which must match the counter value on the mobile phone within the given window. If the user is lured to a bogus web site, the counter value on the site will be out of sync with that of the mobile phone causing the attempt to fail.
top

How does SolidPass™ guard against MITM Attacks?

A man-in-the-middle ("MITM") attack is impossible since the challenge code given by the SolidPass™ System includes transaction specific data which is displayed to the user on the phone. The user then sees and validates the transaction.
top

Is it possible for a MITM attack to succeed against iTAN?

Yes. It was documented by RedTeam (‘If the computer system of the client is already compromised by a trojan or the user can be lured onto a phishing site, the (MITM attack) process can take place fully automated without any major drawback’)

http://www.redteam-pentesting.de/advisories/rt-sa-2005-014.txt

This allows an attacker to potentially divert funds to a fraudulent account.
top

How does SolidPass™ guard against Reverse Engineering?

To prevent successful reverse engineering attacks, a user should only be able to use the original mobile application downloaded from the bank. The SolidPass™ System includes verification of the original application, and only the original application will produce valid OTPs. A modified application made by a hacker does not contain the verification data and will always produce wrong codes. The hacker will not know the codes are wrong until they are rejected by the bank.
top

What handset devices are supported by Aradiom’s SolidPass™ Mobile Application?

Over 350 Java MIDP2 enabled mobile phones are tested and certified through Aradiom’s extensive internal QA process today. Aradiom constantly tests and certifies new phone models as they become available.
top

What is the minimum PIN length for SolidPass™?

The PIN is minimum 6 numeric digits, but it can be customized to require up to a theoretical maximum of 256. It is expected that most banks will want 6 digits for their deployments.
top

Can the SolidPass™ Mobile Application be built into Aradiom’s Java ME based mobile banking solution?

Yes. The SolidPass™ Mobile Application can be easily deployed with Aradiom’s QuickBank solution.
top

Is there a hardware module in the mobile phone for SolidPass™?

No, this is a software only solution designed to run on any Java MIDP 2.0 enabled phone, representing the majority of the world's phones today.
top

How can secret authentication information be securely stored on the phone with SolidPass™?

Neither the activation code nor the PIN are stored on the phone, thus securing this information.
top

Is SolidPass™ protected against viruses or malware on the phone?

To date, the mobile phone world has not been the victim of mass viral attacks such as in the PC world. This is due to several factors, one of them being the difficulty in getting one virus to run simultaneously on multiple phone operating systems and models.
top

Would a secure module in the phone make the solution even more secure?

When a user enters his PIN code into the SolidPass™ Mobile Application, the phone is activated. Even if there were an additional secure module, a rogue program on the phone could create signatures and perform other operations on the active module without the user noticing.
top

Are there any other countermeasures included to thwart the attacker?

Yes. If the attacker sets up a phishing web site giving random challenges, these will be detected by the SolidPass™ Mobile Application because of their incorrect checksum and warnings will be displayed to the mobile phone user.
top

How does the SolidPass™ Mobile Application compare to typical SMS based solutions ?

Typical SMS based solutions involve sending OTPs from the bank to the phone via SMS. The user then enters the transmitted password into the online banking site to authorize a transaction. If the phone were stolen, the SMS messages could be compromised. SMS also does not provide guaranteed message delivery, so SMS messages can be lost or delayed. This reduces the reliability of SMS based solutions. Latency issues also arise during peak usage periods. Additionally SMS is insecure, in that messages are not encrypted and ultimately pass through vendor SMS gateways, which, if compromised, would allow an attacker to intercept OTPs sent via SMS. Also, SMS gateways can also be expensive and cumbersome to manage.
top

How does the issuing institution ensure that only registered users receive valid copies of the SolidPass™ Mobile Application?

The issuing institution must have the correct mobile phone number of the user receiving the SolidPass™ Mobile Application. The SolidPass™ Server generates a specific client application which is bundled with the unique application key, and sent to the phone via WAP push. An activation code is delivered to the user via another channel (often online or through the mail).
top

How does the issuing institution deliver the application to the required users?

Application delivery is initiated with a WAP Push message sent by the Application Download Server to the user’s registered phone number.
top

What security measures prevent keylogger attacks against the SolidPass™ Mobile Application?

Mobile phone manufacturers are making progress in providing open yet secure operating systems. Since Aradiom’s SolidPass™ Mobile Application is built on 2 factor security, key logging (for capturing the PIN) does not succeed in stealing identities. It should be noted that if a keylogger application is installed on a phone, the hardware based protection in the phone is just as vulnerable as a software solution. Remote control applications may work on certain phone platforms, and allow access to the user interface remotely, but usually not without being detected by the user.
top

What security measures prevent a second cell phone owner from using the SolidPass™ Mobile Application assigned to the original or previous phone owner?

The shared secret embedded in the application is invalid as soon as the original user activates a new copy of the SolidPass™ Mobile Application on a new phone.
top

Can a hacker who has the SolidPass™ Mobile Application reengineer it to produce one with challenges matching transactions he might have altered?

Only the original application downloaded from the bank can be used with the SolidPass™ System. To ensure this, the SolidPass™ System provides personalization of each copy of the SolidPass™ Mobile Application.
top

Can a hacker compromise the SolidPass™ Mobile Application to display what he wants?

As with any security system reverse engineering and building modifications are difficult but not impossible. However, without the personalization data embedded in the legitimate version of the application, the modified version is useless for use within the SolidPass™ System.
top

Is there a secure hardware module in the mobile phone for SolidPass™?

No, this is a software only solution, designed to run on any Java-enabled phone.
top

How can secret authentication information be securely stored on the phone?

Secret authentication information is derived from the activation code and the unique code that is sent with the application by the issuing bank. The resulting code is encrypted using the user’s own defined PIN, which is defined on first use. Neither the activation code nor the PIN are stored in the phone.
top

Isn’t this less secure than using a secure hardware module, such as a smart card?

No. The security models of these two schemes are quite different. With SolidPass™, the user interface and token are under the control of the user. With a smart card, the keys are safe within the token but the user has little control over the user interface. An untrusted terminal can generate any number of signatures for any kind of transaction and is therefore open to attack. For example, after the user has entered his smart card and PIN code into an untrusted terminal device, the device can generate any number of signatures for any kinds of transactions without the user having any control over this. The mobile device, which is in the users own possession, can be considered a trusted device.
top

Is it possible for someone that has gained possession of the phone to crack the owner’s PIN?

The token does not directly indicate to the user if the entered PIN was correct. Instead, it generates a response based on the PIN supplied by the user (in this case the attacker) which has to be keyed in to the service used (e.g. web-based Internet banking service) in order to check its validity. When the server sees too many invalid responses, it will lock the account.
top

Can the user still use the token if it is out of sync with the server?

Yes, but the software needs to be reactivated if the counter is off by more than the time window size defined by the system administrator. This would necessitate re-issue of the activation code to the user by the bank.
top

Are there any other countermeasures included to thwart the attacker?

Yes. If the attacker just sets up a phishing web site giving random challenges, these will be detected by the mobile token from their incorrect checksum and warnings will be displayed to the mobile phone user.
top

Is 2FA software token solution stronger than hardware tokens? What are their strengths and weaknesses in comparison?

The window of opportunity for a thief to use a mobile phone is substantially less than for a soft token (you realize your phone is gone long before you miss your token). In addition, there are optional features of software tokens that do not exist on hardware tokens, such as the software token application can warn the user if the challenge code is coming from a fake website, and the software token application communicates transaction specific information to the user on their mobile phone, therefore the user knows exactly what is being authorized.
top

How does a customer request and receive the mobile banking application?

The customers can request the mobile banking application via bank’s website, call center, or an SMS message. The application delivery is initiated with a WAP Push message over the mobile phone network or Bluetooth server to the registered phone number.
top

Mobile phone manufacturers are making progress in providing open yet secure operating systems. Since Aradiom’s 2FA solution is built on 2 factor security, key logging (for resolving the PIN) is not sufficient for identity theft. Remote control applications may work on certain phone platforms, and allow access to GUI remotely – but this is difficult to do without the legitimate user noticing, even if he/she has installed this application by accident. It should be noted that if a keylogger etc. is installed on the phone, then hardware based protection in the phone would be as vulnerable as a software solution.
top

How secure are the keyboard and display on a phone - what would a hacker have to do to gain control over either?

Mobile phone user interface should not be considered secure, and therefore a 2 factor solution like Aradiom’s SolidPass™ should be used.
top

In what language Aradiom SolidPass™ built in?

Aradiom SolidPass™is built in Java ME language. With Java ME, each program runs in its own restrictive "sandbox." This prevents the program from accessing the files or memory of another program or accessing the hardware of the device in the uncontrolled way. Until now no viruses or trojans have succeeded in bypassing Mobile Java Security.
top

How does the solution address the issue of the phone being passed on for secondhand use, once a new one is acquired?

Aradiom’s SolidPass™ 2FA solution is based on 2 factor security. The user of the passed-on phone is not able to (mis)use SolidPass™s 2FA application without a correct username and password. Also, the shared secret embedded in the application will become invalid as soon as the original user activates a new copy of the application in the new phone.
top

Can a hacker, who obtains the application, reengineer it to produce one with challenges matching transactions he might have altered?

Aradiom’s solution includes a unique UserID of each copy of the application. Only the originally obtained copy of the application will produce correct response codes for authentication of transactions. A modified version used by a hacker will not contain the needed personalization data and will always produce wrong codes, which the hacker will not know are wrong until rejected by the bank. After a configured limit of failed attempts, a fraud alert may be activated.
top

Can a hacker compromise the 2FA client to display what he wants?

Reverse engineering and building modifications are difficult but not impossible. However, without the personalization data are embedded in the legitimate version of the application, the modified version is useless.
top

The fake “new version” would not contain the required personalization data, required to produce correct response codes needed to authenticate the transaction by the bank, so the fake version would be useless.
top

How is the solution for joint accounts (meaning more than one person is allowed to make transaction)?

A single instance of 2FA mobile application is linked to the credentials which were used when obtaining the application and the activation code for it. If several persons with different credentials are allowed to do transactions, then each of them will have an instance of 2FA application in their phones, linked to their credentials.
top

Is SolidPass™ limited to banking security?

No. SolidPass™ can be used in any high security environment where OTPs are needed including network access control (e.g. VPN tokens or cards). Enterprise security, intranet access, graded network security are all potential areas of use for SolidPass™.
top

What is mobile phone based Access Control?

Mobile phones, activated with a soft embedded token, can act as a card key, hard token or other access control devices to ensure secure entrance, document or archive access, or other types of access control. A soft token solution such as SolidPass™ can turn your mobile or land-line phone into a remote control for any secure entrance property. It provides convenient control of access to any security entrance building or estate, or for access to sensitive information or database.
top

Industry Specific Mobile Applications

Mobile Banking

What is Mobile Banking?

Mobile banking (also known as M-Banking, mbanking, SMS Banking etc.) is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile phone. Internet banking has revolutionized the way the financial services industry conducts business, empowering organizations with new business models and new ways to offer 24x7 accessibility to their customers. Mobile banking adds "anywhere" service in addition to "anytime" access.
top

What services can mobile banking offer?

Account Information: Mini-statements, account history, alerts on account activity, threshhold monitoring, term deposits, access to loan statements, access to card statements, mutual funds / equity statements, insurance policy management, pension plan management, check status and stop payment services
• Payments & Transfers: Domestic and international fund transfers, micro-payments, mobile recharging, commercial payment, bill payment, Peer to Peer (P2P) payments
• Investments: Portfolio management services, real-time stock quotes, personalized alerts and notifications on security prices
• Support: Status of requests for credit, including mortgage approval, and insurance coverage, exchange of data messages and email, including complaint submission and tracking, location based service such ATM locators.
top

Is Mobile Banking as secure as Online Banking?

Yes. On-phone solutions use the same encryption protocols as are used in Online Banking.
top

Can mobile banking support embedded tokens?

Yes. QuickBankTM , a mobile banking application, is built to support embedded token security solutions such as SolidPassTM , which is an industry standard conforming embedded token solution with Two Factor Authentication (2FA) and One Time Password (OTP) generation.
top

Can mobile banking support HTTPS (SSL) connection?

Yes. Mobile Banking based on Java ME MIDP 2.0 can support HTTPS.
top

Is Java based mobile banking as secure as online banking?

Yes. Java based mobile banking is as secure as online banking.
top

What is Mobile Payment?

Mobile Payment is the collection of money from a consumer via a mobile device.
top

What is Mobile Brokerage?

Mobile Brokerage(also known as M-Brokerage and mbrokerage) is a term used for a mobile application accessing a brokerage or securities account in order to perform buying or selling of stocks, bonds or other securities as well as performing regular account interactions such as checking balances, viewing account transactions, and making bill payments, etc, via a mobile device.
top

How is a Java based QuickBank application different from other SMS based mobile banking services?

Although there are many protocols are being used for mobile banking - HTML, WAP, SOAP, XML, Java ME to name a few- there is a lack of common technology and interoperability at the moment. Interoperability is largely dependent on the banks themselves, where installed applications (Java based or native) provide better security, are easier to use and allow development of more complex capabilities similar to those of Internet banking. SMS can provide the basics but becomes difficult to operate with more complex transactions.
top

How is Java ME based QuickBank application different from other WAP based mobile banking services?

The QuickBank user experience is far superior to other WAP based alternatives. It is faster, more graphically compelling, and with lower latency than other WAP solutions could be.
top

Can Mobile Banking support location based ATM (automatic teller machine) locator?

Yes. QuickBank supports location based (operator tower triangulation and/or GPS based) ATM locators that can be graphically mapped.
top

Airlines, Travel, Mobile Ticketing, Mobile Barcodes

What is Mobile Ticketing?

Mobile ticketing (or mobile electronic ticketing) is the process whereby customers can order, pay for, obtain and validate tickets from any location and at any time using mobile phones or other mobile handsets. Mobile tickets reduce the production and distribution costs connected with traditional paper-based ticketing channels and increase customer convenience by providing new and simple ways to purchase tickets. Tickets can be sent to mobile phones using a variety of technologies including SMS, MMS, WAP Push, Java ME clients, and NFC. Users are then able to use their tickets immediately by presenting their phones at the venue. Mobile ticketing is a prime example of horizontal telecommunication convergence.
top

What is Mobile Check-in?

Mobile Check-in is a service provided by the airlines that enables travelers to check in for their flights with their mobile phones. Mobile check-in already exists in Japan and some airports in Canada, Spain and Germany, but until recently there has been no global standard, which has prevented the technology's wider use. However, The International Air Transport Association (IATA) approved a barcode standard to allow mobile check-in that enables airlines to send 2D bar codes to passenger's phones, which then becomes the boarding pass and is read directly from the screen of the mobile device.
top

What is Mobile Barcode?

The International Air Transport Association (IATA) recently approved a barcode standard that will replace the paper-boarding pass with a mobile phone. Travelers can receive a barcode-confirmation image upon booking a flight or checking in. Instead of worrying about printing out an electronic boarding pass, or standing in line at the check-in counter, the traveler can take their mobile phone with the barcode image straight to the boarding gate. The barcode standard is compatible with those used in the US, Europe, and Japan - so global travelers with a paperless boarding-barcode can have the convenience in their pockets. The IATA is aiming for a 2010 rollout. eTicketing is already the industry standard as IATA mandated electronic ticketing for all airlines and made paper tickets obsolete. The days of printing out a paper boarding-pass may soon become a thing of the past.
top

What are the standards for mobile boarding pass?

The bar code for mobile phones must be 2D. The representation of the data in a bar code on mobile phones must be in Aztec, Datamatrix or QR (Quick Response Code). This standard is set by International Air Transport Association (IATA).
top

How can airlines enable their customers to go "mobile"?

Airlines can enable their customers with a self-service mobile solution that allow the travelers to make reservations, purchase tickets, make a seat selection, check in for a flight, and receive alerts and special offers. QuickFlight, an easily downloaded and automatically updated mobile solution for airlines, enables airlines to provide their online services on the customers' mobile phone "anytime, anywhere and anyphone".
top

What is mobile enabled Travel?

Much like Internet enabled travel, mobile enabled travel allows customers to purchase a ticket, make a flight reservation, check-in for a flight, make a seat selection, check the departure and arrival status of a flight and look up other airport, airline and flight specific information from their mobile devices.
top

Mobile Government, Portals, Municipal Services, Law Enforcement, Police and Public Sector

What is Mobile Government?

Mobile Government, also known as m-Government or mGovernment, refers to the use of mobile technology as a platform for exchanging information, providing services and transacting with citizens, businesses and other arms of government. m-Government evolved from e-Government (from electronic government, also known as e-gov, digital government, online government or transformational government) refers to the use of Internet technology as a platform for exchanging information, providing services and transacting with citizens, businesses, and other arms of government. e-Government may be applied by the legislature, judiciary, or administration, in order to improve internal efficiency, the delivery of public services, or processes of democratic governance. The primary delivery models are Government-to-Citizen or Government-to-Customer (G2C), Government-to-Business (G2B) and Government-to-Government (G2G) & Government-to-Employees (G2E).

Within each of these interaction domains, four kinds of activities take place:
• pushing information over the Internet, e.g., regulatory services, general holidays, public hearing schedules, issue briefs, notifications, etc.
• two-way communications between the agency and the citizen, a business, or another government agency. In this model, users can engage in dialogue with agencies and post problems, comments, or requests to the agency.
• conducting transactions, e.g: lodging tax returns, applying for services and grants.
• governance, e.g: online polling, voting, and campaigning.
The most important anticipated benefits of e-government include improved efficiency, convenience, and better accessibility of public services.
top

Mobile enabled Police, Security and Law Enforcement agencies

What is QuickPolice™?

QuickPolice™ is an AMF™ based mobile application which enables mobile phone based Law Enforcement and Policing. The police force, including EMT, are able to access authorized police network with secure online connectivity over existing cellular communication networks. Available features are:

• Stand alone e-form entry options via Bluetooth, wi-fi and USB connectivity for simple data-syncing operations
• Grouped digital briefings, instant alerts, comprehensive database search for local\national data sources, intelligence data, vehicle data, firearms and person details, photographic imagery, and fingerprint display. Automatic trigger warnings and warrant\terrorist suspect alerts can be set on specific search criteria.
• Image capture (vehicle license plates, person ID etc.) used by officers at crime scenes, general incidents, traffic accidents, using high quality jpeg fractal image compression.Image option allows central control\departments or specific senior personnel to view images and picture evidence in real-time. Soon video pictures will also be available.
• A browser based Central Control Suite integrates with existing police systems, permitting individual officer or groups to receive specific data, information, images, or alert messages. For example, all traffic officers could receive a particular urgent alert or patrol officers in a specific area could be alerted with incident warning, ensuring that the right officers receive specific information for them at the right time. The same "security grouping" facility allows all police officers and police personnel to be grouped by rank or particular unit, so permitting specific data and secure intelligence can be targeted to the right personnel.
• The highest level of data encryption, which permits only temporary storage of any secure data on the mobile device itself, so should the device be lost or stolen, secure data cannot be accessed as the mobile device is locked. For additional security resilience, all PDAs and Smartphones have a user timeout feature and a smart trace facility with a remote "kill unit" function, which if initiated by HQ can render a particular mobile device useless and non-operative.
• Interactive mapping based on location based services, with options for enhanced GPS, offers pin-point officer tracking and allows control centers to better direct officers to incidents in the field. This function is also designed to assist accident investigation officers with accurate location referencing, with the option to overlay any map location with an aerial satellite photograph for a near 3D perspective of locations on the ground.
• Mobile device hardware accessories include miniature thermal printer and barcode readers in seperate or combined units (GPS will be integral on some devices).
top

Mobile Media

What is Mobile RSS?

Mobile RSS stands for Mobile Really Simple Syndication. RSS is a family of Web feed formats used to publish frequently updated content such as blog entries, news headlines, and podcasts in a standardized format. An RSS document (which is called a "feed", "web feed", or "channel") contains either a summary of content from an associated web site or the full text. RSS makes it possible for people to keep up with web sites in an automated manner that can be piped into special programs or filtered displays. The benefit of Mobile RSS is the aggregation of multiple sources of content (primarily Web based content) on the mobile phone.
top

What is Mobile Social Media?

It is Mobile enabled Social Media. Social Media is an umbrella term that defines the various activities that integrate technology, social interaction, and the construction of words, pictures, videos and audio. This interaction, and the manner in which information is presented, depends on the varied perspectives and "building" of shared meaning among communities, as people share their stories, and understandings.

Social media can take many different forms, including Internet forums, message boards, weblogs, wikis, podcasts, pictures and video. Technologies include: blogs, picture-sharing, vlogs (video blogs), wall-postings, email, instant messaging (IM) , music-sharing, crowdsourcing, and voice over IP (Internet Protocol), to name a few. Social media can range from photo sharing to social networking to blogging to video sharing.
top

What is Mobile 2.0?

Mobile 2.0 is mobile enabled Web 2.0 and is also known as Mobile Web 2.0. Web 2.0 is a term describing the trend in the use of World Wide Web technology and web design that aims to enhance creativity, information sharing, and, most notably, collaboration among users. These concepts have led to the development and evolution of web-based communities and hosted services, such as social-networking sites, wikis, blogs and folksonomies.
top

Mobile Marketing, Mobile Commerce and Mobile Advertising

What is Mobile Commerce?

Mobile Commerce (also known as M-Commerce, mCommerce or U-Commerce, owing to the ubiquitous nature of its services) is the ability to conduct commerce, using a mobile device e.g. a mobile phone (or cell phone), a PDA, a smartphone while on the move,and other emerging mobile enabled equipment.
top

What is Mobile Marketing?

Mobile Marketing is meant to describe marketing on or with a mobile device, such as a mobile phone (this is an example of horizontal telecommunication convergence). Marketing on a mobile phone has become increasingly popular ever since the rise of SMS (Short Message Service) in the early 2000s in Europe and some parts of Asia when businesses started to collect mobile phone numbers and push advertising content. Over the past few years SMS has become a legitimate advertising channel. This is due to the fact that unlike email over the public internet, the carrier who police their own networks have set guidelines and best practices for the mobile media industry (including mobile advertising). The IAB (Interactive Advertising Bureau) and the Mobile Marketing Association, have established guidelines and evangelized the use of the mobile channel for marketers. Mobile Marketing will increasingly move away from text based SMS to graphically rich ODPs (On Device Portal) based on Java ME.
top

What is Mobile Advertising?

Mobile advertising is a form of advertising via mobile (wireless) phones or other mobile devices. It is a subset of mobile marketing. In some markets, this type of advertising is most commonly seen as a Mobile Web Banner (top of page) or Mobile Web Poster (bottom of page banner), while in others, it is dominated by SMS advertising (which has been estimated at over 90% of mobile marketing revenue worldwide). Other forms include MMS advertising, advertising within mobile games and mobile videos, during mobile TV receipt, full-screen interstices, which appear while a requested item of mobile content or mobile web page is loading up, and audio adverts (eg, in the form of a jingle before a voicemail recording). The shift to Java ME based ODPs (On Device Portal) has just begun.
top

What is a Mobile Scrollbar Teaser?

A Mobile Scrollbar Teaser is a graphical widget in a GUI (Graphical User Interface) with which continuous advertising teasers can be displayed as text, pictures or anything else and can be scrolled in mobile phone applications.
top

Mobile Software Platform

What is Mobile Software?

Mobile software is designed to run on handheld computers, personal digital assistants (PDAs), enterprise digital assistants (EDAs), smartphones and cellphones.
top

What is a Mobile Software Platform?

A mobile software platform enables creation and deployment of mobile software, designed to run on handheld computers, personal digital assistants (PDAs), enterprise digital assistants (EDAs), smartphones and cellphones. Since the first handheld computers of the 1980s, the popularity of these platforms has risen considerably. Recent model cellphones have included the ability to run user-installed software.
top

What are mobile platform development options?

The most popular mobile platform development options for handheld devices are Java ME, Symbian, Android, Lazarus, Python, the .NET Compact Framework and BREW. Java ME has the advantage on running across most platforms, as most mobile phone OS's (Operating Systems) have JVMs (Java Virtual Machine) embedded. For example, all Symbian phones come with JVMs natively built-in.
top

What is a rich user experience mobile client?

A user friendly and full feature mobile application with attractive design. Rich user experience is determined by the application's graphical user interface (GUI), functionality, device compatibility (also known as phone data access or number of supported mobile device models), run time speed and mobile service provider (also known as operator) compatibility. A truly rich user experience mobile client does not compromise between user friendliness, speed, features, functions or attractive designs of the application.
top

What is an ODP?

ODP stands for On-Device Portal. On-Device Portals (ODPs) allow mobile phone users to easily browse, purchase and use mobile content and services. An ODP platform enables operators to provide a consistent and branded on-device experience across their broadening portfolio of services and typically provides on-device catalogs of content for purchase, deep links to WAP portals, customer care functionality and rich media services such as full track music, TV and video. A key benefit of on-device portals is the ability to target the user rather than the device itself. This personalized service delivery, coupled with the ability to be updated on a frequent basis by the operator – refining services or adding new content – makes ODPs an attractive proposition that has already proven successful in encouraging users to access mobile content. By enhancing the user experience, ODPs improve customer satisfaction, reduce churn and in turn, drive higher data revenues, raising average revenue per user (ARPU). Java ME has turned into the reigning format for ODPs as Java ME is the dominant platform in the world.
top

What is RMA?

RMA is a short for Rich Mobile Applications. On Device Portals are sometimes referred to as Rich Mobile Applications. RMA is analogous to Rich Internet Applications.
top

Java ME

What is Java ME?

The Java Platform, Micro Edition or Java ME (still commonly referred to by its previous name: Java 2 Platform, Micro Edition or J2ME) is a specification of a subset of the Java platform aimed at providing a certified collection of Java APIs for the development of software for small, resource-constrained devices such as cell phones, PDAs and set-top boxes. Java ME was designed by Sun Microsystems.
top

What is MIDP?

MIDP stands for Mobile Information Device Profile. MIDP 2.0 supports HTTPS over a mobile phone. HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. HTTPS is a URL (Uniform Resource Locator) scheme used to indicate a secure HTTP connection.
top

What does CLDC stand for?

CLDC stands for Connected Limited Device Configuration. The Connected Limited Device Configuration (CLDC) defines the base set of application programming interfaces and a virtual machine for resource-constrained devices like mobile phones, pagers, and mainstream personal digital assistants. When coupled with a profile such as the Mobile Information Device Profile (MIDP), it provides a solid Java platform for developing applications to run on devices with limited memory, processing power, and graphical capabilities.
top

Can Video Streaming be supported in Java ME?

Yes. For example, the Aradiom Mobile Framework supports Video Streaming that is embedded in a Java ME client. As with many things the question around video streaming revolves to some extent its feasibility but moreso with whether there is compelling content to stream.
top

What is a Java ME Carousel Design?

A Java ME Carousel Design allows the main menu and features and functionality to scroll from left to right (horizontally) or vice versa. Yahoo's GO is a prominent example of this design layout.
top

What is a Java ME Ferris Wheel Design?

A Java ME Ferris Wheel Design allows the main menu and features and functionality to scroll from top to down (vertically) or vice versa. Aradiom's SolidPass is a prominent example of this design layout.
top

What is a Java ME Grid/Matrix design?

A grid/matrix design is the classic layout for most Java ME applications and ODPs.
top

What is JSR?

JSR is the abbreviation for Java Specification Request. JSRs are formal documents that propose new additions to the Java platform.
top

What is Mobile Media API (MMAPI)?

Mobile Media API (JSR135) enables Java ME applications to use mobile devices' video and audio capabilities.
top

What is Advanced Multimedia Supplements API?

This API (JSR234) is an improvement to existing Mobile Media API, that simplifies the usage of multimedia files and streams on Java ME applications.
top

Common Mobile Terms and Definitions

What is NFC?

NFC stands for Near Field Communication. NFC is a short-range high frequency wireless communication technology which enables the exchange of data between devices over a 10 centimeter (around 4 inches) range. The technology is a simple extension of the ISO 14443 proximity-card standard (contactless card, RFID) that combines the interface of a smartcard and a reader into a single device. An NFC device can communicate with both existing ISO 14443 smartcards and readers, as well as with other NFC devices, and is thereby compatible with existing contactless infrastructure already in use for public transportation and payment. NFC is primarily aimed at usage in mobile phones. Aradiom Mobile Framework supports NFC.
top

What is a Security Element?

A Security Element, also known as a Secure Element and often written as SE, is a combination of hardware (the mobile often), software (a Java ME application for instance) and protocols that securely contains the required credentials, applications and necessary functions to process them as required. SE could be used for mobile payments and transaction authorizations. NFC is built on SE.
top

What is a Mobile Signature?

A Mobile Signature is a digital signature generated on a mobile phone or on a SIM card. mSign is sometimes used as shorthand for Mobile Signature. Aradiom Mobile Framework natively supports Mobile Signature.
top

What is a Mobile Ticker?

A Mobile Ticker is a real-time ticker application for the presentation of live data, text and images and 3D objects as content on a mobile phone. Broadcasters, News Aggregators and Financial Institutions can create a custom-designed mobile ticker with live feeds of news and other information. Mobile Tickers is well suited for services with live information, such as financial quotes, news and sports applications.
top

What is a Carousel Ticker?

A Carousel Ticker is a Mobile Ticker that scrolls horizontally. Carousel Tickers are usually placed on the bottom of the screen and they usually scroll from right to left in left to right written languages and vice versa.
top

What is a Mobile Scrollbar?

A Mobile Scrollbar is a graphical widget in a GUI (Graphical User Interface) with which continuous text, pictures or anything else can be scrolled including time in mobile phone applications. There can be horizontal and vertical scrollbars, and they can surround text boxes.
top

What does GSM stand for?

GSM stands for the Global System for Mobile communications. It is the most popular standard for mobile phones in the world.
top

What is Bluetooth?

Bluetooth is a wireless protocol utilizing short-range communications technology facilitating data transmissions over short distances from fixed and/or mobile devices, creating wireless personal area networks (PANs). The intent behind the development of Bluetooth was the creation of a single digital wireless protocol, capable of connecting multiple devices and overcoming issues arising from synchronization of these devices. Bluetooth provides a way to connect and exchange information between devices such as mobile phones, telephones, laptops, personal computers, printers, GPS receivers, digital cameras, and video game consoles over a secure, globally unlicensed Industrial, Scientific, and Medical (ISM) 2.4 GHz short-range radio frequency bandwidth.
top

How is Bluetooth technology used for deploying mobile applications?

Any of Aradiom's mobile applications can be deployed or "pushed" via Bluetooth server to a mobile device that is enabled to receive Bluetooth messages within the Bluetooth server range.
top

What is WAP?

WAP stands for Wireless Application Protocol. WAP is an open international standard for application layer network communications in a wireless communication environment. Its main use is to enable access to the Internet (HTTP) from a mobile phone or PDA. Often erroneously called the Mobile Internet, WAP was initially based on WML (Wireless Markup Language) - analogous to HTML - and the later version of WAP known as WAP 2.0 used XHTML. cHTML, short for compact HTML, was first introduced NTT DOCOMO for their i-mode service.
top

What is WAP Push?

WAP Push has been incorporated into the specification to allow WAP content to be pushed to the mobile handset with minimum user intervention. A WAP Push is basically a specially encoded message which includes a link to a WAP address. WAP Push is specified on top of WDP; as such, it can be delivered over any WDP-supported bearer, such as GPRS or SMS. In most GSM networks there are a wide range of modified processors, however, GPRS activation from the network is not generally supported, so WAP Push messages have to be delivered on top of the SMS bearer. On receiving a WAP Push, a WAP 1.2 or later enabled handset will automatically give the user the option to access the WAP content. This is also known as WAP Push SI (Service Indication).
top

What is SMS?

Short Message Service (SMS) is a communications protocol allowing the interchange of short text messages between mobile telephone devices. SMS text messaging is the most widely used data application on the planet, with 2.4 billion active users, or 74% of all mobile phone subscribers sending and receiving text messages on their phones. The SMS technology has facilitated the development and growth of text messaging. The connection between the phenomenon of text messaging and the underlying technology is so great that in parts of the world the term "SMS" is used as a synonym for a text message or the act of sending a text message, even when a different protocol is being used. SMS as used on modern handsets was originally defined as part of the GSM series of standards as a means of sending messages of up to 160 characters (including spaces), to and from GSM mobile handsets. Since then, support for the service has expanded to include alternative mobile standards such as ANSI CDMA networks and Digital AMPS, as well as satellite and landline networks. Most SMS messages are mobile-to-mobile text messages, though the standard supports other types of broadcast messaging as well. A binary message is how WAP Pushes are sent.
top

What is MMS?

Multimedia Messaging Service (MMS) is a standard for telephone messaging systems that allows sending messages that include multimedia objects (images, audio, video, rich text) and not just text as in Short Message Service (SMS). It is mainly deployed in cellular networks along with other messaging systems like SMS, Mobile Instant Messaging and Mobile E-mail. Its main standardization effort is done by 3GPP, 3GPP2 and Open Mobile Alliance (OMA).
top

What is HSCSD?

HSCSD is short for High-Speed Circuit-Switched Data. HSCSD is an enhancement to Circuit Switched Data (CSD), the original data transmission mechanism of the GSM mobile phone system, four times faster than GSM, with data rates up to 38.4 kbit/s.
top

What is GPRS?

GPRS is short for General Packet Radio Service. GPRS is a packet oriented Mobile Data Service available to users of Global System for Mobile Communications (GSM) and IS-136 mobile phones. It provides data rates from 56 kbit/s up to 114 kbit/s.
top

What is EDGE?

EDGE is short for Enhanced Data rates for GSM Evolution and is also known as Enhanced GPRS. EDGE is a digital mobile phone technology that allows increased data transmission rates and improved data transmission reliability. EDGE is generally classified as 2.75G, although it is part of ITU's 3G definition. EDGE has been introduced into GSM networks since 2003. EDGE can be used for any packet switched application, such as an Internet connection. High-speed data applications such as video services and other multimedia benefit from EGPRS' increased data capacity. EDGE can carry data speeds up to 236.8 kbit/s for 4 timeslots (theoretical maximum is 473.6 kbit/s for 8 timeslots) in packet mode.
top

What does 3G stand for?

3G is the third generation of mobile phone standards and technology, superseding 2G, and preceding 4G. It is based on the International Telecommunication Union (ITU) family of standards under the International Mobile Telecommunications program, IMT-2000. 3G technologies enable network operators to offer users a wider range of more advanced services while achieving greater network capacity through improved spectral efficiency. Services include wide-area wireless voice telephony, video calls, and broadband wireless data, all in a mobile environment. Additional features also include HSPA data transmission capabilities able to deliver speeds up to 14.4Mbit/s on the downlink and 5.8Mbit/s on the uplink. Unlike IEEE 802.11 (common names Wi-Fi or WLAN) networks, 3G networks are wide area cellular telephone networks which evolved to incorporate high-speed Internet access and video telephony. IEEE 802.11 networks are short range, high-bandwidth networks primarily developed for data.
top

What is an OTA Update?

OTA stands for over-the-air. OTA Update means that applications can be updated over-the-air through a GPRS, EDGE or 3G connection or SMS or MMS or WAP without manually configuring the phone. Aradiom's applications have OTA update capabilities.
top

Is there a common mobile browser for different mobile devices?

No. Unlike the Desktop/Laptop based environment, where there are 3 dominant Internet Browsers, the mobile phone market is extremely fragmented when it comes to mobile browsers. There are more than 20 major mobile phone browser vendors. The user experience is never the same for different users. Additionally, all handset vendors differentiate themselves when it comes to screen sizes and resolutions and processing capacity. That compounds the inconsistency of the user experience. Java ME based solutions avoid this conundrum because there is one entity - SUN Microsystems - that specifies JVM standards.
top

What is a MID?

A MID is short for Mobile Internet Device. It is an initiative raised by Intel for consumers and prosumers. Intel came up with the term and announced a prototype at the Intel Developer Forum in spring 2007 in Beijing. The product and specifications were announced at the conference. There are ongoing controversies regarding the use of ARM or Intel architectures in mobile internet devices. A MID development kit by Sophia Systems using Intel Centrino Atom was announced in April 2008.
top

Company | Legal | Career | FAQ | Contact