UNIT-2

2.1 MOBILE AND WIRELESS DEVICES: INTRODUCTION

 Computing tools help us process and share information.
 "Wireless" means connecting devices without physical wires.
 Wireless computing lets devices like phones and laptops share data without cables.
 It uses wireless networks like Wi-Fi for connections.
 Devices, even without wires, can smartly send/receive pictures, videos, or documents.
 They can communicate directly without relying on a central network.
 Wireless computing is common in daily life, especially with phones and gadgets.
Definition of Mobile and Wireless:
 Mobile: Devices you can use while moving around, like laptops and phones. Not for fixed things at home.
 Wireless: Doing things without physical wires. Like sending messages between phones without cables. Devices
connect without being physically linked by wires.
Mobile Devices:
 Devices like smartphones, tablets, and E-readers are considered mobile.
 They can do things like making phone calls, taking pictures or videos, recording, and determining location.
 Mobile devices are widely used for communication, including text messaging, email, and phone calls.
 They may have features for synchronizing data with remote locations.
 If a device can only store data without processing or transmitting it, it's a portable storage device, not a mobile
device.
Challenges with Mobile Devices:
 Anti-Forensic Techniques:
o Figuring out what happened on mobile devices is not as easy as with computers because the tricks to hide
information (anti-forensic techniques) are not well-known yet.
o Imagine it like solving a mystery – sometimes, people try to hide clues on mobiles, and it's a challenge for
investigators because they don't know all the tricks used.
 Encryption and Device Types:
o The way information is kept secret (encryption) on mobiles and the specific type of device used can make
it either easier or harder for forensic experts to analyze.
o It's a bit like having different locks on doors – some are easier to pick, and some are more complicated.
The same goes for mobiles; depending on how they protect information, it can affect how tough it is for
investigators to understand what happened.
Computers vs. Mobile Devices:
 Computers and laptops, along with mobile devices, are high-priority targets for communication interception.
 Covert communication through computers is more convenient due to larger monitors, full-size keyboards, and easy
access to various tasks.
Wireless Communication:
 Wireless' involves transmitting voice and data via radio waves.
 Wireless devices use networks without physical connections.
 Wireless networks can be accessed by both mobile and fixed-location users.
  Applications must be designed considering constraints like limited resources, low network bandwidth, and
intermittent connectivity.
Wireless Applications:
 Applications tailored to specific device characteristics are classified as mobile or wireless.
 Wireless applications may not necessarily be mobile, as they can operate in stationary environments.
 Examples include wireless local area networks (WLANs) for desktops and satellite access in remote areas.
 Some mobile applications may not operate wirelessly but can benefit from it when available.
Figure 2.1 depicts the relationship between mobile and wireless. In most cases, wireless is a subset of mobile; but in many
cases, an application can be mobile without being wireless.

2.2 PROLIFERATION (GROWTH) OF MOBILE AND WIRELESS DEVICES

 Increased Device Use: More people use phones and gadgets because they're cooler and more helpful.
 Tech Improvements: Technology is getting better, making devices faster and more useful.
 Impact on Lives: Phones and gadgets are changing how we live, work, and learn.
 Challenges: We need to be careful about privacy and security while using these devices.
 Positive Changes: Devices are improving, connecting us all and making life better, despite some challenges.

Key factors contributing to the proliferation of mobile and wireless devices:

 Tech Improvements: Better mobile tech, like faster processors and bigger storage, makes devices more attractive.
 5G Connectivity: Faster and reliable internet, especially with 5G, ensures smooth streaming and real-time
communication.
 Device Variety: Many types of devices (phones, tablets, smartwatches) cater to different needs.
 Smartphone Ubiquity: Smartphones, being versatile and portable, are everywhere, serving various functions.
 App Availability: Lots of apps for socializing, working, and entertainment make mobile devices more useful.
 Remote Work Impact: Mobiles are crucial for remote work, keeping people productive anywhere.
 Affordability: Cheaper smartphones and data plans make mobile devices accessible to more people.
 IoT Integration: Connecting mobiles with IoT and wearables expands their uses seamlessly.
 Consumer Demand: People want devices for easy access to info, entertainment, and services on the go.
 Education and Work Use: Schools and companies using mobiles for learning and productivity boost device usage.

2.2.1 Evolution of Mobile Wireless Communication

Mobile wireless communication system has gone through several evolution stages in the past few decades after the
introduction of the first-generation mobile network in the early 1980s. Due to huge demand for more connections
worldwide, mobile communication standards advanced rapidly to support more users. Let's take a look at the evolution
stages of wireless technologies for mobile communication.
The invention of the first mobile phone - The evolution begins: Martin Cooper, an engineer at Motorola during the 1970s
working on a handheld device capable of two-way communication wirelessly, invented the first-generation mobile phone.
It was initially developed to use in a car; the first prototype was tested in 1974. This invention is considered a turning point
in wireless communication which led to an evolution of many technologies and standards in the future.
1. 1G-First-generation mobile communication system:
The first generation of mobile networks was deployed in Japan by Nippon Telephone and Telegraph Company
(NTT) in Tokyo in 1979. At the beginning of the 1980s, it gained popularity in the US, Finland, the UK and Europe. This
system used analog signals and it had many disadvantages due to technology limitations.
Most popular 1G system during the 1980s:
 Advanced Mobile Phone System (AMPS).
 Nordic Mobile Phone System (NMTS).
 Total Access Communication System (TACS).
 European Total Access Communication System (ETACS).
Key features (technology) of the 1G system:
 Frequency 800 MHz and 900 MHz.
 Bandwidth: 10 MHz (666 duplex channels with a bandwidth of 30 KHz).
 Technology: Analogue switching.
 Modulation: Frequency Modulation (FM).
 Mode of service: Voice only.
 Access technique: Frequency Division Multiple Access (FDMA).
Disadvantages of 1G system:
 Poor voice quality due to interference.
 Poor battery life.
 Large-sized mobile phones (not convenient to carry).
 Less security (calls could be decoded using an FM demodulator).
 A limited number of users and cell coverage.
 Roaming was not possible between similar systems.

2. 2G - Second generation communication system GSM:

The second generation of mobile communication systems introduced a new digital technology for wireless
transmission, also known as Global System for Mobile Communication (GSM). GSM technology became the base standard
for further development in wireless standards later. This standard could support up to 14.4 to 64kbps (maximum) data rate,
which is sufficient for SMS and email services.
Code Division Multiple Access (CDMA) systems developed by Qualcomm were also introduced and implemented
in the mid-1990s. CDMA has more features than GSM regarding spectral efficiency, number of users and data rate.
Key features of the 2G system:
 The digital system (switching).
 SMS services are possible.
  Roaming is possible.
 Enhanced security.
 Encrypted voice transmission.
 First internet at a lower data rate.
Disadvantages of the 2G system:
 Low data rate.
 Limited mobility.
 Less features on mobile devices.
 Limited number of users and hardware capability.

3. 2.5G and 2.75G system:

To support higher data rates, General Packet Radio Service (GPRS) was introduced and successfully deployed.
GPRS was capable of data rates up to 171kbps (maximum).
EDGE: Enhanced Data GSM Evolution was also developed to improve the data rate for GSM networks. EDGE
could support up to 473.6kbps (maximum). Another popular technology CDMA2000 was also introduced to support higher
data rates for CDMA networks. This technology can provide up to 384 kbps data rate (maximum).

4. 3G - Third-generation communication system:

Third-generation mobile communication started with the introduction of UMTS - Universal Mobile
Terrestrial/Telecommunication Systems. UMTS has a data rate of 384kbps and it supports video calling for the first time
on mobile devices.
After the introduction of the 3G mobile communication system, smartphones became popular across the globe.
Specific applications were developed for smartphones that handle multimedia chat, email, video calling, games, social
media and healthcare.
Key features of the 3G system:
 Higher data rate.
 Video calling.
 Enhanced security, more users and coverage.
 Mobile app support.
 Multimedia message support. Location tracking and maps.
 Better web browsing.
 TV streaming.
 High-quality 3D games.
 3.5G to 3.75 Systems.
To enhance the data rate in existing 3G networks, two technology improvements are introduced to the network.
HSDPA - High-Speed Downlink Packet Access and HSUPA -High-Speed Uplink Packet Access, developed and deployed
to the 3G networks. 3.5G network can support up to 2mbps data rate.
3.75 system is an improved version of the 3G network with HSPA+ High-Speed Packet Access Plus. Later this
system will evolve into a more powerful 3.9G system known as LTE (Long Term Evolution).
Disadvantages of 3G systems:
 Expensive spectrum licenses.
 Costly infrastructure, equipment and implementation.
 Higher bandwidth requirements to support a higher data rate.
 Costly mobile devices.
 Compatibility with older generation 2G systems and frequency bands.

5. 4G - Fourth-generation communication system:

4G systems are enhanced version of 3G networks developed by IEEE, offers higher data rate and are capable of
handling more advanced multimedia services. LTE and LTE advanced wireless technology used in 4th generation systems.
Furthermore, it has compatibility with the previous versions; thus, easier deployment and upgrade of LTE and LTE advanced
networks are possible.
Simultaneous transmission of voice and data is possible with an LTE system, which significantly improves the data
rate. All services, including voice services, can be transmitted over IP packets. Complex modulation schemes and carrier
aggregation are used to multiply uplink/downlink capacity.
Wireless transmission technologies like WiMAX are introduced in 4G systems to enhance data rate and network
performance.
Key features of the 4G system:
 Much higher data rates up to 1Gbps.
 Enhanced security and mobility.
 Reduced latency for mission-critical applications.
 High-definition video streaming and gaming.
 Voice over LTE network VoLTE (use IP packets for voice).
Disadvantages of the 4G system:
 Expensive hardware and infrastructure.
 Costly spectrum (in most countries, frequency bands are too expensive).
 High-end mobile devices compatible with 4G technology are required, which is costly.
 Wide deployment and upgrade are time-consuming.

6. 5G Fifth-generation communication system:

5G network is using advanced technologies to deliver ultra-fast internet and multimedia experience for customers.
Existing LTE advanced networks will transform into supercharged 5G networks in the future.
In earlier deployments, 5G network will function in non-standalone mode and standalone mode. In non-standalone
mode, both LTE spectrum and 5G-NRspectrum will be used together. Control signalling will be connected to the LTE core
network in non-standalone mode.
There will be a dedicated 5G core network higher bandwidth 5G - NR spectrum for standalone mode. The sub-6-
GHz spectrum of FR1 ranges are used in the initial deployments of 5G networks.
To achieve a higher data rate, 5G technology will use millimetre waves and unlicensed spectrums for data
transmission. An intricate modulation technique has been innovated to accommodate extensive data transmission speeds
for the Internet of Things. The utilization of Cloud-based network architecture is set to amplify the capabilities and
analytical potential across various sectors, including industrial applications, autonomous driving, healthcare, and security.
Key features of 5G technology:
 Ultra-fast mobile internet up to 10Gbps.
 Low latency in milliseconds (significant for mission-critical applications).
 Total cost deduction for data.
 Higher security and reliable network.
 Uses technologies like small cells and beam forming to improve efficiency.
 Forward compatibility network offers further enhancements in future.
 Cloud-based infrastructure offers power efficiency, easy maintenance and upgrade of hardware.
Fig. 2.2 Comparison of 1G to 5G Technology
Generation Speed Technology Key Features

1G (1970-1980s) 14.4 Kbps AMPS, NMT, TACS Voice only services

2G (1990 to 2000) 9.6/14.4 Kbps TDMA, CDMA Voice and Data services
2.5G to 2.75G 171.2 Kbps GPRS Voice, Data and web mobile internet, low speed
(2001-2004) 20-40 Kbps streaming services and email services
3G (2004-2005) 3.1 Mbps CDMA 2000 Voice, Data, Multimedia, support for smart phone
500-700 Kbps (1XRTT, EVDO) applications, faster web browsing, video calling and
UMTS and EDGE TV streaming
3.5G (2006-2010) 14.4 Mbps HSPA All the services from 3G network with enhanced speed
1-3 Mbps and more mobility
4G 100-300 Mbps WiMax, LTE and High speed, high quality voice over IP, HD multimedia
(December 2009) 3.5 Mbps Wi-Fi streaming, 3D gaming, HD video conferencing and
100 Mbps worldwide roaming.
(Wi-Fi)
5G 1 to 10 Gbps LTE advanced Super fast mobile internet, low latency network for
(November 2019) schemes, OMA and mission critical applications, Internet of Things,
NOMA security and surveillance, HD multimedia streaming,
autonomous driving, smart healthcare applications.

2.2.2 Mobile Computing

Mobile computing refers to the use of portable computing devices, such as smartphones, tablets, laptops and wearables, to
access and process information and applications while on the move. It allows users to access a wide range of services and
information regardless of their location, provided they have access to a suitable network.
Key aspects of mobile computing include:
 Portability: Mobile devices are designed to be easily carried and used on the go. They are lightweight, compact
and can be operated without being plugged into a power source for an extended period.
 Wireless Connectivity: Mobile devices connect to the internet and other devices using wireless technologies like
Wi-Fi, cellular networks (3G, 4G, 5G), Bluetooth and NFC (Near Field Communication).
 Applications and Services: Mobile computing involves the use of various applications and services, including
email, social media, GPS navigation, games, productivity tools, and more, often accessed through app stores or
web browsers.
 Location Awareness: Mobile devices often have GPS capabilities, allowing applications to determine the user's
location and provide location-based services.
 Synchronization and Cloud Computing: Mobile computing often involves synchronization of data with cloud
storage and services, allowing users to access their information from multiple devices.
  Battery Life: Optimising battery life is crucial in mobile computing, as users rely on the device's power source to
sustain usage throughout the day.
 Security: Mobile computing requires robust security measures to protect sensitive data, as mobile devices are more
susceptible to loss, theft and unauthorized access.
 User Interfaces: Mobile devices have specific user interfaces optimized for touchscreens and smaller screens, often
using gestures, swipes, and taps for interaction.
Mobile computing has revolutionized the way people communicate, work and access information. It has also driven the
development of various technologies and industries, such as mobile app development, mobile web development and the
Internet of Things (IoT).
Mobile computers come in various types, each designed for specific purposes and use cases.
1. Smartphones: Versatile devices combining phone, internet, and various apps for communication and
entertainment.
2. Tablets: Larger touchscreen devices between smartphones and laptops, ideal for applications, gaming, and
browsing.
3. Laptops (Notebooks): Portable computers with built-in keyboard and screen, offering desktop capabilities on the
go.
4. 2-in-1 Convertibles: Laptops that transform into tablets, providing flexibility with detachable or rotating screens.
5. Ultrabooks: Lightweight, thin laptops known for portability, long battery life, and high-quality displays.
6. Wearables: Devices like smartwatches and fitness trackers worn on the body, connecting to smartphones for
various functionalities.
7. E-readers: Dedicated devices for digital books and content with e-ink displays for an enhanced reading experience.
8. Handheld Computers: Small, lightweight devices used in industries for inventory management and specialized
applications.
9. Gaming Devices: Portable gaming consoles and smartphones for gaming on the go.
10. Vehicle-Mounted Computers: Mounted in vehicles for navigation, fleet management, and logistics in
transportation.
11. Phablets: Large smartphones offering a compromise between portability and a bigger display.
12. Netbooks: Small, affordable laptops designed for internet browsing and basic tasks.
13. Personal Digital Assistant (PDA): Pocket-sized computers supplementing desktops, providing access to contacts,
email, and notes.

2.2.3 Wireless Computing

Wireless computing, also known as wireless communication, involves the transfer of data between devices or systems
without the need for physical connections or cables. It relies on electromagnetic signals, such as radio waves or infrared, to
transmit information.
Here are key aspects and technologies related to wireless computing:
(i) Wireless Technologies:
 Wi-Fi (Wireless Fidelity): Enables devices to connect to local area networks (LANs) and the internet wirelessly
within a certain range.
 Bluetooth: Used for short-range wireless communication between devices, such as connecting a smartphone to a
headset or linking a laptop to a mouse.
  Cellular Networks (3G, 4G, 5G): Enable wireless communication over long distances, providing internet access
and mobile services on smartphones and other mobile devices.
 NFC (Near Field Communication): Allows close proximity communication between devices, commonly used for
contactless payments and data transfer.
 IR (Infrared): Transmits data using infrared light and is often used for short-range communication, such as
between remote controls and devices.
(ii) Wireless Device Types:
 Smartphones and Tablets: Key devices that heavily utilise various wireless technologies for communication,
internet access and data transfer.
 Laptops and Notebooks: Utilise Wi-Fi and often cellular connections for internet access and data transfer without
requiring physical connections.
 Wearables: Devices like smartwatches and fitness trackers that use wireless connectivity to communicate with
smartphones and other devices.
 IoT Devices: Various Internet of Things (IoT) devices, such as smart home devices, sensors and appliances, use
wireless connectivity to communicate and share data.
 Wireless Routers: Devices that enable the creation of wireless local networks, allowing multiple devices to connect
to the internet simultaneously.
(iii) Wireless Security: Security measures are crucial in wireless computing to protect data from unauthorized access and
ensure secure communication. This includes encryption, authentication and network security protocols.
(iv) Wireless Standards: Various organizations, such as IEEE (Institute of Electrical and Electronics Engineers), develop
and maintain wireless communication standards. Examples include IEEE 802.11 (Wi-Fi) and IEEE 802.15 (Bluetooth).
(v) Wireless Charging: Emerging technology that allows devices to be charged without physical connections using wireless
charging pads or stations based on technologies like Qi.
(vi) Mesh Networking: A network topology where each device can relay data to other devices, creating a self-healing and
scalable network. This is used in IoT and home automation for reliable communication.
(vii) Mobile Hotspots: Portable devices that provide internet access by creating a Wi-Fi network using cellular data,
allowing other devices to connect to the internet wirelessly.
Wireless computing has revolutionised communication and connectivity, enabling flexibility, mobility and convenience in
accessing information and services across a wide range of devices and applications.

2.3 TRENDS IN MOBILITY

 Fast-Changing Tech: The way we use technology is rapidly changing, affecting how we keep information safe
and use devices securely.
 Fourth Industrial Revolution: The digital and real worlds are merging due to technologies like IoT, automation,
robots, VR, and AI, marking the fourth industrial revolution.
 Everyday Impact: Changes are not just at work but also in everyday life, requiring us to prepare for the future.
 Seamless Travel: Imagine easy trip planning with smart tech suggesting the best options based on preferences and
affordability. Future transportation will be seamless and automated.
 Advanced Mobile Tech: Moving to 5G & 6G mobile tech means even faster and more useful phones.
 Smart Technology Appeal: Devices like iPhones and Androids show people love smart technology, but we must
also focus on cybersecurity to keep information safe.
  Cybersecurity Importance: Understanding mobile computing helps us deal with vital issues, especially in keeping
our information secure.

The trends in mobility reflect the way people move around is always changing, showing how things in mobility are always
shifting and getting more innovative in mobile computing and related technologies.
Some prominent trends in mobility are:
1) 5G Technology: 5G networks are spreading quickly, bringing much faster internet, less waiting time, and better
connections. This means we can look forward to new things like cooler augmented reality, virtual reality, self-
driving cars, and smart devices connected to the internet.
2) Internet of Things (IoT) Integration: More and more, we're seeing IoT (Internet of Things) technology being
used in our daily lives, from smart homes and cities to industries. This surge in IoT means there are now lots of
devices connected to the internet, giving us useful data and making things work more efficiently and conveniently.
3) Edge Computing: Edge computing means dealing with data closer to where it comes from, making things happen
faster and allowing instant analysis. This is super important for things like self-driving cars, remote healthcare, and
smart industrial devices.
4) Mobile App Development for Multiple Platforms: Cross-platform app development frameworks like Flutter and
React Native were gaining popularity, they help create apps that work on both Android and iPhone. This is
happening because it's a cost-effective and efficient way to build apps.
5) Augmented Reality (AR) and Virtual Reality (VR): AR and VR technologies were evolving and finding
applications in various sectors, including gaming, education, healthcare and retail. The development of AR glasses
and headsets was a notable focus, offering new possibilities for interactive experiences.
6) Mobile Security and Privacy: As more people use phones for important stuff, like transactions and saving data,
keeping them secure becomes a big deal. This includes using fingerprints or other biometrics, making sure messages
are private, and controlling what apps can do on your phone.
7) Mobile Commerce (m-Commerce): The growth of mobile commerce continued, with more users making
purchases through mobile apps. Integration of secure payment gateways, personalized shopping experiences and
convenient payment options were driving this trend.
8) Mobile Health (m-Health): Using mobile devices for health, like talking to doctors online, tracking health, fitness
apps, and getting reminders for medications, has become really popular. The COVID-19 situation made people
adopt these mobile health solutions even faster.
 9) Sustainability and Eco-Friendly Initiatives: More people caring about the environment means paying attention
to making mobile devices in a way that's good for the planet. This includes using materials that can be recycled,
making devices that use less energy, and being responsible when making them.
10) Artificial Intelligence (AI) Integration: Al and machine learning were being integrated into mobile apps to
enhance user experiences, personalize content and provide intelligent automation. Voice assistants and chatbots
were common Al-driven features.
11) Mobile-First Design and User Experience (UX): When creating apps, it's smart to think first about how they
work on phones and tablets. This is because a lot of people use their mobile devices a ton for browsing and using
apps, so making them work well on those devices is important.
12) Remote Work and Collaboration Tools: More people working from home means needing tools on mobiles for
teamwork. This includes apps for video meetings, managing projects, and sharing documents to make remote work
efficient.

2.4 CREDIT CARD FRAUDS IN MOBILE AND WIRELESS COMPUTING ERA

In today's digital world, electronic gadgets are super important for businesses. They help us stay connected to the
internet even when we're not in the traditional office. But, relying so much on these devices brings challenges, especially
in keeping them safe from cybercrime.
One big problem we're seeing more of is credit card fraud, especially in mobile banking (M-Banking) and mobile
commerce (M-COMMERCE). That means attackers are trying to steal your credit card info to make unauthorized purchases
or take money from your account. This is happening more because everyone is using powerful and affordable mobile
devices.
Wireless technology getting better is a big reason for these changes, especially for people who work in offices. It
also affects how we use credit cards. We can now make credit card transactions using our phones in many places.
This can be good for businesses, especially those always on the move like utility repairs or locksmiths. Even fancy
restaurants are using wireless technology to make credit card transactions more secure. But, with all these changes, there's
also a growing concern about credit card fraud. Companies can help us deal with identity theft, but we need better tools to
keep an eye on our accounts and stop risky transactions.

As shown in Fig. 2.5, the basic flow is as

follows:
1. Merchant sends a transaction to
bank;
2. The bank transmits the request to
the authorised cardholder;
3. The cardholder approves or rejects
(password protected);
4. The bank/merchant is notified;
5. The credit card transaction is
completed.
2.4.1 Elements of Credit Card Fraud
Credit card fraud involves actions that can harm the security of credit or debit card transactions. Here are some key aspects
of credit card fraud explained in a simple way:
1. Taking Someone Else's Card Information: This happens when someone gets, uses, sells, or buys another person's
credit or debit card information without permission.
2. Using Your Own Card Illegally: This occurs when someone knowingly uses their own credit or debit card that is
expired, revoked, or doesn't have enough money for the purchases.
3. Selling Stuff with a Stolen Card: This involves selling goods or services to someone else while knowing that the
credit or debit card used for the transaction was obtained illegally or without proper authorization.
4. Theft in Different Ways:
 Digging through Trash (Trash Theft): Some people go through thrown-away bills to make unauthorized
purchases using the found account details.
 Hacking (Cyber Theft): Cybercriminals may breach websites to steal credit card numbers and use them
without permission.
 Unscrupulous Employees (Employee Theft): Dishonest store clerks or restaurant waiters might secretly
take a photo of your credit card to make unauthorized purchases or create fake accounts.
These actions show the various ways people can commit credit card fraud. It's crucial to stay alert and implement security
measures to prevent such fraudulent activities.

Some fraud protection practices

Several strategies are employed to prevent fraud as mentioned below:
1. Refrain from disclosing your account number over the phone unless you initiated the call to a reputable company.
Research new contacts online before sharing sensitive information.
2. Carry your cards separately from your wallet to minimize losses in case of theft. Only take the necessary card for
your outing.
3. When making a transaction, monitor your card closely and ensure you retrieve it before leaving.
4. Never sign a blank receipt; mark through empty spaces above the total.
5. Retain your receipts to cross-check with your statement.
6. Promptly review your bills, either physically or online and verify transactions.
7. Report any suspicious charges to the card issuer.
8. Inform your card issuer of address changes or upcoming travels.
9. Avoid writing your account number on the outside of envelopes.
10. Maintaining vigilance in safeguarding personal information significantly reduces the risk of theft or fraud. Although
credit and debit cards offer inherent protections, the primary defense begins with the cardholder.

2.4.2 Credit Card (or debit card) Fraud

 Credit card or debit card fraud happens when someone uses a device to manipulate an ATM or a debit machine at
a store. This allows them to steal information from the card and the Personal Identification Number (PIN). After
obtaining this information, the fraudster uses it to make purchases or take money from the cardholder's account.
It's a type of identity theft where someone unauthorized takes another person's credit card details to make charges
or withdraw funds.
  Credit card fraud occurs when a person wrongfully gets, uses, signs, sells, buys, or fakes someone else's credit or
debit card information.
 This fraud also includes using one's own card, knowing it's expired or revoked, or that there isn't enough money
in the account to cover the purchases. It extends to selling goods or services to someone else, knowing that the
credit or debit card used for the transaction was obtained unlawfully or without permission.

2.4.3 Types of Credit Card Fraud

1. Lost or Stolen Cards:
 This is when your credit card is lost or stolen. It's important to report this immediately to minimize any potential
damages.
2. Account Takeover:
 A fraudster tricks you into sharing personal information, like your home address or mother's maiden name.
They then contact your bank, report a lost card, change the address, and get a new card in your name without
you knowing.
3. Counterfeit Cards:
 This happens when a fraudster steals information from one card and uses it to create a fake card for making
purchases. In some places, card skimming (stealing card info) used to be common, but safety features like EMV
chips have reduced such incidents.
4. Never Received:
 If your new or replacement card is stolen from the mail and doesn't reach you, it's called "never received."
5. Fraudulent Application:
 A fraudster uses someone else's name and information to apply for and get a credit card.
6. Multiple Imprint:
 In old-fashioned credit card transactions using imprint machines, fraud can occur when a single transaction is
recorded multiple times. These machines are sometimes known as "knuckle busters."

2.5 SECURITY CHALLENGES POSED BY MOBILE DEVICES

Mobile devices like smartphones and tablets have become a crucial part of our daily lives, helping us communicate, work
efficiently, and access various services. However, the widespread use of these devices has brought about significant security
concerns. The increasing reliance on mobile devices makes it easier for unauthorized access to computer systems, which
can lead to potential data breaches. To address this, organizations need to take precautions to reduce the risk of such
breaches.
Using mobile devices introduces two main cybersecurity challenges:
1. Taking Data Beyond Secure Boundaries:
 When we access data on our phones or tablets, it's no longer confined to secure physical locations. This poses a
risk of potential data breaches as information can be accessed remotely.
 Example: Imagine you store sensitive work documents on your tablet. Previously, these documents might have
been kept only on secure office computers. Now, with the ability to access these files on your tablet from
anywhere, the data is no longer limited to the secure environment of your office. If your tablet gets lost or stolen,
someone unauthorized could potentially access this sensitive information, leading to a data breach.
 2. Remote Access Allowing Entry into Protected Environments:
 The ability to access systems remotely through mobile devices means there's a risk of someone gaining
unauthorized entry into secure environments. This could lead to security issues if not properly managed.
 Example: Let's say your company allows employees to access work networks from their smartphones for
flexibility. If a hacker gains access to an employee's phone, they might use it as a gateway to enter the company's
secure systems. This unauthorized entry could lead to the compromise of sensitive company data or even allow
the hacker to disrupt operations. Proper management of remote access is crucial to prevent such security risks.
Organizations need to understand and address these challenges to establish effective security protocols. When people talk
about managing various types of mobile devices, they usually think about two kinds of challenges:
a. Micro-Challenges (Device Level):
This refers to challenges specific to individual devices, like smartphones or tablets.
b. Macro-Challenges (Organizational Level):
These are challenges at a broader level that organizations face in managing the security of mobile devices
on a larger scale.
 There are several technical hurdles in mobile security that are widely recognized, including things like managing
settings, securing authentication, using cryptography, Lightweight Directory Access Protocol (LDAP) security,
remote access server (RAS) security, media player control security and ensuring the security of networking
application program interfaces (APIs), among others, ensuring the security of network connections, and other
technical aspects. Organizations need to pay attention to these challenges to keep mobile devices and the data they
handle safe.

2.5.1 Mobile Phone Security Threats

Mobile phone security threats generally include:
 Application based threats
 Web-based threats
 Network based threats
 Physical threats
1. Application based threat:
Applications pose a common risk for mobile users as they are the ones that make devices useful. When it comes to apps,
risks range from minor bugs to serious security threats, including malicious apps with the sole purpose of committing
cybercrime.
1. Malicious Apps:
 Some apps may seem okay but secretly have harmful stuff like malware or spyware, aiming to mess up the
device or steal important information.
2. App Permissions Abuse:
 Certain apps ask for too many permissions, possibly accessing personal data or device functions without
the user knowing or agreeing.
3. Malware (Malicious Software):
 Malware is bad software that can harm devices, steal personal info, like money or login details, and even
take control of the device for harmful activities.
 Types of Malware:
o Viruses: Replicates and spreads by attaching itself to files or programs.
o Worms: Self-replicating malware that spreads over networks without user interaction.
o Trojans: Appears as legitimate software but contains malicious code.
o Ransomware: Encrypts files or devices and demands a ransom for decryption.
o Spyware: Collects sensitive information without the user's consent.
o Adware: Displays unwanted advertisements.
 Spyware: Spyware is a type of malware that secretly gathers information about a user's activities, browsing habits,
passwords and other personal data without their knowledge or consent. Spyware invades privacy by collecting and
transmitting personal information to third parties, often for advertising or data profiling purposes.
Types of Spyware:
o Key-loggers: Record keystrokes to capture passwords and sensitive information.
o Adware: Displays unwanted advertisements based on user behaviour.
o Tracking Cookies: Monitor and track user browsing habits for targeted advertising.
o Web Beacons: Track user interaction with websites.

2. Web-based threat: According to the widespread usage of mobile phones, which we carry with us all the time and remain
connected to the Internet, so while doing so, they are exposed to a multitude of distinctive web-based threats in addition to
the common risks associated with general Internet usage.
 Phishing Attacks: Cybercriminals create fake websites or e-mails that mimic legitimate ones to trick users into
providing sensitive information such as login credentials, financial data, or personal details.
 Drive-By Downloads: Visiting malicious websites can trigger automatic downloads of malware or unwanted
applications without the user's consent.

3. Network-based threat:
 Mobile devices are often connected to three types of networks—cellular, Wi-Fi, and Bluetooth—making them
vulnerable to various network-based threats.
 Man-in-the-Middle (MitM) Attacks: Attackers intercept and potentially alter communication between the mobile
device and the network, allowing them to eavesdrop, steal data, or inject malicious content.
 Wi-Fi Eavesdropping: Hackers can set up fake or unsecured Wi-Fi networks to intercept users' data transmitted
over the network.
 Network exploits: Network exploits refer to the utilization of vulnerabilities or weaknesses in a network's security
infrastructure or software to gain unauthorized access, control, or manipulate the network. These exploits can be
executed by cyber attackers to compromise the confidentiality, integrity, or availability of the network, its resources
and the data transmitted across it.
 Wi-Fi sniffing: Wi-Fi sniffing, also known as Wi-Fi packet sniffing or wireless sniffing, is a practice used to capture
and analyze data packets transmitted over a Wi-Fi network. This technique allows someone to intercept, read and
sometimes manipulate the data being sent between devices and access points on a wireless network. While this can
be done for legitimate purposes (e.g., network diagnostics), it can also be used maliciously for capturing sensitive
information.
4. Physical Threats:
 It can happen at any time. Unlike a desktop fixed at your workstation or a laptop stowed in your bag, a mobile
device is vulnerable to various common physical threats.
 Loss or Theft: Losing a mobile device or falling victim to theft can result in unauthorized access to personal data,
financial information, and sensitive accounts unless the device is sufficiently safeguarded.
 Tampering: Manipulating the device physically, including actions like SIM card swapping or hardware tampering,
can provide unauthorized access and potentially compromise the device's security.
Some other Threats: Below are the most common examples of these threats, as well as steps organisations can take to
protect themselves from them:
1. Social Engineering Attacks: Social engineering attacks are when bad actors send fake e-mails (phishing attacks) or
text messages (smishing attacks) to your employees to trick them into handing over private information like their
passwords or downloading malware onto their devices. Reports by cybersecurity firm Lookout and Verizon show a
37% increase in enterprise mobile phishing attacks and that phishing attacks were the top cause of data breaches globally
in 2020.

Phishing/Social engineering Attack/Counter measures: The best defense for phishing and other social engineering
attacks is to teach employees how to spot phishing e-mails and SMS messages that look suspicious and avoid falling
prey to them altogether. Reducing the number of people who have access to sensitive data or systems can also help
protect your organization against social engineering attacks because it reduces the number of access points attackers
must gain access to critical systems or information.

2. Data Leakage via Malicious Apps: Malicious apps are a big worry for mobile security because they pretend to be
helpful but can actually harm your device and steal your data. These apps might look real, but they can secretly send
your information to others, like a competitor, putting your business at risk. Even if the app seems fine, it could be
mining your company data. To stay safe, be careful about giving apps too many permissions, stay informed about risks,
and use security tools to protect against data leaks from these harmful apps.
How to Protect Against Data Leakage: The best way to protect your organization against data leakage through
malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT
admins to manage corporate apps (wipe or control access permissions) on their employees' devices without disrupting
employees' personal apps or data.
3. Unsecured Public WiFi: Using public WiFi can be risky because it's not as safe as your home or work internet. We
don't always know who set it up, if it's protected, or who else is using it. When employees use public WiFi, like in
coffee shops, to connect to work servers, it could be a danger to the company.
For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data
that passes through their system (a 'man in the middle' attack). Here's what that looks like:

How to Reduce Risks Posed By Unsecured Public Wi-Fi: The best way for you to protect your organisation against
threats over public Wi-Fi networks is by requiring employees to use a VPN to access company systems or files. This
will ensure that their session stays private and secure, even if they use a public network to access your systems.

4. End-to-End Encryption Gaps: Think of encryption gaps like a leak in a water pipe. Even if the start (your users'
devices) and end (your systems) of the pipe are safe, a hole in the middle lets bad actors get to the water flowing in
between. Unprotected public Wi-Fi is a common example of this gap, making it risky for organizations. When your
employees use unsecured Wi-Fi, cybercriminals might sneak in and grab the information passing between devices and
your systems. It's not just Wi-Fi; any unprotected app or service can be an entry point for these bad actors. For example,
using unsecured messaging apps for work discussions could be a way in for cybercriminals to access important company
data.

Ensure everything is Encrypted: For any sensitive work information, end-to-end encryption is a must. This includes
ensuring any service providers you work with encrypt their services to prevent unauthorized access, as well as ensuring
your users' devices and your systems are encrypted as well.

5. Poor Password Habits: A 2020 study by Balbix found that 99% of the people surveyed reused their passwords between
work accounts or between work and personal accounts. Unfortunately, the passwords that employees are reusing are often
weak as well. For example, a 2019 study by Google found that 59% of the people they surveyed used a name or a birthday
in their password and 24% admitted to using a password like one of these below:

These bad password habits present a threat to organizations whose employees use their personal devices to access company
systems. Since both personal and work accounts are accessible from the same device with the same password, it simplifies
the work a bad actor must do to breach your systems.

2.7 AUTHENTICATION SERVICE SECURITY

 Authentication is the procedure of recognizing someone's identity by assuring that the person is the similar as what
it is claiming for.
 It can be used by both server and client. The server uses authentication when someone needs to access the data
and the server required to understand who is accessing the data. The client uses it when it is needed to understand
that it is the same server that it claims to be.
 The authentication by the server is completed mostly by utilizing the username and password. There are other
methods of authentication by the server that can also be completed using cards, retina scans, voice identification
and fingerprints.
 Authentication primarily establishes the identity of a person or system, rather than specifying the actions or
documents they can access or manipulate within a given process.
 Making sure users are who they say they are is really important for keeping mobile devices safe, like those handy
Personal Digital Assistants (PDAs). The usual way we check this involves having a central list of user identities.
But this gets tricky when we want to confirm users in different areas. This setup causes problems for systems that
want to securely let users access important, private info, and personalized services on their mobile devices.
 To make sure a user is who they claim to be, we need to spread out the process of confirming their identity. Different
parts of the system must work together to check a user. The authentication service is like a guard making sure that
messages are accurate. For example, when you get a warning or alarm, the authentication service's job is to convince
you that the message truly comes from the claimed source.
There are different types of authentication systems which are:
1. Single-Factor authentication: This was the first method of security that was developed. On this authentication system,
the user must enter the username and the password to confirm whether that user is logging in or not. Now if the username
or password is wrong, then the user will not be allowed to log in or access the system.
Advantage of the Single-Factor Authentication System:
  It is a very simple to use and straightforward system.
 It is not at all costly.
 The user does not need any huge technical skills.
The disadvantage of the Single-Factor Authentication
 It is not at all password secure. It will depend on the strength of the password entered by the user.
 The protection level in Single-Factor Authentication is much low.

2. Two-factor Authentication: In this authentication system, the user must give a username, password and other
information. There are various types of authentication systems that are used by the user for securing the system. Some of
them are: - wireless tokens and virtual tokens. OTP and more.
Advantages of the Two-Factor Authentication
 The Two-Factor Authentication System provides better security than the Single- factor Authentication system.
 The productivity and flexibility increase in the two-factor authentication system.
 Two-Factor Authentication prevents the loss of trust.
Disadvantages of Two-Factor Authentication:
 It is time-consuming.

3. Multi-factor authentication system: In this type of authentication, more than one factor of authentication is needed.
This gives better security to the user. Any type of keylogger or phishing attack will not be possible in a Multi-Factor
Authentication system. This assures the user, that the information will not get stolen from them.
The advantage of the Multi-Factor Authentication System are:
 No risk of security.
 No information could get stolen.
 No risk of any key-logger activity.
 No risk of any data getting captured.
The disadvantage of the Multi-Factor Authentication System are:
 It is time-consuming.
 It can rely on third parties.
The main objective of authentication is to allow authorised users to access the computer and to deny access to unauthorised
users. Operating Systems generally identify/authenticates users using the following 3 ways: Passwords, Physical
identification and Biometrics.
These are explained as following below.
1. Passwords: Password verification is the most popular and commonly used authentication technique. A password
is a secret text that is supposed to be known only to a user. In a password-based system, each user is assigned a
valid username and password by the system administrator. The system stores all usernames and Passwords. When
a user logs in, their user's name and password are verified by comparing them with the stored login name and
password. If the contents are the same then the user is allowed to access the system otherwise it is rejected.
2. Physical Identification: This technique includes machine-readable badges (symbols), cards, or smart cards. In
some companies, badges are required for employees to gain access to the organisation's gate. In many systems,
identification is combined with the use of a password i.e. the user must insert the card and then supply his/her
password. This kind of authentication is commonly used with ATMs. Smart cards can enhance this scheme by
 keeping the user password within the card itself. This allows authentication without the storage of passwords in the
computer system. The loss of such a card can be dangerous.
3. Biometrics: This method of authentication is based on the unique biological characteristics of each user such as
fingerprints, voice or face recognition, signatures and eyes.
4. Facial Characteristics: Humans are differentiated based on facial characteristics such as eyes, nose, lips, eyebrows
and chin shape.
5. Fingerprints: Fingerprints are believed to be unique across the entire human population.
6. Hand Geometry: Hand geometry systems identify features of the hand that includes the shape, length and width
of fingers.
7. Retinal pattern: It is concerned with the detailed structure of the eye.
8. Signature: Every individual has a unique style of handwriting and this feature is reflected in the signatures of a
person.
9. Voice: This method records the frequency pattern of the voice of an individual speaker

2.7.1 Types of Authentication Protocols

User authentication is the first most priority while responding to the request made by the user to the software application.
There are several mechanisms made which are required to authenticate the access while providing access to the data. In this
blog, we will explore the most common authentication protocols and will try to explore their merits and demerits.
1. Kerberos:
 Kerberos is a safety protocol for ensuring secure user and service authentication over the Internet. Developed by
MIT, it's a standard in Windows and Unix-like systems.
 Kerberos Prevents eavesdropping and replay attacks for secure communication. It Validates clients and servers using
cryptographic keys.
 MIT provides Kerberos openly, used in various mass-produced products. Ensures strong authentication while
supporting applications.
 Kerberos Serves as a network security protocol for authenticating service requests over the internet. Uses secret-key
cryptography, trusting a third party for user and application authentication.
 Operates through a central authentication server (Key Distribution Center - KDC). The Authentication Server and
its database are vital for authenticating clients. Recognizes every user and service on the network as a principal.
Key components of Kerberos include:
 Authentication Server (AS): The AS handles initial authentication and issues a ticket for the Ticket Granting
Service.
 Database: The Authentication Server cross-checks users' access rights using the database.
 Ticket Granting Server (TGS): The TGS is responsible for issuing tickets to access specific servers.
Kerberos Overview:
 Step 1: The user logs in and requests services from the host, initiating a request for the ticket-granting service.
 Step 2: The Authentication Server confirms the user's access rights by consulting the database and then issues a
ticket-granting-ticket along with a session key. This information is encrypted using the user's password.
 Step 3: Upon decryption using the user's password, the ticket is sent to the Ticket Granting Server. The ticket
includes authenticators like usernames and network addresses.
  Step 4: The Ticket Granting Server decrypts the received ticket and verifies the request using the authenticator.
Subsequently, it generates a ticket for the requested services from the Server.
 Step 5: The user forwards the ticket and authenticator to the Server.
 Step 6: The server validates the ticket and authenticators, granting access to the requested service. Following this,
the user can utilise the services.

Some advantages of Kerberos:

 It supports various operating systems.
 The authentication key is shared much efficiently than public sharing.
Some disadvantages of Kerberos:
 It is used only to authenticate clients and services used by them.
 It shows vulnerability to soft or weak passwords.

2. Lightweight Directory Access Protocol (LDAP):

 LDAP stands for Lightweight Directory Access Protocol. It's a way of finding and organizing information about
people, organizations, and devices on a network, whether it's the public internet or a corporate network.
 The Lightweight Directory Access Protocol (LDAP) is an open and standard application protocol used for accessing
and maintaining distributed directory information services over an Internet Protocol (IP) network.
 It's like a directory service, often used in big companies to keep track of users, devices, and applications in one
central place.
 LDAP is crucial for tasks like making sure people are who they say they are, giving them permission for certain
things, and managing information in different systems.
 It's also the foundation for Microsoft's Active Directory.
Some advantages of LDAP:
 It is an automated protocol which makes it modernising easier.
 It supports existing technologies and allows multiple directories.
Some disadvantages of LDAP:
 It requires the experience of deployment.
 The directory servers are required to be LDAP obedient for deployment.

3. OAuth2:
 OAuth2 is an authorization framework that enables users to grant limited access to their accounts through an HTTP
service. When a user wants access to certain resources, an API call is made, and an authentication token is passed.
 In OAuth 2.0, which stands for Open Authorization 2.0, third-party applications can access user data without needing
the user's login credentials. This protocol is commonly used to securely and selectively provide access to resources in
client-server applications, particularly over the internet.
 OAuth 2.0 sets up a structure for authorization, allowing applications to interact securely and access specific user data
without exposing sensitive login information.
Some advantages of OAuth2:
 It is a simple protocol and is easy to implement.
 It provides server-side authorisation of code.
Some disadvantages of OAuth2:
 It is vulnerable to manage different sets of code.
 It shows serious effects on sites connected to another affected system.

4. SAML: Security Assertion Markup Language (SAML)

 SAML stands for Security Assertion Markup Language.
 It's a type of language, represented in XML format, used for securely sharing information about authentication and
authorization between different parties.
 SAML is designed for situations, especially on the internet, where different web-based applications and services
need to exchange information about who you are (authentication) and what you can do (authorization).
 SAML enables something cool called Single Sign-On (SSO). With SSO, you only need to log in once, and then
you can access multiple applications without entering your credentials again.
 Imagine logging into your email. Instead of separately logging into every app (like calendar, chat, etc.), SSO using
SAML allows you to log in once and seamlessly access all these services.
 SAML is commonly used in Identity and Access Management (IAM) systems. IAM systems use SAML to make
sure only the right people have access to the right things, enhancing security. It also makes life easier for users by
reducing the number of logins.
 The information exchanged between parties is written in XML. XML is like a structured language that computers
can easily read and understand.
 Example: When you log into a platform with your Google or Facebook account and then access other linked apps
without logging in again, it's a bit like SAML in action. Your authentication and authorization information is
securely shared between the services.
 Thus, SAML is a language that helps web-based services talk to each other about who you are and what you can
do, making your online experience more secure and convenient, especially when it comes to logging in once and
accessing multiple services seamlessly.

Some advantages of SAML:

 It reduced the administrative costs for the end-users.
 It provides a single sign-in for authenticating across service providers.
Some disadvantages of SAML:
 It is dependent on the identity provider.
 All the data is managed in a single XML format.

5. Radius:
 RADIUS stands for Remote Authentication Dial-In User Service. It's a networking protocol that centrally manages
Authentication, Authorization, and Accounting (AAA) for users connecting to network services.
 RADIUS is like a gatekeeper for network access. It ensures that only authorized users can connect to a network and
defines what they're allowed to do.
  When a user wants to access network resources (like logging into a Wi-Fi network or a VPN):
o The user provides their credentials (username and password).
o RADIUS server encrypts these credentials for security.
 The encrypted credentials are then sent to the RADIUS server. The RADIUS server checks these credentials against
a local database to verify the user's identity.
 If the credentials are valid, the RADIUS server informs the network device (like a router or switch) to grant access.
If invalid, access is denied.
 RADIUS manages AAA:
o Authentication: Verifying the user's identity.
o Authorization: Determining what the user is allowed to do.
o Accounting: Keeping track of usage for billing or auditing purposes.
 RADIUS is widely used in networking, especially for controlling access to network resources. It's commonly
employed in scenarios like Wi-Fi authentication, VPN access, or securing access to enterprise networks.
 RADIUS provides a centralized system for managing user access across different network devices. This makes it
efficient for large-scale network management.
 RADIUS is a protocol that ensures secure and controlled access to network resources by authenticating users,
authorizing their actions, and accounting for their usage. It plays a crucial role in maintaining the security and
efficiency of network services.

Some advantages of Radius:

 It is a great mechanism for providing multiple access for Admins.
 It provides a unique identity to each user in a session.
Some disadvantages of Radius:
 Initial implementation for this mechanism is hard on hardware.
 It has a variety of models that may require a special team which is cost consuming.

6. X.509 Authentication Service:

 X.509 is a digital certificate standard used for authentication. It's built on the ITU (International Telecommunication
Union) X.509 standard, defining the format of Public Key Infrastructure (PKI) certificates.
 X.509 certificates are digital certificates used for secure transaction processing and protecting private information.
They play a crucial role in ensuring security and identity in computer networking and internet-based communications.
 X.509 relies on digital certificates, specifically public key certificates. These certificates are assumed to be generated
by a trusted certification authority (CA) and placed in a directory accessible to users.
 Each user is associated with a public key certificate. These certificates are stored in a directory server, making it easy
for users to obtain them.
 X.509 is built on an IDL (Interface Definition Language) known as ASN.1 (Abstract Syntax Notation). The X.509
certificate format uses a pair of associated public and private keys for encrypting and decrypting messages.
 Once a user receives their X.509 certificate from the certification authority, it serves as an identity card. Unlike
unsecured passwords, the certificate is less prone to theft or loss.
 The X.509 certificate is presented as proof of identity when accessing a resource that requires authentication. It acts
as a secure and reliable method of authenticating users, ensuring the integrity and security of transactions.
 You can think of the X.509 certificate as an identity card. When you need to access a resource, you present your
certificate as proof of your identity, similar to showing an identity card.
 X.509 certificates enhance security by using a trusted certification authority, making them a more secure method
compared to traditional passwords.
 X.509 Authentication Service relies on digital certificates to provide a secure and trusted method of authentication.
Each user has a unique certificate, and the presentation of this certificate acts as a reliable proof of identity when
accessing secured resources.
Generally, the certificate includes the elements given below:
1) Version number: It defines the X.509 version that concerns the certificate.
2) Serial number: It is the unique number that the certified authority issues.
3) Signature Algorithm Identifier: This is the algorithm that is used for signing the certificate.
4) Issuer name: Talks about the X.500 name of the certified authority which signed and created the certificate.
5) Period of Validity: It defines the period for which the certificate is valid.
6) Subject Name: Talks about the name of the user to whom this certificate has been issued.
7) Subject's public key information: It defines the subject's public key along with an identifier of the algorithm for
which this key is supposed to be used.
8) Extension block: This field contains additional standard information.
9) Signature: This field contains the hash code of all other fields which is encrypted by the certified authority private
key.
Applications of X.509 Authentication Service Certificate:
Many protocols depend on X.509 and it has many applications, some of them are given below:
 Document signing and Digital signature.
 Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates.
 Email certificates.
 Code signing.
 Secure Shell Protocol (SSH) keys.
 Digital Identities.