Presentation is loading. Please wait.

Presentation is loading. Please wait.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Published byShannon Heath Modified over 8 years ago

Similar presentations

Presentation on theme: "Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies."— Presentation transcript:

1 Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies

2 Wireless Value Chain Many players involved…. –Terminal Manufacturer –SIM Manufacturer –Infrastructure Manufacturer –Mobile Operator –Virtual Mobile Operator –Systems Integrator –Middleware Provider –Content Provider / Service Provider –Wireless Application Service Provider –Consumer Depending on the Trust model being adopted any number of these players may/may not be involved in the registration process. Solution providers must design, develop and deliver a range of products or modules to address the variety of registration scenarios.

3 Registration Impacters Public Root / Private Root Insource / Outsource Anonymous / Bound Device / Central Keygen Single / Multiple Terminal Token / No-Token Combinations Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process. Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process.

4 Key & Cert Insertion Phone Manufacturer Card Manufacturer Mobile Operator End user CA root key and/or certificate may be placed in firmware mask from an image file provided by Certificate Authority CA root key and/or certificate may be placed on SIM from an image file provided by Certificate Authority End User key-pairs pre-generated and stored on SIM Anonymous / Prepaid Certificates End User enrollment at Mobile Operator: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. End User enrollment Over the Air: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Service Provider End User enrollment at Service Provider: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Mobile device users will be able to join new Trust models at any time with OTA provisioning, however the process must be simple and intuitive as the registration is dependant on the ability of the user.

5 Registration Objectives Enable requests for authentication certificates Enable requests for authorization (signing) certificates Permit configurable methods of certificate storage/usage Permit massive scalability

6 WPKI Specification Created to permit a standardized method for obtaining certificates for the purposes of authentication & authorization in m-commerce transactions Much more… While the wireless industry is comprised of much more than just WAP solutions the WAP specifications are evolving to deliver the most standardized approach to registration processing.

7 WPKI Products Enable requests for authentication certificates for WTLS client authentication Enable requests for authorization certificates for application level transaction signing Determine validity of information contained in the certificate request Communicate with the CA for certificate signing

8 WPKI Products Respond to the Mobile Equipment (ME) by: –Returning the certificate directly to the device including a display name for which the certificate is valid –Or, returning a certificate information structure for later retrieval of the certificate from a repository and a display name for which the certificate is valid –Or, confirming the receipt of the HASH of the mobile devices users Public Key

9 WPKI Products Support HTTP and LDAP URL formats Support WPKI, WTLS, X.509v3, PKIX & HTTPS standard interfaces Deliver detailed error and status reporting Deliver performance, scalability and robustness

10 Simplified Registration Scenario Mobile Equipment Registration Portal Certificate Authority Certificate Repository WTLS Handshake Registration Page Get Request Verify POP Format Message Sign Message Call CA Verify Signature Map User DN LDAP Add CA Add Get Cert LDAP Write Cert Get Response Send to M.E.

11 Complications Who owns the Trust model? Who performs first time interaction? Who is running the gateway / server / portal? What is the user experience across differing mobile equipment?

12 Summary Easy, consistent registration is critical to guide the user through their first contact with the wireless Internet. A Standardized approach to registration is the only way to ensure that experience is a good one. The wireless Internet will eclipse the wired Internet in scope, but only if we all work to make the necessary security as transparent as possible.

13 Thank you! Ian Gordon Entrust Technologies Limited Tel: +1 613 247 2573 Email: ian.gordon@entrust.com

Download ppt "Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Safe Script CA Digital Certificate Enrollment Guide With

Safe Script CA Digital Certificate Enrollment Guide With
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
Cryptography and Network Security

Cryptography and Network Security
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani

Similar presentations

Ads by Google