NEW YORK-A Cellular Telecommunications Industry Association group is developing recommendations for handset manufacturers that would reduce fraud potential and facilitate over-the-air customer activations for non-Global System for Mobile Communications carriers.
The CTIA Fraud Technology Assessment Group, charged with evaluating and recommending new fraud-prevention measures, has been working on the proposals for more than a year, said Brian Green, an FTAG member who is director of fraud prevention and program management for AirTouch Communications Inc. The group last met in late May and will reconvene later this summer.
Customer installation
The measures under consideration fall into three basic categories, according to Rick Kemper, CTIA’s director for secure systems. The first, which has two parts, generally would promote a flexible but somewhat standardized approach for easy customer installation of authentication-key information into the handset from the handset-either by a few strokes on the keypad or via a box that plugs into the data port.
The procedure for A-key programming via the keypad remains unresolved due to competing approaches by various manufacturers. However, at least two companies-Synacom Technology Inc. and ASI-already have developed devices to permit data port programming of authentication information. The goal of the CTIA group’s efforts is to help ensure widespread compatibility between these devices and the various handsets available.
AirTouch is one of the carriers that has deployed Synacom’s CloneSafe Validator, for which companies like Ericsson Inc. and Lucent Technologies Inc. serve as resellers, said Leslie Ranney, Synacom’s marketing communications director.
GTE Telecommunications Services Inc., which offers carriers a third-party encrypted A-key management center and repository, also is developing a point-of-sale data port programming device that could be unveiled within a few months.
“The technology is patented … We are in partnership with Ora Electronics for manufacturing the devices,” said Bob McClure, product manager for GTE TSI’s Encrypto-A-Key Management Center and Repository.
Whether using the keypad or the data port, neither the end user nor the carrier’s customer service representatives would have access to the actual A-key information.
Encrypting at the source
The second proposal would promote encrypting A-key information at handset manufacturing facilities and deleting that information from the vendors’ databases once it is transferred to their carrier customers. Green said the motivation behind this idea is to hinder fraudsters from a one-stop-shop capability should they ascertain how to access the data link between the handset vendor or its phone repository and the carrier customer.
Standardization
The third proposal would standardize the formatting of authentication information to relieve carriers and phone makers of the necessity to keep multiple computer formats.
“The industry’s belief is that, when it comes to fraud protection and a common way of doing it, following the pack should not add anything to the price of a handset,” Green said. He referred to all four CTIA group recommendations in the works.
FTAG members are carriers only, and any wireless services network operator that is a CTIA member may participate, he said. FTAG also extends invitations to all handset and infrastructure vendors.
Carriers’ view
Bell Atlantic Mobile, AT&T Wireless Services Inc., SBC Communications Inc., PrimeCo Personal Communications L.P., 360
