<< Back to article Print this page Loading page, please wait...

Wireless Security Evolves

Brian Fonseca and Paul Krill (Computerworld)
22 January, 2000 12:01

Making wireless systems secure for Internet transactions is blossoming into a critical issue, with several vendors showcasing strategies to achieve this aim at the RSA Conference 2000 show, in San Jose, Calif., last week.

With the boom in both wireless devices and Internet commerce, vendors are naturally interested in linking these two trends. Companies detailing offerings for trusted wireless commerce on the Internet included VeriSign Inc., Certicom, and Hewlett-Packard Co. subsidiary Verifone in conjunction with BellSouth.

Products focused on functions such as digital certificates and public key infrastructure (PKI).

"A mobile [device] is an ideal personal device for doing business transactions," said Bill Anderson, director of Enterprise Marketing at Certicom.

"Running a CA [certificate authority] is all about running a secure procedure, access control, and having a liability control on the service. That's the big hole in the market we're filling in. [Customers] want someone to run their CA," Anderson said.

VeriSign, meanwhile, unveiled what company marketing Vice President Richard Yanowitch called "a complete trust infrastructure [for] the wireless world," with trust agents, certificate services, and a gateway.

An RSA conference attendee, however, pointed out that vendors could be a bit ahead of themselves in wireless security developments.

"I think wireless is a trend, but I think most people haven't even issued a certificate yet," for any type of computer-based commerce, wired or unwired, said Ron Siracusa, manager of PKI and directory services for the state of New Jersey, in Trenton.

Vendors are forming alliances to ensure the security of wireless Internet commerce. Key to VeriSign's plan, for instance, is an arrangement whereby Motorola will include the VeriSign technology on browsers on Motorola mobile phones. Shipment of these products is anticipated later this year.

VeriSign unveiled a series of products and services including a "Wireless Personal Trust Agent," which is micro-coded to enable use of private keys, digital certificates, and signatures on wireless systems.

Among the services to be offered by the company are Enterprise Trust Services for conducting business-to-business and business-to-consumer commerce applications for fields such as banking, health care, and messaging.

Transaction services to be offered include Wireless Validation Services, for real-time certificate validation, and Wireless Payment Services, to enable wireless payment applications. Both of these services are due by this summer.

Certicom launched MobileTrust, a digital certificate service that enables Palm Computing handheld computers, Wireless Access Protocol phones, Research In Motion (RIM) wireless handhelds, and other small wireless devices to participate in secure electronic-business applications. MobileTrust also includes a registration authority enabling enterprises or service providers to provide large-scale administration of certificates.

Companies endorsing VeriSign's initiative include RSA Security, BellSouth, Sonera SmartTrust, and RIM. These companies will leverage the technologies in their own offerings.

Also at the show, VeriFone and BellSouth Wireless Data introduced the Omni 3200M, a wireless point-of-sale terminal that accepts debit card, credit card, and electronic banking transcription payments without the need to access a phone.

VeriSign Inc., in Mountain View, Calif., is at www.verisign.com. Certicom, in Hayward, Calif., is at www.certicom.com. VeriFone Inc., in Palo Alto, Calif., is at www.verifone.com. Bellsouth Corp., in Atlanta, is at www.bellsouth.com.

SHOWBRIEFS

Novell Extends Authentication to biometrics:

Novell introduced Novell Modular Authentication Service (NMAS), software that leverages directories to integrate and manage third-party authentication devices to Novell Directory Services. The NMAS framework delivers a single point of administration and management for a growing class of biometric and other authentication devices, including smart cards and physical tokens. NMAS will be offered in a Starter Pack, which allows for any provided single form of user log in method, and NMAS Enterprise Edition, including Multi-factor Authentication and Graded Authentication. The NMDS Starter Pack is now available for free download via the Internet. NMDS Enterprise Edition begins at $995 for a server plus five users and will be available by April.

Intel puts security on board:

Intel announced its new family of Intel PRO/100 S network security-enabled adapters, which help accelerate network security over the LAN. The Intel PRO/100 S Management Adapter and the Intel PRO/100 S Server Adapter enable higher performance and end-to-end security within the LAN to protect and keep confidential data traveling between the PC and network server. Intel PRO/100 S Management and Server adapters feature an onboard network encryption co-processor and support IP Security. The Intel PRO/100 S Management Adapter is now shipping for $112. The Intel PRO/100 S Server Adapter is now shipping for $139.

Xcert accelerates PKI:

Xcert International announced Sentry 4.0, a "rapid deploy" public key infrastructure (PKI) platform for Internet applications that scales to 1 million users for electronic-commerce networks. Sentry 4.0 features instantaneous certificate cross-validation on behalf of external certificate authorities (CAs). It also includes user roaming, private key backup, and automated CA and end-user certificate renewal capabilities. The suite will be available in February on Windows NT and all major Unix platforms. User-based pricing starts at $10,000 and includes an entry-level starter kit.

Adding PKI to custom apps:

Rainbow Technologies debuted iKey 2000, a PKI token that does not require a reader or software integration to support PKI environments. The iKey 2000 is compatible with smart cards but snaps into a PC's Universal Serial Bus (USB) port. Rainbow's product supports applications built on major PKI systems and allows users to develop custom PKI solutions. The iKey 2000 stores digital certificates, generates public-key pairs on a physical token, and performs digital signatures; it is available now and costs $45.

VeriSign's offerings

VeriSign is planning to support several wireless security technologies.

* Wireless Personal Trust Agents, which enable devices to use private keys, digital certificates, and digital signatures* Short-lived wireless server certificates, which are "mini-digital certificates" that are optimized for wireless devices* Gateway-assisted Secure Sockets Layer (SSL), a trust model to let network service providers substitute wireless certificates for SSL certificates* Gateway-assisted PKI, a roaming model enabling small-footprint devices to digitally sign transactions