By Brian Gilmore
Part one of this article appeared in the January/February issue of Connections Magazine and is available on-line in our article archives. See related links: ATSI’s Initiative and FAQs.
New Technologies for Wireless Text Messaging: When messages are sent via email as clear text from a telemessaging call center, they are extremely vulnerable as they traverse the Internet. As the text messages are transmitted over the air in clear text, they can also be easily intercepted and logged. This vulnerability is all the more important given the privacy issues raised by the Health Insurance Portability and Accountability Act (HIPAA) was discussed in more detail in part one of this article. After close consultation with the wireless text messaging industry, some preliminary solutions are emerging.
First, Telocator Alpha Paging (TAP) modem dialup should serve as a reasonably secure means of delivering unencrypted messages to the carrier’s network. This means of transmission is already used for the vast majority of wireless text messaging. All legacy telemessaging systems support it except a couple of wireless telephone carriers. TAP should be preserved until better standards for transferring wireless text messages from telemessaging call centers are implemented.
Second, the most practical solutions perform all encryption functions within the carrier’s network. These solutions require no change at the call center. Variations of such technology have been presented at two meetings of the Paging Technical Committee (PTC), the standards body of the paging industry. The proposed solution consists of installing an encryption server at the carrier’s location between the paging or Short Message Service (SMS) terminal and TAP dialup modems. Thus, incoming TAP pages are encrypted immediately upon being received by the carrier, before the messages reach the paging or SMS terminal. The message text remains in encrypted form throughout the radio transmission and as the message is received and stored on the wireless device.
This highlights the second part of the solution. Many wireless devices will need to be replaced in order to permit the reception and storage of encrypted data as well as the decryption of messages as they are displayed by the user.
Traditional one-way alpha pagers and non-programmable two-way alpha pagers will not be compatible with encrypted text messaging. Some existing programmable two-way devices are expected to be compatible with the addition of software upgrades. Several low cost and new, compatible programmable two-way devices are presently coming to market. There is at least one known one-way pager currently on the market that is capable of handling encrypted messages. Similar issues will apply to wireless telephone handsets. Some models are already suitable to run the software applications necessary to manage encrypted text messages.
Third, ensuring that all encryption and decryption takes place within the wireless network and the subscriber’s device resolves one of the most vexing issues of data security – key management. Encryption schemes require keys to scramble and unscramble message contents. There are several complex technical models describing how the keys are distributed to message senders and receivers.
This type of solution uses a single “secret key” or “symmetric key cryptography” eliminating the need for the call center, the client’s office staff, or the personnel carrying the wireless devices to know or manage encryption keys or passphrases. Before the device is delivered to the end user, the carrier will physically connect the subscriber device to its network for a few seconds coordinating the “secret key” between the device and the encryption server. From that point on, all communications between the encryption server and the wireless device are encrypted and no third party is aware of the encryption key shared.
The value of the carrier providing seamless and transparent encryption of message data cannot be overstated. From the perspective of the telemessaging call center, there is no change in procedure required, other than changing the TAP dialup modem number for pager units that will be exchanged for encrypted pagers.
The client can continue to use TAP dialup paging software or they can use a secure Web page to send text messages using the same Internet security technology used to place online orders. The sender using a secure Web page will probably not notice any difference from using an unsecured Web page. This technology is known as Secure Sockets Layer (SSL). SSL is active when you see a small padlock symbol in the lower right hand corner of your Web browser and the Web address is preceded by “https://” standing for Secure HyperText Transfer Protocol. SSL protects the Web page data as it crosses the Internet.
Alternative means of delivering text messages to the wireless carrier: Although it is highly desirable to continue to be able to deliver wireless text messages to carriers via TAP dialup modems for the time being, there are better solutions. One proposal being considered in the PTC, the technical standards body of the paging industry, also relies on SSL over the Internet. It is widely understood that a technically superior means of delivering wireless text messages to carriers is accomplished over the Internet using a standard called Wireless Communication Transfer Protocol (WCTP) . This standard defines a sophisticated means of exchanging wireless text messages including two-way text messages and detailed message content such as order information or medical data, via the XML Internet standard. XML stands for eXtensible Markup Language, a data interchange standard.
WCTP can be carried via SSL, which protects the XML data as it crosses the Internet from a call center system to a wireless carrier. Wireless carriers and their vendors are studying WCTP over SSL as a next generation alternative to TAP dialup modems.
No wireless carrier supports WCTP over SSL today, although implementation could be relatively swift and reasonably inexpensive according to some in the wireless text messaging industry. Similarly, no telemessaging system vendor supports WCTP over SSL today either.
A Windows PC as a WCTP Gateway: Supporting WCTP over SSL at a telemessaging call center could be relatively painless through the use of an inexpensive Windows PC with an Internet connection and a serial port connection to a TAP port on the telemessaging system. A Windows software program on the PC, called a WCTP Gateway, would receive TAP pages from the telemessaging system and send them to the paging carrier through the Internet using WCTP over SSL. The WCTP gateway would accept an acknowledgment from the wireless carrier and return a TAP acknowledgment to the TAS system.
From the perspective of the call center, the wireless text messages are being sent via TAP dialup modem, only much faster. All telemessaging system alpha paging features such as message character limits, automatic insertion of a system time, date or serial number, and marking the message as having been delivered to the wireless carrier are maintained without modification to the telemessaging system. On many systems, these are significant benefits over using email to attempt message delivery to a wireless carrier.
Gateway approach delivers more benefits: There are other advantages to using WCTP over SSL instead of TAP dialup modems. The associated telephone lines and telephone usage charges would be reduced or eliminated. There would be no need to track and change TAP dialup modem numbers periodically and experimenting with modem configurations and setup strings would be a thing of the past.
But most importantly, because WCTP over SSL is a two-way connection-based standard, more of the unrealized promises of two-way text messaging can be recognized in the call center. For example, some wireless networks can detect when a text message has been read on the device or when the user confirms receipt of the message on the device. This information can be used to mark a message delivered or continue with automated escalating relay steps (to other wireless devices) until message delivery has been confirmed, much as voice messaging systems handle “cascade paging” today. The data can be logged and extensive automated message delivery reporting can be generated, including the actions of the client employee carrying the text messaging device. These detailed and enhanced functions are not supported effectively today by any standards for connecting a telemessaging system to a wireless carrier’s network.
Some telemessaging system vendors may want to incorporate such features directly into their software. Other vendors and users of legacy systems may want to keep such specialized functions separate, handling them through a third party WCTP gateway. A WCTP gateway can communicate with a telemessaging system through other means than a serial TAP connection. For example, an Ethernet network connection between a WCTP gateway and a telemessaging system can be used. Alternatively, another text messaging standard already supported by some vendors, called Simple Network Paging Protocol (SNPP), could be employed.
Other uses for a WCTP Gateway PC: As more carriers begin to use WCTP, a single WCTP Gateway PC could handle multiple, simultaneous WCTP connections to various carriers. More serial TAP connections, or more Ethernet bandwidth or SNPP connections, with a TAS system can accommodate increased traffic.
Other wireless carriers may never support WCTP. As an example, AT&T Wireless has embraced a standard called Short Message Peer to Peer (SMPP) which also provides for secure wireless text message delivery from a call center to their network over a Virtual Private Network (VPN) through the Internet. The same WCTP Gateway PC used for TAP to WCTP software could also route text messages to AT&T Wireless via SMPP.
Even more standards for wireless text messaging may evolve. Wireless text messaging providers may begin to charge more for access to their networks or they may adopt pricing plans that make it difficult for smaller call centers to afford access to those networks. A WCTP Gateway PC may also serve to securely send messages to a service provider who aggregates text messages from many telemessaging call centers to send them to various carriers at better high volume rates.
No consensus exists yet: It is important to note that no consensus on the technical standards for these solutions exists yet. There are currently six national wireless telephone carriers, four national paging carriers, and over 100 regional and local paging carriers. The are several wireless phone and pager manufacturers, many wireless network infrastructure vendors, over 4000 telemessaging call centers, and over a half dozen major telemessaging vendors and user groups as well as many other consultants, independent software publishers, and engineers all working on these issues. Most of them are not aware of or concerned with the needs of the telemessaging industry.
ATSI is creating the Telemessaging Wireless Forum (TWF) to bring these parties together in order to make sure the telemessaging industry and vendors are in close contact with the carriers and their vendors. They hope to influence the standards chosen as the technology, regulatory, and competitive business conditions continue to evolve (see sidebar).
Acronyms Used in This Article
AAPC: American Association of Paging Carriers
BA: Business Associate
BAA: Business Associate Agreement
CE: Covered Entity
HHS: Health and Human Services
HIPAA: Health Insurance Portability and Accountability Act
PHI: Protected Health Information
PTC: Paging Technical Committee
RFC: Request For Comments
SSL: Secure Sockets Layer
SMPP: Short Message Peer to Peer
SMS: Short Message Service
SNPP: Simple Network Paging Protocol
TAP: Telocator Alpha Paging
TWF: Telemessaging Wireless Forum
VPN: Virtual Private Network
WCTP: Wireless Communication Transfer Protocol
XML: eXtensible Markup Language
[From Connection Magazine – March 2004]