مدیریت معامله برای تجارت الکترونیک تلفن همراه در یک پایانه تلفن همراه

Although there has been a lot of discussion of “transactions” in mobile e-commerce (m-commerce), little attention has been paid for distributed transactional properties of the computations facilitating m-commerce. In this paper we first present a requirement analysis for m-commerce transactions, a graph-based transaction model, and a Transaction Manager (TM) architecture for a wireless application that protects m-commerce workflows against communication link, application, or terminal crash. The application interface, modules and log structure, as well as a pilot implementation of this TM for the location-based application are presented. We further discuss other alternatives to design such a TM that together can be called “Ontological Transaction Monitor”, which assumes also monitoring constraints related to security and privacy.

The main driving force for the rapid acceptance of small mobile devices is the capability to get services and run applications at any time and at any place, especially while on the move [1]. The experience from Japanese market shows that the most important factor is that the terminals are permanently carried around, and thus people can use so-called “niche-time” to use the gadgets for various things [2] and [3]. The telecom industry estimates that there are now (winter 2005) 1.7 billion mobile users. According to some market analysis nearly half of the devices were internet-enabled in 2004 and the tendency is growing [4]. This means that at least 500 million, perhaps nearly one billion Internet-enabled mobile phones will be in use in the world in 2006. The number of these mobile Internet-enabled terminals, sometimes also called Personal Trusted Devices (PTDs), has exceeded the number of fixed-line Internet terminals around 2003 [5]. The term mobile commerce (m-commerce) is closely related with the term electronic commerce (e-commerce), both historically and conceptually. The definition of OECD for e-commerce is based on the concept of electronic (commerce) transaction. “An electronic transaction is the sale or purchase of goods or services, whether between businesses, households, individuals, governments, and other public or private organisations, conducted over computer-mediated networks. The goods and services are ordered over those networks, but the payment and the ultimate delivery of the good or service may be conducted on or off-line” [6]. E-commerce can be defined to consist of launching and performing electronic commerce transactions in the above sense. M-commerce consist, correspondingly, of launching and performing m-commerce transactions. An m-commerce transaction is an electronic transaction that is conducted using a mobile terminal and a wireless access network, such as Wireless LAN, 2G or 3G telecom network, Bluetooth connection, or an Infrared connection. Notice, that this definition excludes those e-commerce transactions from m-commerce sphere, where the terminal is not mobile, albeit wirelessly connected, and the case where a portable terminal is connected with a fixed line to the network. On the other hand, laptops and even fixed terminals in cars, as well as all small portable telecom terminals and even Personal Area Networks (PAN) are included into the scope of the definition, if the conditions above are fulfilled. In literature, also the term mobile business (or m-business) is used instead of m-commerce. We take the same view as the authors of [7] and [8] that m-commerce is a subset of m-business, i.e. it consists of those activities where economic value is transferred from some party to another one as a part of the transaction. Based on the above definitions, one can speak about m-commerce market and of its size, measured as the sum of the values of the m-commerce transactions. In Japan, the market size was 24 billion US-dollars in 2003, of which $7 billion consisted of various mobile contents, including gambling, and 17 billions went into the wireless packet charges levied by the operators [9]. Global mobile commerce market – comprising concretely mobile entertainment downloads, ticket purchases and POS transactions – will grow to $88 billion by 2009, according to a Jupiter Research forecast [4]. About 50% of the market would be entertainment downloads and the rest ticket purchases. POS transactions would be worth of only $300 million in 2009. M-commerce transactions are an important class of applications on the PTD already now, and the above figures suggest that their importance will grow in the future. Thus, it is of high importance that the infrastructure offers proper security and transactional means to protect all actors in the environment against system crashes, but also against malicious actors and criminals. In the above definition of m-commerce the notion of electronic transaction occurs. Looking at the context, the meaning of the term clearly points to a business transaction, as it is known in economics. Embedding the term into a particular technology is done from the perspective that information and communication technology mediates or facilitates these business transactions. The exact properties of the relevant technological artefacts are not at all addressed by the definition. Indeed, it is not very clear yet what kind of technical artefacts should correspond to the m-commerce transactions, as defined above. Taking a small step back into history, we can see a similar situation. The term “transaction” used to have almost ten closely related, but different meanings, already fifteen year ago, ranging from business transactions, over messages that mediate the contents needed in business transactions, to formal model of program execution within a database system [10] and [11]. A transaction with ACID properties, i.e. an execution of a set of commands generated by an application or user within a DBMS in a serializable and at least recoverable manner [12] is conceptually and practically certainly something else than buying a book using a mobile terminal. Still, they have the commonality, that with a rather high probability the e-commerce system recording the customer order and other steps in the book delivery process uses one or several DBMS and their transaction processing capabilities to guarantee unique view on the responsibilities towards the customer. Thus, m-commerce transactions should somehow subsume traditional DBMS transactions, but evidently, this is not yet enough, because there is the wireless tiny terminal, wireless access network and often a portion of Internet that are playing a role as facilitators of the m-commerce transactions. During the late 1970’s and early 1980’s, it was already recognized that the transactional properties (or something very similar) are needed for distributed computations in general. The centralized transaction model was first extended to support distributed transactions in a distributed database context [12], [13] and [14]. Soon it became evident that distributed transactions could not be reasonably used in autonomous environments or in such environments where the transactions last hours or even weeks. Many “advanced” transaction models were developed for these environments and many of them are published in [15]. More complicated models present individual transactional computations as trees with height larger than one. One modelling dimension is the selection of the correctness criteria that divide the computations, modelled as linear operation histories or trees, into acceptable and non-acceptable ones. A standard way of doing this is to set up an equivalence relation among histories or trees and classify those, which are equivalent to a serial history or serial forest as serializable, i.e. acceptable. Check e.g. [16] and [11] for a more complete analysis of diverse transaction modelling incentives. Is m-commerce an area that would again need its own transaction model? Isn’t the work of MeT already performed enough? Something called mobile e-commerce transactions have been indeed developed among others in an industry-led consortium called MeT-forum, later MeT Ltd [17]. This effort has produced public white papers [5] where the opportunities and risks of m-commerce are discussed. Scenarios (business models) for five subtypes of m-commerce have been developed. Protocols to support them are defined in technical documents of MeT. On June 12th, 2002, a larger consortium called Open Mobile Software Alliance (OMA) was announced [18]. Its goal is to create a truly global and interoperable m-commerce market. The key technical goal is end-to-end interoperability at the service level and thus end-to-end transactional properties of the services should also be considered. MeT Ltd will cooperate closely with OMA. They have a cooperation agreement [18]. In a closer look the need to go beyond individual messages and message exchanges, i.e. protocols, becomes more than evident, because the overall business transaction can consist of several interactions with different actors, such as merchants, financial institutions and logistic companies; interruptions between the phases can cause for example the order to be accepted but the goods not been paid, or goods been paid but not delivered, etc. The infrastructure should offer mechanisms that help in avoiding these. Such research was considered vital e.g. in Asilomar report [19]. Another issue is the security and trust closely related with the infrastructure and mobile terminals. Unless people feel that m-commerce infrastructure is secure and protects their privacy they do not want to use it. Therefore, security and privacy should be combined in a new way with the transactional mechanisms into an integrated environment [20]. Appropriate risks are discussed e.g. in [21] and [22]. These aspects are addressed also in [5], where the transactions are divided into remote, local, and personal. The remote transactions are performed over a digital mobile public network, local ones over a local link, and the personal ones among devices controlled by the user. We exclude in this context the personal transactions in the above sense, because a person cannot reasonably have commercial transactions with him- or herself. Let us from now on view the m-commerce transactions from the technical point view, consisting of computations and communications facilitated by the infrastructure. In this view they are inherently distributed, because there are parts running at different computers and these are tied together over a wireless link by a communication protocol. From the structural modelling point of view, they can be viewed as a special kind of workflows. In this, more formal structural view, an m-commerce transaction refers to: • a specification of a m-commerce workflow composed of interoperable specifications at different actors; • enactment of the specification by the distributed m-commerce infrastructure, comprising the execution of the relevant protocols and the local steps launched by the protocol message exchanges at different players. The properties of m-commerce transactions are evidently different from the traditional centralized and distributed database transactions [12] and [14]. The same is true also for many “advanced” transaction models developed (e.g. [15], [16] and [11]), although some known transaction models are designed for application environments with similar properties as m-commerce environment. Here of particular relevance is the S-transaction model [10] and [23] developed for international banking environment with strong autonomy properties. Sagas [24] and nested sagas [25] and [26] are also of relevance, but as a special case of S-transactions they do not need to be paid a special attention to. The most relevant work is reported in [27] where the workflow specification, the transaction specification and execution graph are closely tied together. We analyze below more closely the commonalties and differences of m-commerce workflows and those in [27]. One of the most important developments from m-commerce transactions point of view is that the terminals are being developed towards Personal Trusted Devices (PTDs) containing private keys, private and corporate information, and perhaps also credit card information and wireless cash. Stealing or misusing such a device or information carried in it can cause great damage for the device owner and other parties involved. One of the starting points of our work is to design such a transaction model and corresponding transactional mechanism in the m-commerce environment that is intertwined with security, privacy, authentication, and authorization mechanisms (cf. [5]). As special e-commerce transactions, m-commerce transactions complying with the model should guarantee the atomicity notions introduced in [28] for e-commerce, which as such can be formulated as special kind of semantic constraints between subtransactions of S-transactions (cf. [10] and [23]). In the sequel we deepen the above analysis about the need and form of transaction modelling for m-commerce environments. In Section 2 we relate business models and transaction modelling concepts with each other. This is done by analyzing two of the five business scenario types suggested by MeT [5]. Based on this analysis we refine transactional requirements and properties, as well as compare them with known transaction models. In Section 3 we describe a more complete transaction model for m-commerce satisfying the requirements and deduce and analyze more in detail the properties of this transaction model. In Section 4 we discuss shortly the implementation aspects of a simple transaction manager. In Section 5 we look for a more sophisticated design. In Section 6 we give some samples of related work. Section 7 concludes.

Currently one can see the emergence of at least five different kinds of m-commerce transaction types: Internet e-commerce over wireless access networks, location-based services, ticketing applications, retail shopping, and banking. M-commerce operates partially in a different environment than Internet e-commerce due to the special characteristics and constraints of the terminals, sometimes called Personal Trusted Devices, and networks, and the context, situations and circumstances that people use their PTDs while roaming. In this paper, we have analysed the business models and ensuing transactional requirements in the environment and deduce key ingredients for a transaction model necessary for m-commerce environments. We concentrated mostly on the two first types of m-commerce transactions mentioned above in this paper, namely mobile Internet e-commerce and location-based services. Central conclusions are that m-commerce transactions in a strong sense are needed. The key insight is that m-commerce transactions should be seen as distributed workflows with transactional properties. Their modelling can be based on RDAGs and their properties expressed using these. It is evident from the analysis of the m-commerce environment that only the first level below the root transaction is controllable by the root. The deeper levels in the execution hierarchy are dictated by the business relationships between the business actors and can neither be determined nor controlled by the customer launching the m-commerce transaction on her terminal. M-commerce transactions as transactional workflows are relatives of S-transactions, i.e. structurally RDAGs, long lasting, contain cancellations and real actions. A form of semantic atomicity (preferably certified delivery [28]) is the property they try to enforce. Another important conclusion is that the security and privacy issues must be combined in a different way with the transaction modelling concepts than before. This is mainly because the devices used to launch m-commerce transactions can be stolen by malicious people and thus the transaction root “hijacked” by them. Another issue related with loosing the device is that privacy can be jeopardized due to the information contained in the transaction logs or elsewhere within the device. The m-commerce environment is global, highly autonomous and heterogeneous due to roaming, different regulatory frameworks and existing and emerging business models. This causes roaming heterogeneity, a new form of heterogeneity, to emerge. That and other forms of heterogeneity make it worthwhile to develop standard solutions to reduce heterogeneity and make global m-commerce possible, an important task for Open Mobile Alliance. As the experience with Symbay shows, this is not always easy. An important conclusion is that the m-commerce transactions are important both conceptually and also pragmatically, especially when the mobile commerce revenues grow. Although at least to certain extent coherent view on them has been presented here, rendering e.g. standard software at the terminal feasible, much more detailed work is needed. Especially the marriage of Semantic Web and transaction concepts requires a lot of work, but promises interesting results. The formal m-commerce transaction model with its typical properties is for further study.