1 / 7

Qualified electronic signatures via WAP

Qualified electronic signatures via WAP. Tim Wright, Vodafone Chair WAP Security Group timothy.wright@vf.vodafone.co.uk. What is WAP?. An open standard for mobile access to Internet content Wireless adaptations of Internet protocols Opened up in May 1998 Over 750 members in WAP Forum:

lucas
Download Presentation

Qualified electronic signatures via WAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Qualified electronic signatures via WAP Tim Wright, Vodafone Chair WAP Security Group timothy.wright@vf.vodafone.co.uk

  2. What is WAP? • An open standard for mobile access to Internet content • Wireless adaptations of Internet protocols • Opened up in May 1998 • Over 750 members in WAP Forum: • Operators • Terminal and gateway manufacturers • Application developers • Financial Institutions

  3. WAP security • WTLS - Wireless Transport Layer Security • Adaptation of TLS (SSL) • Provides confidentiality, integrity and mutual authentication at the transport layer • signText - function for handset to sign string • WIM - WAP Identity Module • Specification of secure storage of crypto parameters on a tamper-resistant device • WPKI - client and gateway certificate request, root download to clients • Certificate Profile - wireless profiles of X.509

  4. signText in more detail • Signature is in format that can be converted to CMS SignedData (S/MIME) without destroying signature integrity • SignaturePolicyId is not included (WAP work pre-dated EESSI) as required in ETSI signature formats • Significance of “mismatch” between signText output and ETSI spec needs to be discussed

  5. Other issues • SIM/WIM suppliers and Area F requirement for SSCD’s • Terminal manufacturers and Area G requirements for signature creation environment • Specific protection profile for wireless devices in both F and G? WAP to require compliance with these profiles? • CA’s for wireless clients and Qualified Certificate Service Providers requirements • WAP Certificate Profile and Qualified Certificate Format

  6. EESSI consideration in WAP • WSG members are individually taking part in EESSI activities • Some EESSI considerations discussed • But no general discussion within WSG yet • Presentation to be given at next WAP forum • Co-operation between WAP and EESSI is encouraged • Mobile environment will have the biggest prevalence of hardware signature creation devices in the medium term and possibly thereafter

More Related