Consumers’ appetite for Web content is well-established, but now they want their Web content served to go. That makes mobile Web services a lucrative market for Web companies and telecom service providers, but only if they overcome usability problems that currently take the “worldwide” out of World Wide Web by tethering it to clumsy authentication models designed more with the desktop in mind than the mobile world.
By Steve Northridge
Mobile Web services won’t really take off until users have fast, seamless access to services. That means replacing existing authentication infrastructures with mobile-friendly systems that match mobile users’ desire for portability. Today’s authentication and payment systems don’t qualify as “mobile” because they require too much manual input into long registration forms. For example, a businesswoman with diabetes loses her medication bag while traveling in Tokyo. She needs to find a source of insulin and syringes close to her hotel. This situation highlights both the potential and the limitations of Web services within current authentication models.
Locating a pharmacy finder is easy enough on a Web-enabled smartphone, but it takes 15 minutes to register on the site, enter her payment information and receive an e-mail confirmation before she can even log on to the site and start looking. Once she gets to the pharmacy that will accept her insurance, she has trouble ordering because she doesn’t speak Japanese, and the pharmacy staff speaks limited English. She can find a Web service on her smartphone that allows her to type in a message and have it translated into Japanese, but again she has to go through the registration and payment process to use it.
How much easier would that woman’s experience be if every time she turned on her smartphone, she was automatically logged into a vast network of Web services that recognized her as a trusted customer and already had all the information it needed to take her business? At the very least, it would reduce her anxiety in a stressful situation.
Even in less extreme circumstances – i.e. the family that needs something to do after they drive 90 minutes to find their destination theme park closed for the day because of a burst water pipe –automatic authentication can be the difference between a customer using a Web service or driving around looking for brochures at a chamber of commerce kiosk.
Why does any of this matter to a service provider? Because it can drive usage on its network and offer opportunities to launch profitable value-added services linking users with Web services. The technology that providers need so they can step into that role is now emerging. Most notable among them is the Third Generation Partnership Project (3GPP) Generic Bootstrapping Architecture (GBA).
GBA opens the full range of Web-based services and content to mobile users by replacing multiple sign-ons with automatic, secure authentication through a mobile device’s subscriber identity module (SIM) card. The SIM card has all of the personal and payment information that Websites require. The network authenticates the subscriber as soon as he/she turns on their mobile device – no logins, no passwords.
Carriers are in the strongest position to host bootstrapping authentication services. They already have networks and relationships with millions of wireless subscribers. Adding authentication services to their networks is a fairly simple matter of implementing bootstrapping application servers at the network edge. Once they have implemented bootstrapping servers, carriers can invite content providers to subscribe to their networks. That subscription invites all of the carrier’s subscribers to use participating Websites without registering, signing in or authorizing payment. When a subscriber hits a Website and requests a service, the request goes to the carrier’s bootstrap server, offloading traffic from the HLR (home location register) or HSS (home subscriber server). The bootstrap server authenticates the user to the Website server, which then provides the service. The site bills the subscriber through the carrier’s network.
In the scenario above, where the traveler needs insulin and syringes, instead of surfing the Web, she accesses her service provider portal and enters a few key words – insulin, Tokyo, 24 hours, for example. The portal displays a list of options, in ascending order of their distance from her location, which is pinpointed by GPS. She chooses an option, uses it to find a convenient pharmacy, and that’s that. She did not have to authenticate herself to the Website. She did not have to authorize payment for using the search service, or the translation service that helps her communicate with the pharmacy staff.
Carriers can layer their own value-added services between the user and the Website. For example, carriers can offer guaranteed high-bandwidth connections to Web services that need high bandwidth, like live video streaming. They also can offer metered billing to charge subscribers for their actual use of a service, rather than a flat fee. Metered billing will attract users who might only need a service once, and who don’t want to pay a flat fee for a month’s usage. Without an automatic authentication and payment mechanism, it’s not profitable for a Website to serve 1-time customers because it costs more to process them than the customer pays for the service. A bootstrapping architecture, however, automates payment processing, enabling the Website to aggregate small transactions into a profitable revenue stream.
Subscribers aren’t buying smartphones and Internet-enabled PDAs because they like thumb typing. They want fast, easy access to Web services anytime, anywhere. Easy, spontaneous access to Web services over carrier networks is the future. Convenience drives usage, and whether subscribers are in a car on the interstate or at their desk, automated authentication is more convenient than signing in anew for each session. Bootstrapping creates a mobile Web that works for subscribers, carriers and Web content providers.
Northridge is director of solutions engineering at Mount Laurel, N.J.-based Ulticom.