Certicom MobileTrust™: PKI for Mobile and Wireless Systems John Kennedy Director of PKI Product Marketing April, 2000.

Slides:

Advertisements

Similar presentations

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

PKI -An Industry Perspective Lisa Pretty Executive Director.

Cryptography and Network Security

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Advances in Card Solutions 7 th Annual CACR April 25, th Annual CACR April 25, 2001.

Lecture 23 Internet Authentication Applications

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

A Survey of WAP Security Architecture Neil Daswani

The Internet & The New IT Infrastructure Chapter 9.

Principles and Learning Objectives

Robin Estabrooks Computer Science 1631, Winter 2011.

9 Lecture The Wireless Revolution. Identify the principal wireless transmission media and devices, cellular network standards and generations, and standards.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

02/12/00 E-Business Architecture

Wireless Village (WV) Mobile IMPS ( Instant Messaging and Presence Services) Reporter : Allen.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.

Management Information system E-commerce E-business Supervised by: Miss : Rasha Ragheb Atallah Presentation provided by: Salah Imad AlQady Ramzy Shafeeq.

Public Key Infrastructure from the Most Trusted Name in e-Security.

National Discount Broker Site Compromised “National Discount Brokers’ site, which has 200,000 customers, was down for more than an hour Thursday as company.

Mobile commerce Yuri kang.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Starfish/Motorola Confidential 1 September 8, 2015 Starfish/Motorola Confidental Overview Starfish Software, Inc. Bob Koche (Ko-chee) Director of Partner.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1 An Introduction to Electronic Commerce Electronic commerce: conducting business activities (e.g., distribution, buying, selling, marketing, and servicing.

1 Driving Convergence Harel Kodesh Vice President Productivity Appliances Division Microsoft Corporation.

PKI interoperability and policy in the wireless world.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

M-COMMERCE M-Commerce & E-Commerce BY JYOTINDRA ZAVERI W-www Consultant M-Commerce & E-Commerce BY JYOTINDRA ZAVERI W-www Consultant.

Public Key Infrastructures and mCommerce Baltimore’s offerings for wireless technologies.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Secure Mobile Banking Enabling the Collaborative Customer Experience.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Web Security : Secure Socket Layer Secure Electronic Transaction.

Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.

Performix Business Services Converging to Unified Messaging With convergence of telephony, computer and multimedia communication becoming a realistic vision,

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,

Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive.

CISC 849 : Applications in Fintech Cybersecurity in Banking.

Using Public Key Cryptography Key management and public key infrastructures.

© 2002 ConnecTerra, Inc. ConnecTerra Confidential/Proprietary.

Business Applications– Using Java _____ Presented by Priya Saha.

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

OPERATING SYSTEMS.

EMTM 553 Electronic Commerce Systems

Public Key Infrastructure from the Most Trusted Name in e-Security

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

Presentation transcript:

Certicom MobileTrust™: PKI for Mobile and Wireless Systems John Kennedy Director of PKI Product Marketing April, 2000

Presentation Overview Wireless and Mobile PKI Requirements, Demand, and Growth Opportunity Certicom’s MobileTrust™ Initiative Open Challenges

Certicom’s Mission Security for mobile e-business Certicom enables mobile e-commerce and e-business applications like shopping, banking, brokerage, , payments, and healthcare

Market Size Mobile market growth is phenomenal  $66b in wireless e-commerce in 2003 (IDC)  1b mobile phones by 2003

Mobile Growth Number of Non-PC Devices Accessing the Internet4% 43% Source: IDC Research Smartphones, handheld computers, television set-top boxes, pagers, etc.

Mobile Enterprise Connectivity Objective: Extend enterprise data to a mobile sales force Motivation:  Faster feedback  Better decisions  Lower costs Challenges:  The best info is the most sensitive  Existing data frameworks  Form factors

Wireless e-Commerce Objective: Enable banking, stock trading, and online shopping anywhere and any time. Motivation:  PC use saturated at 30%  Availability = more transactions  Service differentiation Consumer impulse buying Trader alerts Challenges:  Fraud (user authentication)  Privacy (consumer behavior tracking)

Mobile Devices Objective: Web-enable the rest of the world Motivation:  Non-PC Web devices expected to reach 43% by 2002  New services, transaction-based revenues  Customer loyalty and management Challenges  Low cost, low margin devices  Need the same security as PCs  Require better packaging, reliability and support than PCs

Where is strong authentication and user accountability needed? Secure Stock Trading On-line Banking Enterprise Data Access. Secure Messaging Healthcare Mobile Lifestyle, Personal Info Mobile phones, pagers, and PDA’s will be platforms of choice.

Certicom Security Solutions for Mobile Environments ECC-based signing from mobile devices in wireless networks. ECC-based security protocols with strong server and strong client authentication.

Certicom Mobile Security Technology Licensees Palm Computing AvantGo Puma Riverbed Advance Systems Extended Systems Confinity Infowave Qualcomm RIM 724 Solutions Aether Systems Newcom ePhysician iScribe PlanetRX Sybase Bell South Motorola JP Systems

Certicom OEM Customer Requirements “We love your ECC-based crypto and security protocol technology.” “We want the PKI-based identity management infrastructure.” “PKI is too expensive or too complicated to build ourselves.” If we build it, they will come…

MobileTrust™ Goals MobileTrust™ announced Jan Deliver a full suite of PKI products and services for mobile and wireless markets. Develop a set of ECC-based certification authorities. Address an unaddressed market with tremendous growth potential.

Certicom PKI Product Set MobileTrust™  Outsourced Certification Authority (CA) service  Accompanied by semi-custom RA, client/server toolkits, PKI integration services Trustpoint ® PKI Technology Base  PKI toolkits for OEM developers  CA, RA, EE, RP applications and components in Java and C++

MobileTrust™ - Complete Mobile Security Solutions MobileTrust CA Service  Run by Certicom for OEM customers, service operators, enterprises and end users MobileTrust RA Platform  Run by enterprise to administer certificates. Calls on MobileTrust CA to issue certificates Client and Server Security Toolkits  PKI Clients (EE/RP functions), SSL Plus, WTLS Plus, and other Certicom security products. MobileTrust PKI Integration Services  Expert consulting and PKI Integration to fit MobileTrust to existing business logic and information systems

MobileTrust™ Hierarchy

MobileTrust Features Standards compliance  ANSI X9.62 ECDSA (signature standard)  IETF PKIX (X.509, CMP, CRMF)  WAP PKI (cert profiles, protocols)  LDAP-accessible repositories

MobileTrust Features (continued) Assurance  SAS-70 (service reliability audit)  FIPS Level 3,4 (security environment)  NIST and ABA ISC PKI Security Guidelines

MobileTrust Features (continued) Interoperability  Is “Interoperable Security Components” an oxymoron?  Customer want to choose best-of-class PKI components. PKI investment preservation.  Interoperability is good for overall PKI market growth.  Interoperability cost/value not always well- understood.  Participation in PKI Forum, Radicchio, other fora.

MobileTrust Features (continued) Scalability  Immediate need is server certificates  Long-term emphasis is on client certificates  We anticipate 100: :1 ratio of client certificates to server certificates.  Scalability requirements drive database, directory, and RA distributability needs.  MobileTrust being designed to handle 100 million certificates/year.

MobileTrust™ Registration Authorities Based upon Trustpoint™ CA/RA Java Bean-based policy engine architecture. Anticipates need for customization to accommodate unique identity capture and vetting requirements Communicates with end-entities using PKIX CMP, WAP, and PKCS-10 based protocols

PKI Client Basic Cryptography: ECC, RSA, DES, RC4, SHA1, etc Key Store: Secret keys and Certificates Certificate Protocols: Request, Revoke, Renew Security Protocols: *SSL Plus *IPSEC Plus *WTLS Plus *Palm VII OPP *E-commerce wallet *Text Signing GUI - security icons, locks, etc.

PKI Client Platforms Palm platform devices  Palm, Nokia, Sony,TRG, Handspring Cell Phones Paging devices  RIM, Bellsouth networks Embedded Systems

Mobile PKI Special Requirements Ultra-thin clients, mobile code Integration with wireless-friendly security protocols. (e.g., WTLS) Roaming identity services Platform and channel heterogeneity.

Mobile Security Challenges Better authentication protocols  User assertive -- mutual authentication by default. Client authentication at multiple layers. End-point security: secure O/S, trusted path, platform integrity. End-to-end security instead of gateways and proxies. Secure audit capability at client.

MobileTrust ™ Summary Managed Certificate Services Features  CA Service for industry standard elliptic curve certificates  100% Java-based RA platform  Compatibility with SSL Plus and WTLS Plus products  PKI client software for handhelds  OEM and Enterprise integration services Benefits  Guaranteed PKI service: 24x7 operation  Signed business transactions on mobile systems in wireless networks  Rapid time-to-market for mobile e-business applications

Questions?