SCA 2016 Forum on Mobile Security Technology Business Modeling Successfully Concludes in Beijing
On Oct. 27 and 28, 2016, the 2016 Forum on Mobile Security Technology Business Modeling was hosted by SCA with the support of China Telecommunication Technology Labs (CTTL), Bank Card Test Center (BCTC) and China Financial Certification Authority (CFCA). Presided over by SCA founder Mr. Neil Ding, the two-day event attracted over 200 attendees from 16 fields. This forum focused on the business models for mobile security technology. Among the speeches, the academician of the Chinese Academy of Engineering, Ni Guangnan, gave a detailed interpretation on "How to Accelerate Indigenous Innovation in Network Technology." His presentation helped the audience to clearly understand the leading thoughts on developing the network information industry in China. "On the one hand, security is the precondition for development, and on the other hand, development guarantees security. Security and development should progress simultaneously." He also pointed out that the number of terminals infected by a network virus in China was nearly 2,650,000 by July of 2016, with almost 200,000 IP-address-mapping hosts controlled by Trojans or Bots and more than 650,000 hosts infected by the Conficker Worm through IP addresses. In 2014, a report released by U.S. Center for Strategic and International Studies revealed that cyber-crime and economic espionage cost the global economy more than $445 billion annually. U.S., Germany and China suffered the greatest economic damage at $100 billion, $60 billion, $45 billion, respectively. Ni also said: "We should unswervingly enhance concerted efforts for indigenous innovation here in China and 'breakthroughs in research and application' of all projects including operating systems that are specified in China's 'crucial strategy to develop core technologies and devices in network information'."
Photo: Ni Guangnan, Academician of Chinese Academy of Engineering, delivering a speech
During the two-day forum, 16 experts from 14 public and private sectors delivered speeches on mobile security technology business modeling. Their topics included:
An Autonomous and Controllable Road for Information Security Development (by Ni Guangnan, academician of Chinese Academy of Engineering)
The Creation of Secure Products that Comply with China's and International EAL Certification Requirements (by SCA)
Thoughts on eSIM in the Age of IoE (by China Mobile Research Institute)
eSIM Technology and Its Testing Research (by CTTL)
The Evolution of Cellular IoT Technology and Its Industrial Application Exploration (by China Unicom Network Technology Research Institute)
Hand in Hand with IoT: Enjoying a Smart Future (by China Telecom IoT Operation Center)
The Challenges and Security Issue of IoT Application Deployment
The Past and Present of Private Data (by CFCA)
Authentication and Payment Application Based on Smart Wearables (by Beijing Watchdata)
An Insistence on Autonomy and Controllability in Developing the Smart Phone Security Industry (by China Electronics Technology Network Information Security Co., Ltd.)
Identity Authentication by Mobile Terminals and Their Security Precautions (by Qualcomm Wireless)
The Security Risks and Precautions of Barcode Payments (by BCTC)
How to Deal With TEE Fragmentation? (by Trustonic)
Enlarging the TEE Pie -- Build a Trusted Application Management Platform with OTrP (by OTrP)
Latest Developments and Applications of NB-IoT and Its Security Requirements (by CTTL)
Trends of Security Technology for Mobile Internet/IoT
Photo: Neil Ding, founder of SCA, hosting the conference
During the conference, the audience raised many questions on issues of their concern and many great ideas were referred by them for the next service or product upgrade.
Photo: An attendee interacting with the speaker
Photo: An attendee interacting with the speaker
Here are some excerpts from the exemplary presentations:
To protect private data, you first need to know what is sensitive personal information (SPI) and then you can protect it with specific measures. So what is sensitive personal information? It's personal information that, once damaged or modified, will have a negative impact on the subject such personal information identifies. It can be defined by different industries according to the specific content of SPI, the willingness of the personal information subject who receives their services and features of the services. Basically, SPI includes the ID card number, cellphone number, race, political status, religion, genes and fingerprints. General personal information is all personal information except the sensitive ones mentioned above. The definitions of two come from GB/Z8828-2012: Information Security Technology – Guideline for Personal Information Protection within Information System for Public and Commercial Services, which is the first national standard on information protection in China. Its release provides important guidance to the related business.
The evolving trends of authentication and payment tools lie in platform -- as smart phones boast increasingly higher performance and security, they evolved into a platform for security and applications, as well as in applications (shifting away from hardware) -- a wide range of authentication and payment tools have taken the form of software on the smart phone.
Smart wearables are another platform for security and applications after smart phones. Firstly, the improvement of smart wearables' performance and security enables wearable devices to run more applications. Secondly, smart wearables can be used as stand-alone authentication and payment device, which increases security. Thirdly, according to an official survey, just as in health and fitness, wearable payment is also highly accepted by users, ranking No. 3.
Encrypted phones, according to a speaker, are mainly used in special or high-end commercial areas and focus on communication security by encrypting voice, message and videos. China Electronics Technology Network Information Security has been involved in developing encrypted phones for a long time. They've invested in developing secure phones recently and have achieved some results. Indeed, the encrypted phone is a relatively small market. They encounter many restrictions in promotion, such as difficulties in R&D, a long lead time, a low level of standardization and an industry chain that is proving hard to connect. Besides, the customized R&D and production model they adopt also results in a long lead time, slow updates and high cost.
Concerning autonomous, controllable and secure smartphones, a speaker provided the following analysis: Though SE features high security and cost-effectiveness, it has its own problems, because the limitation of its resources leads to restricted application. Meanwhile, TEE features high interoperatibility and security. However, lack of hardware support still exposes it to some security risks, not applicable to some applications. In our opinion, TEE software should be combined with China-made autonomous and controllable SE chips to create a really secure platform for smart phones. Such a platform can be widely used in all kinds of R&D and the production of secure smart phones since it features high security, cost-effectiveness and interoperatibility as well as a short lead time. In addition, this platform can meet the diversified security demands of most users. It will be an effective way to develop the security industry for autonomous and controllable smartphones.
Security should always strike a balance with commercial application when it comes to information security. So should private data. Technically speaking, data needs to be classified as core data or different levels of peripheral data. Core data should be protected restrictively while peripheral data needs less effort. For example, just the integrity of public data needs to be ensured. Actually, China has many moves and plans to set up rules and regulations to improve personal data protection, but its standards cannot be established overnight. It takes time and China is on the process.
If a Chinese company wants to align with international standards, from an expert's point of view, it should first figure out what their business model will be, what their product will be and what it can give back to society. Then, they prepare for the product or service they want to provide based on these values. The product will definitely be competitive.
Another expert holds the view that when it comes to aligning with the international standards or entering the international market, Chinese companies are faced with the following challenges: First, a lack of international-minded talent, which leads to a handicap in communication with the international market and in deepening research and exchange; second, a lack of its own voice in the international market, which may be the result of the first challenge; third, a lack of innovation, making it hard to establish their own ecosystem, so they are not highly recognized by the international market.
(The above is only a small portion of the opinions from the conference. For more information, SCA members and attendees are entitled to download detailed reports and all presentations from the SCA website.)
This article is written by SCA. You are welcome to use it, but please indicate its source.
