1 / 37

Wireless PKI

Wireless PKI Tõnis Reimo Project Manager Authentication Mechanisms Today Password cards Pro: cheap, easy to use, Contra: usable only for one service, insecure - easy to copy. PIN-calculators Pro: higher security level, easy to use,

andrew
Download Presentation

Wireless PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless PKI Tõnis ReimoProject Manager

  2. Authentication Mechanisms Today • Password cards • Pro: cheap, easy to use, • Contra: usable only for one service, insecure - easy to copy. • PIN-calculators • Pro: higher security level, easy to use, • Contra: price tag, usable only for one service, user needs to carry it • ID-card • Pro: highest security level, legally digital signature, usable with different service providers • Contra: need for a smart card reader and specific software, no ID-card in Latvia and Lithuania (yet)

  3. Wireless PKI • Wireless Public Key Infrastructure provides all advantages of “wired” PKI in mobile way • Mobile phone operates as a smartcard reader with display • Communication with PC/service and mobile phone goes through: • Mobile signing/authentication service • Mobile gateway of GSM operator

  4. PKI: Wired vs. Wireless • WPKI is easier to use – no installation/ configuration of hardware and software is required • WPKI does not replace wired PKI – it is a complimentary one • WPKI suits for user who: • does not want to manage additional PKI hard- and software (or does not know how to do it) • does not want to carry password cards or PIN-calculators • is wiling to use WPKI-based applications

  5. WPKI-enabled application:The User View

  6. 10 sek

  7. 10 sek

  8. 12 sek

  9. 12 sek

  10. 12 sek

  11. Implementing WPKI

  12. WPKI enrollment • User: applies for WPKI certificate with Service Provider (SP) • SP: forwards the application to Network Operator (NO) • SP: informs the user where from to pick up new SIM card • NO: identifies the user • NO: hands over the SIM • NO: helps user to activate the certificate • RA/CA: activates the certificate • NO: performs other actions needed

  13. Using WPKI • User connects to SP, the service requests for mobile phone number • SP sends signing request to TSP • TSP replies with Signing Session ID (SSI) which is displayed to the user • TSP sends signing request through NO to user’s mobile phone • User verifies SSI and signs the message by entering PIN code • TSP verifies validity of user certificate with CA validation service • TSP returns digital signature or confirmation of successful authentication

  14. Mutual relations

  15. Mutual Relations (1) • CA – NO • CA: issuance of certificates • NO acts as Registration Authority of CA providing: • physical user authentication • certificate handover • suspension/revocation service • user helpdesk • TSP – NO • NO provides for mobile gateway to transport signing messages

  16. Mutual Relations (2) • NO – User • Receives users application for certificate (could be done by SP as well) • Provides WPKI-enabled SIM card along with certificates • Provides user assistance and support • Provides suspension and revocation services

  17. Mutual Relations (3) • TSP – SP • TSP provides for mobile authentication, digital signing and digital signature verification services using different network operators • Certificate validation service is included within the service • TSP provides technology to SP necessary for use of these services • CA – TSP • CA provides for certificate validity information (OCSP)

  18. Business Model Basics

  19. Obvious expenses • CA • Certificate issuance and lifecycle maintenance (for NO-s) • Provision of validation services (for TSP) • TSP • Runs the service (for SP-s) • NO • Serves end users, acting as a RA (for CA) • Runs mobile gateways (for TSP) • All parties – expenses for communication channels

  20. Who pays for what ? • User: for certificate to NO+CA • Option: could be recovered by SP • User: per transaction to NO • SMS messages are billed anyway, the rest can be for free • SP: per transaction to TSP • Can be set as a monthly fee • TSP – NO: communication with mobile gateways • Could be for free • TSP: for validation service to CA • Can be set as a monthly fee

  21. Advantages at the end of the Day • For SP: • Secure and convenient way for user authentication • Possibility to employ digital signatures in the service • For MO: • Provision of value-added service • For User: • Convenient way to use e-services securely • Possibility to use digital signature (outside of SP environment) • Possibility to use other PKI-based services (e.g secure e-mail, secure login, encryption etc.)

  22. Thank You! tarvi@sk.eereimo@xk.ee

More Related