how smart cards will enable secure transactions over wireless internet 1 the smart card in wap or...
TRANSCRIPT
1How smart cards will enable secure transactions over Wireless Internet
THE SMART CARD IN WAPTHE SMART CARD IN WAPOROR
How Smart Cards WillHow Smart Cards WillEnable Secure Transactions over Enable Secure Transactions over
Wireless InternetWireless Internet
Andrew HendersonAndrew Henderson
Marketing ManagerMarketing Manager
Wireless Communications - Gemplus Northern Wireless Communications - Gemplus Northern EuropeEurope
2How smart cards will enable secure transactions over Wireless Internet
AgendaAgenda
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
3How smart cards will enable secure transactions over Wireless Internet
AgendaAgenda
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
4How smart cards will enable secure transactions over Wireless Internet
Gemplus strategy on Wireless InternetGemplus strategy on Wireless Internet Leading Wireless Internet solutions using smart cardsLeading Wireless Internet solutions using smart cards WAP forum member since May 98WAP forum member since May 98
active contributions on the WIM specification chairmanship of the Smart Card Expert Group (SCEG)
Introduce smart card products early on the marketIntroduce smart card products early on the market SIM/WIM prototype (RSA-based) : October 99 Test WIM/handset integration with WAP handset manufacturers SIM/WIM product : Q2 2000
Push industry initiative to deploy secure Wireless Internet Push industry initiative to deploy secure Wireless Internet solutions and Wireless E-commerce: Wishes, Radicchiosolutions and Wireless E-commerce: Wishes, Radicchio
Gemplus is your ideal partner, at the crossroads of Gemplus is your ideal partner, at the crossroads of Internet/Wireless/E-Commerce convergenceInternet/Wireless/E-Commerce convergence
5How smart cards will enable secure transactions over Wireless Internet
Typical Wireless Internet services Typical Wireless Internet services
Mobile IntranetMobile Intranet email secure access to corporate database
Mobile CommerceMobile Commerce mobile banking stock trading ticketing shopping betting ...
Request secure transactionsRequest secure transactions
6How smart cards will enable secure transactions over Wireless Internet
Security aspectsSecurity aspects
Mobile intranet needsMobile intranet needs strong user authentication integrity confidentiality end-to-end security
Mobile commerce needsMobile commerce needs transaction oriented security security scheme accepted by banking organizations non-repudiation end-to-end security
7How smart cards will enable secure transactions over Wireless Internet
WAP forum activitiesWAP forum activities
More than 200 companies have now joined the WAP forumMore than 200 companies have now joined the WAP forum the first worldwide forum in wireless telephony
Smart card integration endorsed as major evolution of WAP Smart card integration endorsed as major evolution of WAP specificationsspecifications creation of WIM subgroup within WAP Security Group (WSG) creation of a Smart Card Expert Group (SCEG) chaired by
Gemplus WAP specification releasesWAP specification releases
June 1999 : WAP 1.1 December 1999 : WAP 1.2 June 2000 : next WAP release
8How smart cards will enable secure transactions over Wireless Internet
WAP specificationsWAP specifications
WAP 1.1 :WAP 1.1 : WTLS layer (transport security layer)
WAP 1.2 :WAP 1.2 : WAP identity module (WIM)
integration of the smart card within WTLS layer and application security layer
promoted to Proposed Specification WMLScript Crypto library (application security layer)
access to cryptographic functions through WMLScript promoted to Proposed Specification
Can be downloaded at www.wapforum.orgCan be downloaded at www.wapforum.org
9How smart cards will enable secure transactions over Wireless Internet
Future possible WAP specificationsFuture possible WAP specifications
Wireless public key infrastructure (WPKI)Wireless public key infrastructure (WPKI) very early draft stage
WMLScript Crypto library release 2WMLScript Crypto library release 2 only input papers
WAP handset with 2 smart card readersWAP handset with 2 smart card readers work includes in a more generic activity : External Function
Interface (EFI) very early draft stage
10How smart cards will enable secure transactions over Wireless Internet
AgendaAgenda
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
11How smart cards will enable secure transactions over Wireless Internet
Security within WAP 1.1 Security within WAP 1.1
WirelessNetwork
Web Server
Web Server
SSL
WTLS
WTLS
Web Server
Web Server
WAP Proxy
WAP Proxy
WAP Proxy
WAP Proxy
12How smart cards will enable secure transactions over Wireless Internet
WTLS 1.1 main featuresWTLS 1.1 main features
Provides privacy, data integrity and mutual authenticationProvides privacy, data integrity and mutual authentication Based on TLS 1.0Based on TLS 1.0 New featuresNew features
datagram support optimized handshakes dynamic key refreshing
Optimized for low-bandwidth bearersOptimized for low-bandwidth bearers State-of-the-art cryptographyState-of-the-art cryptography
RSA, SHA, DES, ...
Application layer (WAE)
Transport layer (WDP)
Session layer (WSP)
Transaction layer (WTP)
Security layer (WTLS)
13How smart cards will enable secure transactions over Wireless Internet
WAP 1.1 limitations about securityWAP 1.1 limitations about security
WTLS 1.1WTLS 1.1 end-user authentication
no real end-user authentication (no PIN protection) RSA private key not stored in tamper-proof device
no secure and flexible personalization scheme for private keys and certificates of the WAP client
no end-to-end security non-repudiation not available
Application security layerApplication security layer not available in WAP 1.1
14How smart cards will enable secure transactions over Wireless Internet
AgendaAgenda
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
15How smart cards will enable secure transactions over Wireless Internet
WIM security capabilitiesWIM security capabilities
WIM means WAP Identity ModuleWIM means WAP Identity Module WIM plays 2 strategic roles for security in WAP 1.2WIM plays 2 strategic roles for security in WAP 1.2
supports client authentication and session management within the WTLS layer
supports digital signature function within the application security layer
16How smart cards will enable secure transactions over Wireless Internet
WIM within WTLS layerWIM within WTLS layer
Supports client authentication and session managementSupports client authentication and session management authentication of WAP client
storage of private key execution of associated public key algorithm PIN protection
storage of CA and user certificates generation of session keys
secure long-living WTLS sessions generation of true random numbers
Based on ISO 7816-8 and PKCS#15 standardsBased on ISO 7816-8 and PKCS#15 standards
Private key never leaves the smart cardPrivate key never leaves the smart card
17How smart cards will enable secure transactions over Wireless Internet
WIM within application security layerWIM within application security layer
Application security layerApplication security layer WMLScript Crypto library (WAP 1.2) digital signature of a text string
WIM supports the digital signature algorithmWIM supports the digital signature algorithm signature of the text tring
storage of private key execution of public key algorithm PIN protection
storage of user certificates complies with future European law
Non-repudiation of electronic transactionsNon-repudiation of electronic transactions
18How smart cards will enable secure transactions over Wireless Internet
GSM operators caseGSM operators case
SIM and WIM functions on the same smart cardSIM and WIM functions on the same smart card quicker acceptation of WIM as smart card
SIM is the subscriber ID only trusted in the domain of the SIM is the subscriber ID only trusted in the domain of the GSM operator (secret key authentication)GSM operator (secret key authentication)
WIM is the subscriber ID trusted in a more wider domain WIM is the subscriber ID trusted in a more wider domain regulated by Certification Authorities (PKI)regulated by Certification Authorities (PKI)
Certification Authorities : Certification Authorities : A new source of revenue for GSM A new source of revenue for GSM
operators operators
19How smart cards will enable secure transactions over Wireless Internet
WAP PKI architectureWAP PKI architecture
WAP gatewayContent server
Internet
WAP handset
GSM network
Certification Authority
AuC
CertificatesCRL
20How smart cards will enable secure transactions over Wireless Internet
AgendaAgenda
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
21How smart cards will enable secure transactions over Wireless Internet
WISHES projectWISHES project
ESPRIT projectESPRIT project Omnitel, Gemplus, Nokia, SoneraOmnitel, Gemplus, Nokia, Sonera ObjectivesObjectives
prototype WAP 1.2 (WIM, Crypto API, Push)
push of information & services on-line payment over WAP
September 98 - March 2000September 98 - March 2000 3-month live trials3-month live trials Total workload : 200 men.monthTotal workload : 200 men.month Gemplus participationGemplus participation
SIM/WIM prototype SET wallet server prototype
22How smart cards will enable secure transactions over Wireless Internet
WISHES payment architectureWISHES payment architecture
WAP Gateway
WAP handset SIM/WIM
GSM network
Merchant Server
Internet
Payment Gateway
SET Wallet Server
LAN
WAP 1.2 securitySET protocol
23How smart cards will enable secure transactions over Wireless Internet
RADICCHIO initiativeRADICCHIO initiative
Launched September 27th, 1999Launched September 27th, 1999 Founding members : Sonera SmartTrust, Gemplus, EDSFounding members : Sonera SmartTrust, Gemplus, EDS Strong support of the industry (Ericsson, Lucent)Strong support of the industry (Ericsson, Lucent) Promote the deployment of PKI infrastructure to enable Promote the deployment of PKI infrastructure to enable
secure transactions over mobile networkssecure transactions over mobile networks Target both SIM toolkit technology and Wireless Internet Target both SIM toolkit technology and Wireless Internet
technology (WAP, I-mode)technology (WAP, I-mode) Open initiative, looking to recruit further membersOpen initiative, looking to recruit further members Website : www.radicchio.org Website : www.radicchio.org
24How smart cards will enable secure transactions over Wireless Internet
CONCLUSIONCONCLUSION
The development of the role of the smart card in WAPThe development of the role of the smart card in WAP
WAP forum activities on security & smart cards
WAP 1.1 security capabilities
WIM security capabilities
Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services
WISHES project
RADICCHIO initiative
Conclusion:Conclusion:
What will the smart card bring to VAS within a WAP environment
25How smart cards will enable secure transactions over Wireless Internet
ConclusionConclusion
The WIM as part of WAP 1.2 security will be the enabler of The WIM as part of WAP 1.2 security will be the enabler of
Wireless CommerceWireless Commerce
authentication of the end-user
non-repudiation of electronic transactions
In the meantime, SIM toolkit is the unique alternativeIn the meantime, SIM toolkit is the unique alternative
26How smart cards will enable secure transactions over Wireless Internet
Thank youThank you
Andrew HendersonAndrew Henderson
Marketing ManagerMarketing Manager
Wireless Communications - Gemplus Northern Wireless Communications - Gemplus Northern EuropeEurope
email : [email protected] : [email protected]