|
Wireless &
Mobile Computing Security
Product & Technology
Solutions for Security in Wireless Computing
For Wireless LAN security issues,
go here.
PKI (Public Key Infrastructure)
deploys encrypted channels to identify
users and companies through the use of certificates. VeriSign Inc. of Mountain View,
California and Xcert International Inc. are now offering products based on
PKI. Now, they address wireless connections as well.
Certicom, a
major wireless security vendor, is now (2001) offering a single security
framework called Trustpoint, based on PKI. Trustpoint is designed to allow
enterprise installations to manage both wired and wireless digital certificates
within the same framework. Trustpoint has three major components. The first
component - the Trustpoint Certificate Authority Server issues standards-based
certificates. The second component, the Trustpoint PKI portal, lets
organizations register users for certificates and the third component,
Trustpoint Client software, communicates with certificate authority
components The mobile or client component will issue certificates to
hand-held and wireless devices using Certicom's ECC technology. ECC is an
efficient encryption technology especially suitable for small silicon footprint
of handheld devices. PKI portal is where you interface with WAP gateway
software. The so called "WAP GAP" security hole continues to be a
problem. This "WAP GAP" refers to a small amount of time the data
moves from a WAP gateway to ISP's web server where web server's SSL security
takes over. For more information on Certicom's ECC (Elliptical Curve Cryptograms) Security
Product, go here.
Briefly, Trustpoint employs both ECC and RSA
security algorithms to authenticate certificates. The wireline devices can
continue to use traditional RSA security algorithms, if necessary.
Go to Sonera SmartTrust's site for
info on PKI implementation by Sonera.
Raddichio
is a consortium of eight companies that is addressing
security issues in mobile and wireless computing applications in the financial and banking
industry. Major players are Sonera SmartTrust, Gemplus, EDS, Ericsson, 724 Solutions of
Toronto (www.724solutions.com), Certicom
www.certicom.com , Geoworks Corporation (www.geoworks.com),
Infineon Technologies (www.infineon.com), InterClear
Services Ltd. (www.interClear.com), Minick AG,
Mobile Solutions AG www.mobilesolutions.ch), and Setec (www.setec.com).
Nortel's Entrust for Mobile Computing -
On November 15, 1999 –
Entrust Technology Inc., leader in e-commerce solutions, announced its comprehensive
collection of solutions to deliver e-business transactions to the wireless Internet
appliance market. By working with leaders of financial institutions and telecommunications
equipment manufactures, carriers and service providers, Entrust will deliver secure
e-business transactions to mobile Internet appliances from digital mobile phones to
e-commerce servers. Initially, the company will be offering new products and services to
the wireless digital phone market-place.
Entrust’s strategy focuses on extending its proven public-key
infrastructure (PKI) security services and solutions into the wireless e-commerce market.
PKI technology supports both Global System for Mobile (GSM) wireless platform and Wireless
Application Protocol (WAP).
New Entrust/PKI!" and Entrust.net!" services will enable e-businesses
and e-commerce sites to offer secure transactions to their e-business customers and
partners over wireless networks and mobile phones. Customer trials were expected to begin
in December 1999.
Go to http://www.nokia.com/corporate/wap/press_entrust.html
for more info on this topic.
Diversinet - Passport Certificate Server for
wireless m-commerce applications.
Baltimore's Wireless eSecurity product
- go here
RSA - RSA SecureID and RSABSafe products -
go here
Digital Certificates for Wireless
: VeriSign and Motorola have teamed to introduce Short-lived Server
certificate service. Service is integrated with Motorola's WAP
server. It issues new certificate every 24 hours - making it
difficult to crack an encrypted digital certificate. The system
actually validates and renews a digital certificate every 24 hours.
Ubizen's
Multisecure Wireless Guard - central authentication and
authorizing users through an ID and password.
|
