Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.

Installation & User Guide

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Safe Script CA Digital Certificate Enrollment Guide With

Digital Certificate Installation & User Guide For Class-2 Certificates.

MyProxy: A Multi-Purpose Grid Authentication Service

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

WPKI available technology diagram and the business model

Cryptography and Network Security

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

A Survey of WAP Security Architecture Neil Daswani

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

SMS Gateway OZEKI NG Document version: v Adding SMS functionality to SysAid.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Secure Electronic Transaction (SET)

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

TOPICS TO BE DISCUSSED  Mobile Commerce Mobile Commerce  M-Commerce Technology M-Commerce Technology  M-Commerce Services and Applications M-Commerce.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

PKI interoperability and policy in the wireless world.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Module 9: Fundamentals of Securing Network Communication.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Creating and Managing Digital Certificates Chapter Eleven.

WWW Programming Model. WWW Model The Internet WWW architecture provides a flexible and powerful programming model. Applications and content are presented.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

Centralized Authentication Gateway CAG360 for SME

Public Key Infrastructure (PKI)

WAP Public Key Infrastructure

Goals Introduce the Windows Server 2003 family of operating systems

Public Key Infrastructure from the Most Trusted Name in e-Security

Presentation transcript:

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies

Wireless Value Chain Many players involved…. –Terminal Manufacturer –SIM Manufacturer –Infrastructure Manufacturer –Mobile Operator –Virtual Mobile Operator –Systems Integrator –Middleware Provider –Content Provider / Service Provider –Wireless Application Service Provider –Consumer Depending on the Trust model being adopted any number of these players may/may not be involved in the registration process. Solution providers must design, develop and deliver a range of products or modules to address the variety of registration scenarios.

Registration Impacters Public Root / Private Root Insource / Outsource Anonymous / Bound Device / Central Keygen Single / Multiple Terminal Token / No-Token Combinations Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process. Registration will be the mobile users first experience with the wireless Internet. Failure to deliver an easy to use and automated registration process will provoke frustration and a decision point. Great care and attention must be placed on the design of your registration process.

Key & Cert Insertion Phone Manufacturer Card Manufacturer Mobile Operator End user CA root key and/or certificate may be placed in firmware mask from an image file provided by Certificate Authority CA root key and/or certificate may be placed on SIM from an image file provided by Certificate Authority End User key-pairs pre-generated and stored on SIM Anonymous / Prepaid Certificates End User enrollment at Mobile Operator: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. End User enrollment Over the Air: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Service Provider End User enrollment at Service Provider: End User Encryption Public Key and Verification Public Key sent to Certificate Authority for “binding” to certificates. Returned certificates stored on SIM or on the network. Mobile device users will be able to join new Trust models at any time with OTA provisioning, however the process must be simple and intuitive as the registration is dependant on the ability of the user.

Registration Objectives Enable requests for authentication certificates Enable requests for authorization (signing) certificates Permit configurable methods of certificate storage/usage Permit massive scalability

WPKI Specification Created to permit a standardized method for obtaining certificates for the purposes of authentication & authorization in m-commerce transactions Much more… While the wireless industry is comprised of much more than just WAP solutions the WAP specifications are evolving to deliver the most standardized approach to registration processing.

WPKI Products Enable requests for authentication certificates for WTLS client authentication Enable requests for authorization certificates for application level transaction signing Determine validity of information contained in the certificate request Communicate with the CA for certificate signing

WPKI Products Respond to the Mobile Equipment (ME) by: –Returning the certificate directly to the device including a display name for which the certificate is valid –Or, returning a certificate information structure for later retrieval of the certificate from a repository and a display name for which the certificate is valid –Or, confirming the receipt of the HASH of the mobile devices users Public Key

WPKI Products Support HTTP and LDAP URL formats Support WPKI, WTLS, X.509v3, PKIX & HTTPS standard interfaces Deliver detailed error and status reporting Deliver performance, scalability and robustness

Simplified Registration Scenario Mobile Equipment Registration Portal Certificate Authority Certificate Repository WTLS Handshake Registration Page Get Request Verify POP Format Message Sign Message Call CA Verify Signature Map User DN LDAP Add CA Add Get Cert LDAP Write Cert Get Response Send to M.E.

Complications Who owns the Trust model? Who performs first time interaction? Who is running the gateway / server / portal? What is the user experience across differing mobile equipment?

Summary Easy, consistent registration is critical to guide the user through their first contact with the wireless Internet. A Standardized approach to registration is the only way to ensure that experience is a good one. The wireless Internet will eclipse the wired Internet in scope, but only if we all work to make the necessary security as transparent as possible.

Thank you! Ian Gordon Entrust Technologies Limited Tel: