Project: ASPIS - A Secure Platform for IPTV Systems

For years, TV broadcasting has formed the most preferable one-way communication medium to reach large audiences. The wide spread of the Internet during the last decade, as an alternate bidirectional multimedia communication paradigm, has paved the way to eliminate the monolithic audiovisual experience associated with TV and added interactivity, for the end user through the return channel. In this context, we are moving towards the “Web inside TV” era, that offers the end users the experience of the information retrieval or generic communication they have when connected on the Internet. One of the important and, admittedly difficult to implement, aspects of the Web world is related to sharing personal and private information._x000D_One of the problems on the way of developing new IPTV base services is that IPTV systems were originally designed for one-way information flow. The flow of information from the user to the application is limited by the input device, which is normally a remote control. While this makes IPTV systems truly simple and lowers an entry barrier for novice users, it poses a problem for services that require customers to enter personal data, which is often necessary for the services to be effectively personalized._x000D_A related and yet more complicated problem emerges as the users are required to share their financial information. IPTV software is not suitable to check authenticity of the other party and IPTV users are in many cases not well computer literate to identify potential fraud. One of the common solutions to this type of problem is the chain of trust, where trust diffuses trust and mistrust diffuses mistrust. Therefore if party A trusts some third party C which is also trusted by party B, then a trustful relationship between parties A and B can be established. These chains can take two different forms. In one, the existence of a chain of trust is used to check authenticity of the other party; this is the approach employed when verifying SSL certificates. The other option is when the third party C acts as transaction mediator revealing only a minimal required amount of sensitive information and often handling financial transactions. The latter method is sometimes referred to as checkout systems._x000D__x000D_As TV systems are becoming more interactive, the traditional telemarketing should follow the trend and converge with online shopping, becoming an e-Commerce business. The availability of e-Commerce through a ubiquitous technology should particularly benefit the growing elderly population & disadvantaged groups, who would often find it more convenient to browse shops’ catalogs and make orders from the comfort of their own home, and who may not have or be comfortable with the use of a PC. However, the use of such systems would be extremely limited as it is not realistic to expect users to fill personal details required for the purchase using such unsuitable device as remote control and in many cases they would not entrust their financial details to an unknown third party._x000D__x000D_ASPIS platform suggests a way to solve a number of problems of handling personal information in IPTV based applications, establishing a chain of trust between the customer and the application provider with the triple play service provider as the transaction mediator. It also addresses the problem of repeatedly filling in personal details. Moreover, it increases the security of one’s personal details as they are stored in one place, namely the triple play provider’s database, and shared in a controlled manner upon a confirmed request only._x000D__x000D_The most obvious application for the ASPIS system that reveals its full potential is an I PTV-based e-Commerce solution. This kind of application would require sharing personal details such as name, address and require payment to be processed. Moreover, this kind of usage raises greatest concerns as financial information is involved. The steps in a typical use case would be:_x000D_• Customer selects an IPTV shop from the system menu OR enters a URL of a third party web shop he learned elsewhere._x000D_• Customer selects a product in the shop and proceeds to checkout._x000D_• Customer is given an option to use ASPIS of his IPTV provider and customer accepts it._x000D_• IPTV shop requests customer’s ASPIS service for his personal details and payment_x000D_• ASPIS system requests customer’s confirmation of the transaction._x000D_• Required personal details are transmitted from provider to the shop._x000D_• Customer’s account is charged and the shop is notified about that the order can be processed._x000D__x000D_As an additional example, ASPIS can enable users to quickly make donations that could potentially be anonymous. This is achieved in a manner very similar to the scenario above, however if anonymous donations are accepted; personal information can be requested as optional thus allowing the user to perform the financial transaction without revealing any of the personal details.

Acronym ASPIS (Reference Number: 4823)
Duration 01/07/2009 - 01/08/2011
Project Topic To develop a technical solution that will allow users to share their personal details in an easy, controlled and secure manner on the IPTV platform. This will lead to broader adoption of IPTV turning it into a vastly more interactive medium.
Project Results
(after finalisation)
The project developed a fully functional payment solution that provides security and convenience to the end users. The solution enables users to provide their personal and payment information through a trusted and secure channel.
Network Eurostars
Call Eurostars Cut-Off 2

Project partner

Number Name Role Country
4 EUROCONSULTANTS S.A. Partner Greece
4 PRIMETEL PLC Coordinator Cyprus
4 EUROCONSULTANTS S.A. Partner Greece
4 Global Security Intelligence Partner United Kingdom