CACR 2000 Converging Technologies Internet Appliances and Wireless

CACR 2000 Converging Technologies: Internet Appliances and Wireless PKI Ron Vandergeest Group Manager - Internet Appliance Security Entrust Technologies Thursday, April 13 th 2000, 1: 30 p. m. Entrust Technologies 1

CACR 2000 Agenda • Technology Trends • WAP Overview • WAP Security Architectures • Wireless PKI and Entrust • Non-WAP Environments • Questions Entrust Technologies 2

Technology Trends CACR 2000 • Wireless devices are getting smarter • Wireless coverage is improving • Reliance on Internet-based information and services is growing However • Mobile devices lack the power of PCs • Wireless communication lacks the reliability of wired networks • Mobile devices are display constrained Entrust Technologies 3

CACR 2000 Adapting Security to Appliances • • Short message and certificate formats Datagram-based messaging Short-lived server certificates Increased reliance on trusted gateways or proxies • Algorithms optimized for mobile devices OTA protocol OTW protocol Gateway Server terminal Entrust Technologies 4

Wireless Applications CACR 2000 • Targeted applications with varying levels of security required • Less browsing, more time- or locationsensitive services • Low security services: weather, movie listings, packaged public information • Authentication-based services: viewing personal data, messaging • Non-repudiation-based services: stock trades, financial transactions Entrust Technologies 5

Wireless Application Protocol (WAP) CACR 2000 A suite of standards enabling the efficient delivery of information and services to mobile users Application Layer (WAE) WMLScript Other Services and Applications Session Layer (WSP) Transaction Layer (WTP) WTLS Security Layer (WTLS) Transport Layer (WDP) Bearers Entrust Technologies 6

TLS and WTLS CACR 2000 • WTLS is a variant of TLS optimized for use in wireless applications Entrust Technologies 7

CACR 2000 WAP 1. 1 Security Architecture WTLS SSL/TLS terminal CA root w WAP Gateway Server WAP Server SSL Client w SSL Server x x WAP CA Root w PKI portal Entrust Technologies CA SSL CA Root x 8

CACR 2000 Enabling WTLS Class 2 Security 5 terminal 4 WAP Gateway CA root Server SSL Server w x w 1 3 WAP CA Root 2 w PKI portal Entrust Technologies CA SSL CA Root x 9

CACR 2000 WAP 1. 2 Security Architecture WML Signature WTLS SSL/TLS terminal WAP Gateway CA root Server WAP Server SSL Client w w SSL Server x x WTLS Auth x WML Sign WAP CA Root w x repository Entrust Technologies PKI portal CA SSL CA Root x 10

CACR 2000 Enabling WTLS Class 3 Security 5 terminal CA root w WAP Gateway 3 6 1 7 Server SSL Server WAP Server x w WTLS Auth 4 x WAP CA Root 2 PKI portal Entrust Technologies repository w CA SSL CA Root x 11

CACR 2000 Enabling WML Sign. Text Security 5 6 terminal 7 WAP Gateway 3 CA root w Server SSL Server WAP Server 1 x w WML Sign 4 WTLS auth x WAP CA Root 2 w x PKI portal Entrust Technologies repository CA SSL CA Root x 12

WAP 1. 3 End-to-End Security Architecture CACR 2000 WTLS WML Signature WTLS terminal Server WAP Gateway CA root Master pull proxy w WAP Server w WTLS Auth x WML Sign WAP CA Root w x repository Entrust Technologies PKI portal CA SSL CA Root x 13

WAP 1. 3 End-to-End Security Architecture CACR 2000 3 1 Server terminal WAP Gateway 2 CA root Master pull proxy w WAP Server w WTLS Auth x WML Sign WAP CA Root w x repository Entrust Technologies PKI portal CA SSL CA Root x 14

CACR 2000 Wireless PKI and Entrust® • A PKI platform that can issue certificates for e-business, WAP, Web, and VPN applications • WTLS Toolkit for WAP gateways/servers • Entrust. net™ and Entrust@Your. Service™ trust services • Enrolment wizards and certificate managers for gateways and servers • PKI portals for client certificates • “Manufacturer PKI” for OEM applications Entrust Technologies 15

Entrust Certificate Managers Gateway Server terminal CA root CM functions • certificate enrolment • certificate renewal • short-lived certificate management Entrust Technologies CACR 2000 Server cert Gateway cert CM CM Entrust. net 16

Non-WAP Environments CACR 2000 Example: RIM 2 way pager e-Commerce Architecture Black. Berry pager Wireless carrier CA root w RIM SWS Entrust/PKI Entrust Technologies E-Commerce Server RA 17

CACR 2000 Mobile Commerce Trends: XML-based portals mapping content and services to a variety of devices XML 2 -way pager Web browser WAP phone Set-top box Entrust Technologies XML Device specific transformers Web server XML Portal Engine XML Database XML adapters XML Other content XML Database 18

CACR 2000 Mobile Commerce Security Trends • Location and proximity based services must balance convenience with privacy • use of mobile devices as authentication/payment terminals will drive device certificate usage • requirement for complementary services such as code signing and digital rights management as devices download increasingly diverse content Entrust Technologies 19

Summary CACR 2000 • Internet appliances have unique security requirements and constraints • Entrust Technologies is actively meeting the needs of both WAP and non-WAP environments through partnerships, products, and services • Thank You! • Questions ? Entrust Technologies 20