If you read my books, I have been sceptical of ‘Location’. In fact, I remember starting a talk with a slide called ‘Location, Location, Location?’. The ‘?’ is not a typo. It’s to say – ‘Where is Location?’(Considering all the hype around it!)
Location based services(LBS) are one of the most useful and intuitive mobile applications. Everybody understands ‘Find my nearest’ and everyone agrees that it is useful to know your nearest restaurant/gas station/ATM etc when on the move.
Understandably, LBS apps have been hyped almost from the very beginning and regrettably, location based services are still(largely) not here with us as mass market applications.
The main inhibitor to LBS is privacy and security.
In the context of LBS, privacy and security has many facets – for instance statutory and legal, working with trusted third parties, encryption of security information etc.
Due to my interest with LBS, I have been having long discussions with Peter Cranstone CEO of 5o9inc – who has been outlining me their product.
I am now fairly convinced that it fulfils a gap within the LBS value chain.I outline their solution(as I understand it) below and I seek your thoughts and feedback.
Leaving aside the legal issues for the moment(which are being addressed by the relevant regulatory body in each country – for instance – laws about protecting minors), there is still the problem of protecting the location information especially in the context of GPS(which is now driving LBS services) : for instance phones like the Nokia N95 now have inbuilt GPS
The problem 5o9inc is addressing is: how to keep the location information(and for that matter any other private data elements) secure between the phone (where that information resides) and the web server(where that information is typically processed).
This is a very real problem which we will hit as GPS and other location based solutions become mainstream
Peter is an expert at security/encryption based applications, having co invented co-invented mod_gzip(in fact, I think the approach they have taken below mirrors the mod_zip approach but in the wireless context)
The solution could work in a number of scenarios:
a) Consumer: between the device and the web server
b) Enterprise with a mobile work force and
c) The Enterprise with mobile customers hitting their web site (search, retail, ecommerce etc).
It works as follows: The client’s data is held in an encrypted database on the mobile device. Every “field of data” that he/she wishes to transmit to the content provider remains under their control. The client side app allows the user to check or un-check the data field that gets transmitted. For instance they can share name, address, phone number, email address and current real time GPS location. If they wish not to share the GPS location simply disable the field. When the data leaves the mobile device and 5o9 applies encryption to protect it during transit. It’s transparent to routers, firewalls, Carrier portals etc. The data then shows up at the web server. It’s unencrypted and then is available for back office applications.
Thus, it functions like a tollgate between the device and the web server.
Physically, the application is a mobile browser plug-in and a web server module
I can see applications for this service both at the enterprise and the consumer level.
For consumer uptake, it is designed to work with parties like device manufacturers, browser vendors or Operators because it does not change the underlying infrastructure (again mirroring the approach they took with mod_gzip).
Thus, it appears to solve a very real problem taking a relatively pain free approach (i.e. not changing the underlying architecture).
Seek your views and feedback on this approach?