Download presentation
Presentation is loading. Please wait.
Published byShannon Heath Modified over 9 years ago
1
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies
2
Wireless Value Chain Many players involved…. –Terminal Manufacturer –SIM Manufacturer –Infrastructure Manufacturer –Mobile Operator –Virtual Mobile Operator –Systems Integrator –Middleware Provider –Content Provider / Service Provider –Wireless Application Service Provider –Consumer Depending on the Trust model being adopted any number of these players may/may not be involved in the registration process. Solution providers must design, develop and deliver a range of products or modules to address the variety of registration scenarios.
3
Registration Impacters Public Root / Private Root Insource / Outsource Anonymous / Bound Device / Central Keygen Single / Multiple Terminal Token / No-Token Combinations Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process. Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process.
4
Key & Cert Insertion Phone Manufacturer Card Manufacturer Mobile Operator End user CA root key and/or certificate may be placed in firmware mask from an image file provided by Certificate Authority CA root key and/or certificate may be placed on SIM from an image file provided by Certificate Authority End User key-pairs pre-generated and stored on SIM Anonymous / Prepaid Certificates End User enrollment at Mobile Operator: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. End User enrollment Over the Air: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Service Provider End User enrollment at Service Provider: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Mobile device users will be able to join new Trust models at any time with OTA provisioning, however the process must be simple and intuitive as the registration is dependant on the ability of the user.
5
Registration Objectives Enable requests for authentication certificates Enable requests for authorization (signing) certificates Permit configurable methods of certificate storage/usage Permit massive scalability
6
WPKI Specification Created to permit a standardized method for obtaining certificates for the purposes of authentication & authorization in m-commerce transactions Much more… While the wireless industry is comprised of much more than just WAP solutions the WAP specifications are evolving to deliver the most standardized approach to registration processing.
7
WPKI Products Enable requests for authentication certificates for WTLS client authentication Enable requests for authorization certificates for application level transaction signing Determine validity of information contained in the certificate request Communicate with the CA for certificate signing
8
WPKI Products Respond to the Mobile Equipment (ME) by: –Returning the certificate directly to the device including a display name for which the certificate is valid –Or, returning a certificate information structure for later retrieval of the certificate from a repository and a display name for which the certificate is valid –Or, confirming the receipt of the HASH of the mobile devices users Public Key
9
WPKI Products Support HTTP and LDAP URL formats Support WPKI, WTLS, X.509v3, PKIX & HTTPS standard interfaces Deliver detailed error and status reporting Deliver performance, scalability and robustness
10
Simplified Registration Scenario Mobile Equipment Registration Portal Certificate Authority Certificate Repository WTLS Handshake Registration Page Get Request Verify POP Format Message Sign Message Call CA Verify Signature Map User DN LDAP Add CA Add Get Cert LDAP Write Cert Get Response Send to M.E.
11
Complications Who owns the Trust model? Who performs first time interaction? Who is running the gateway / server / portal? What is the user experience across differing mobile equipment?
12
Summary Easy, consistent registration is critical to guide the user through their first contact with the wireless Internet. A Standardized approach to registration is the only way to ensure that experience is a good one. The wireless Internet will eclipse the wired Internet in scope, but only if we all work to make the necessary security as transparent as possible.
13
Thank you! Ian Gordon Entrust Technologies Limited Tel: +1 613 247 2573 Email: ian.gordon@entrust.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.