ORIGINAL ARTICLE MobiPass: a passport for mobile business Robert Steele Æ Will Tao Received: 28 May 2006 / Accepted: 1 August 2006 / Published online: 3 November 2006 Ó Springer-Verlag London Limited 2006 Abstract While pervasive computing provides a potentially vast business opportunity for many industry participants, it also carries challenges along with it. In this paper, a passport-based architecture has been proposed to convert this unpredictable, highly dynamic pervasive environment into a trusted business plat- form. It utilizes the widely accepted passport concept here named MobiPass to evaluate and classify the po- tential mobile entities into a trustworthy form. It allows fine-grained access control without necessarily having had prior interaction with or knowledge of other par- ties and environments by setting customized rules against a MobiPolicy. A detailed case study has been introduced to demonstrate how the MobiPass archi- tecture can help customers and retailers to build a strong trusted connection and how the shopping experience can be enriched and efficiency improved. 1 Introduction Being regarded as the third wave of the computing revolution, ubiquitous computing is on the horizon to permeate modern business and community activities. As it has been stated, ‘‘the most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistin- guishable from it’’ [1]. Ubiquitous computing envisions a world embedded with a vast number of visible or invisible computing artifacts. Ubiquitous computing is producing a pro- found effect on the way people use services and information, enabling new types of context aware ser- vices. Ultimately, these technologies will support a world of ubiquitous commerce [2]. Enormous business opportunities from ubiquitous computing are emerging, from adopted services such as mobile banking to emerging services such as location- based services and remote monitoring services. Ubiq- uitous computing provides a huge platform to allow industry participants to catch this ‘‘wave’’. However, for ubiquitous computing to gain wide- spread adoption and success, certain requirements must be satisfied. One of the major concerns to deter ubiquitous commerce is that currently there is no effective approach to building a trusted environment in such a highly dynamic, unpredictable environment; in other words, there must exist a feasible mechanism to protect sensitive information when mobile entities interact with each other while still allowing the nec- essary information to be exchanged for useful mobile interaction, so as to allow the success of ubiquitous business [3, 4]. As ubiquitous computing is based on a massive networked environment with a large population of di- verse smart mobile entities, it poses a new challenge from traditional computing. It is hard to know in ad- vance which entities will be interacted with and a re- quest can come from unknown environments or entities where holistic information is not available [5, R. Steele (&) Á W. Tao Faculty of Information Technology, University of Technology, Sydney, P.O. Box 123, Broadway, NSW, Australia 2007 e-mail: rsteele@it.uts.edu.au W. Tao e-mail: wtao@it.uts.edu.au 123 Pers Ubiquit Comput (2007) 11:157–169 DOI 10.1007/s00779-006-0100-9