Converging%20Technologies:%20Internet%20Appliances%20and%20Wireless%20PKI

1
Converging TechnologiesInternet Appliances and
Wireless PKI
Ron VandergeestGroup Manager - Internet
Appliance SecurityEntrust Technologies
Thursday, April 13th 2000, 130 p.m.
2
Agenda

• Technology Trends
• WAP Overview
• WAP Security Architectures
• Wireless PKI and Entrust
• Non-WAP Environments
• Questions

3
Technology Trends

• Wireless devices are getting smarter
• Wireless coverage is improving
• Reliance on Internet-based information and
  services is growing
• However
• Mobile devices lack the power of PCs
• Wireless communication lacks the reliability of
  wired networks
• Mobile devices are display constrained

4
Adapting Securityto Appliances

• Short message and certificate formats
• Datagram-based messaging
• Short-lived server certificates
• Increased reliance on trusted gateways or proxies
• Algorithms optimized for mobile devices

OTA protocol
OTW protocol
Gateway
Server
terminal
5
Wireless Applications

• Targeted applications with varying levels of
  security required
• Less browsing, more time- or location-sensitive
  services
• Low security services weather, movie listings,
  packaged public information
• Authentication-based services viewing personal
  data, messaging
• Non-repudiation-based services stock trades,
  financial transactions

6
Wireless ApplicationProtocol (WAP)

• A suite of standards enabling the efficient
  delivery of information and services to mobile
  users

Application Layer (WAE)
Other Services and Applications
WMLScript
Session Layer (WSP)
Transaction Layer (WTP)
Security Layer (WTLS)
WTLS
Transport Layer (WDP)
Bearers
7
TLS and WTLS

• WTLS is a variant of TLS optimized for
• use in wireless applications

8
WAP 1.1Security Architecture
WTLS
SSL/TLS
terminal
WAPGateway
Server
CA
PKI portal
9
Enabling WTLSClass 2 Security
terminal
WAPGateway
Server
CA
PKI portal
10
WAP 1.2Security Architecture
WML Signature
WTLS
SSL/TLS
terminal
WAPGateway
Server
WTLS Auth
WML Sign
CA
PKI portal
repository
11
Enabling WTLSClass 3 Security
terminal
WAPGateway
Server
WTLS Auth
CA
PKI portal
repository
12
Enabling WMLSignText Security
terminal
WAPGateway
Server
WML Sign
WTLS auth
CA
PKI portal
repository
13
WAP 1.3 End-to-EndSecurity Architecture
WTLS
WML Signature
WTLS
Server
terminal
WAPGateway
Master pull proxy
WTLS Auth
WML Sign
CA
PKI portal
repository
14
WAP 1.3 End-to-EndSecurity Architecture
Server
terminal
WAPGateway
Master pull proxy
WTLS Auth
WML Sign
CA
PKI portal
repository
15
Wireless PKI and Entrust

• A PKI platform that can issue certificates for
  e-business, WAP, Web, and VPN applications
• WTLS Toolkit for WAP gateways/servers
• Entrust.net and Entrust_at_YourService trust
  services
• Enrolment wizards and certificate managers for
  gateways and servers
• PKI portals for client certificates
• Manufacturer PKI for OEM applications

16
EntrustCertificate Managers
Gateway
Server
terminal
CM
CM
Entrust.net

• CM functions
• certificate enrolment
• certificate renewal
• short-lived certificate management

17
Non-WAP EnvironmentsExample RIM 2 way
pagere-Commerce Architecture
BlackBerry pager
Wireless carrier
E-Commerce Server
RIM SWS
RA
Entrust/PKI
18
Mobile Commerce Trends XML-based portals mapping
content and services to a variety of devices
2-way pager
Web server
XML
Device specific trans- formers
XML adapters
Portal Engine
XML
Web browser
XML
Database
XML
WAP phone
XML
Other content
XML
Set-top box
XML
Database
19
Mobile Commerce Security Trends

• Location and proximity based services must
  balance convenience with privacy
• use of mobile devices as authentication/payment
  terminals will drive device certificate usage
• requirement for complementary services such as
  code signing and digital rights management as
  devices download increasingly diverse content

20
Summary

• Internet appliances have unique security
  requirements and constraints
• Entrust Technologies is actively meeting the
  needs of both WAP and non-WAP environments
  through partnerships, products, and services
• Thank You!
• Questions ?