> STAMI > Introduction
The new digital economy is bringing a change to the society. Traditionally, almost everything people owned and purchased has been in tangible form. Even intangible information has been sold in physical packages, like newspapers and CDs. The physical nature of such media has kept its distribution and copying well under control. The seller could be fairly certain that the customer will not start copying and selling the product, and the customer could be fairly certain that the merchant is not likely to disappear overnight. Furthermore, especially with smaller purchases, the customer did not have to reveal too much about herself - a reasonable level of privacy was naturally maintained.
In the digital world things are different. Information will be, if it so far has not become, the most valuable asset. The media and the content will become separate and the content will be copied and distributed along computer networks in binary form independent of a static tangible media. And with digital copying, there is no quality loss - the copy is indistinguishable from the original. Also, as the merchant or the service provider lie somewhere in that digital network, both the product and the provider have essentially become intangible. The same applies to the customer, in relation to the merchant. There are no static physical locations, all parties have become intangible to each other, and they can be considered truly mobile.
This kind of intangibility is often seen as a new opportunity for an entire range of new business models and services. Information intermediaries will be offering information from various sources, filtered to the customer's tastes. At the same time, the owners of intellectual property try to maintain their grip on their property, which is becoming liquid. Similarly, the customers are wondering which providers are trustworthy. If there is no physical location at which to reach the other party, there needs to be some other form of reassurance that neither the service provided, or the payment, is fool's gold. Further, the parties need to be certain that in the process of acquiring these assurances, neither party is put at unnecessary disadvantage. In particular, the privacy of the individuals needs to be protected from abuse by less reputable corporations.
The goal of the STAMI project (Security Technologies and Attitudes in Mobile IPR) is to study the security concepts and technologies involved in digital information management, along with the applications in a mobile digital environment. Central aspects are the validity of information, and protection of information concerning personal privacy of individuals. These aspects will be studied in co-operation with other projects in the Digital Economy program at HIIT (Helsinki Institute for Information Technology). Other projects are, for instance, concentrating on researching the economic and legal aspects of new business models.
The activities in STAMI have been divided in two focus areas, which define the areas of interest as well the approaches used on a general level.
Information Validity Management
Some types of information have a natural validity period, i.e., they are useful for only a limited period after which they have only limited usability. These include offers, traffic information, news etc. For these kinds of information it is important that they come from a reliable source and that they are current. In these cases the users are likely to be willing to co-operate in making the information reliable and we are thus not dependent on trusted platforms or similar limitations.
The goal of this focus area is to examine the validity management of different kinds of information using certificates. In this focus area we'll look at the requirements of managing some selected types of information, the different validity management techniques of certificates and conclude by proposing a solution. The results include scientific papers, a licentiate's thesis and a doctoral dissertation.
Privacy in mobile IPR solutions
Mobile services are most likely to pose many new requirements for the underlying infrastructure. New terminal devices will use new protocols, new media and so on. Security and privacy must be considered, planned and built in to these from the beginning. Privacy can be considered as a independent high-regarded value to be protected. The more concrete aspects are confidentiality, integrity and availability, just to list some of them. Välimäki et al. lists several different parties and actors in the chain from the content provider to the subscriber, who are just communicating the information. There are many open questions on what kind of information these intermediaries need to know in order to provide the service which is being used.
This focus area will start by looking at the existing and emerging business models for content distribution to mobile terminals. Then, we'll look at the security requirements these new services present. We'll proceed by looking at available security technologies. Based on these, we'll devise selected security solution concepts and implement prototypes to demonstrate their functionality. All along we shall also maintain active interest in the usability of these technologies and user attitudes to insure that the solutions proposed are both technically competent and still acceptable to the intended users.