how smart cards will enable secure transactions over wireless internet 1 the smart card in wap or...

26
1 How smart cards will enable secure transactions over Wireless Internet THE SMART CARD IN WAP THE SMART CARD IN WAP OR OR How Smart Cards Will How Smart Cards Will Enable Secure Transactions Enable Secure Transactions over Wireless Internet over Wireless Internet Andrew Henderson Andrew Henderson Marketing Manager Marketing Manager Wireless Communications - Gemplus Wireless Communications - Gemplus Northern Europe Northern Europe

Upload: amanda-carmella-cross

Post on 22-Dec-2015

217 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

1How smart cards will enable secure transactions over Wireless Internet

THE SMART CARD IN WAPTHE SMART CARD IN WAPOROR

How Smart Cards WillHow Smart Cards WillEnable Secure Transactions over Enable Secure Transactions over

Wireless InternetWireless Internet

Andrew HendersonAndrew Henderson

Marketing ManagerMarketing Manager

Wireless Communications - Gemplus Northern Wireless Communications - Gemplus Northern EuropeEurope

Page 2: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

2How smart cards will enable secure transactions over Wireless Internet

AgendaAgenda

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 3: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

3How smart cards will enable secure transactions over Wireless Internet

AgendaAgenda

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 4: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

4How smart cards will enable secure transactions over Wireless Internet

Gemplus strategy on Wireless InternetGemplus strategy on Wireless Internet Leading Wireless Internet solutions using smart cardsLeading Wireless Internet solutions using smart cards WAP forum member since May 98WAP forum member since May 98

active contributions on the WIM specification chairmanship of the Smart Card Expert Group (SCEG)

Introduce smart card products early on the marketIntroduce smart card products early on the market SIM/WIM prototype (RSA-based) : October 99 Test WIM/handset integration with WAP handset manufacturers SIM/WIM product : Q2 2000

Push industry initiative to deploy secure Wireless Internet Push industry initiative to deploy secure Wireless Internet solutions and Wireless E-commerce: Wishes, Radicchiosolutions and Wireless E-commerce: Wishes, Radicchio

Gemplus is your ideal partner, at the crossroads of Gemplus is your ideal partner, at the crossroads of Internet/Wireless/E-Commerce convergenceInternet/Wireless/E-Commerce convergence

Page 5: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

5How smart cards will enable secure transactions over Wireless Internet

Typical Wireless Internet services Typical Wireless Internet services

Mobile IntranetMobile Intranet email secure access to corporate database

Mobile CommerceMobile Commerce mobile banking stock trading ticketing shopping betting ...

Request secure transactionsRequest secure transactions

Page 6: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

6How smart cards will enable secure transactions over Wireless Internet

Security aspectsSecurity aspects

Mobile intranet needsMobile intranet needs strong user authentication integrity confidentiality end-to-end security

Mobile commerce needsMobile commerce needs transaction oriented security security scheme accepted by banking organizations non-repudiation end-to-end security

Page 7: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

7How smart cards will enable secure transactions over Wireless Internet

WAP forum activitiesWAP forum activities

More than 200 companies have now joined the WAP forumMore than 200 companies have now joined the WAP forum the first worldwide forum in wireless telephony

Smart card integration endorsed as major evolution of WAP Smart card integration endorsed as major evolution of WAP specificationsspecifications creation of WIM subgroup within WAP Security Group (WSG) creation of a Smart Card Expert Group (SCEG) chaired by

Gemplus WAP specification releasesWAP specification releases

June 1999 : WAP 1.1 December 1999 : WAP 1.2 June 2000 : next WAP release

Page 8: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

8How smart cards will enable secure transactions over Wireless Internet

WAP specificationsWAP specifications

WAP 1.1 :WAP 1.1 : WTLS layer (transport security layer)

WAP 1.2 :WAP 1.2 : WAP identity module (WIM)

integration of the smart card within WTLS layer and application security layer

promoted to Proposed Specification WMLScript Crypto library (application security layer)

access to cryptographic functions through WMLScript promoted to Proposed Specification

Can be downloaded at www.wapforum.orgCan be downloaded at www.wapforum.org

Page 9: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

9How smart cards will enable secure transactions over Wireless Internet

Future possible WAP specificationsFuture possible WAP specifications

Wireless public key infrastructure (WPKI)Wireless public key infrastructure (WPKI) very early draft stage

WMLScript Crypto library release 2WMLScript Crypto library release 2 only input papers

WAP handset with 2 smart card readersWAP handset with 2 smart card readers work includes in a more generic activity : External Function

Interface (EFI) very early draft stage

Page 10: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

10How smart cards will enable secure transactions over Wireless Internet

AgendaAgenda

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 11: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

11How smart cards will enable secure transactions over Wireless Internet

Security within WAP 1.1 Security within WAP 1.1

WirelessNetwork

Web Server

Web Server

SSL

WTLS

WTLS

Web Server

Web Server

WAP Proxy

WAP Proxy

WAP Proxy

WAP Proxy

Page 12: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

12How smart cards will enable secure transactions over Wireless Internet

WTLS 1.1 main featuresWTLS 1.1 main features

Provides privacy, data integrity and mutual authenticationProvides privacy, data integrity and mutual authentication Based on TLS 1.0Based on TLS 1.0 New featuresNew features

datagram support optimized handshakes dynamic key refreshing

Optimized for low-bandwidth bearersOptimized for low-bandwidth bearers State-of-the-art cryptographyState-of-the-art cryptography

RSA, SHA, DES, ...

Application layer (WAE)

Transport layer (WDP)

Session layer (WSP)

Transaction layer (WTP)

Security layer (WTLS)

Page 13: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

13How smart cards will enable secure transactions over Wireless Internet

WAP 1.1 limitations about securityWAP 1.1 limitations about security

WTLS 1.1WTLS 1.1 end-user authentication

no real end-user authentication (no PIN protection) RSA private key not stored in tamper-proof device

no secure and flexible personalization scheme for private keys and certificates of the WAP client

no end-to-end security non-repudiation not available

Application security layerApplication security layer not available in WAP 1.1

Page 14: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

14How smart cards will enable secure transactions over Wireless Internet

AgendaAgenda

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 15: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

15How smart cards will enable secure transactions over Wireless Internet

WIM security capabilitiesWIM security capabilities

WIM means WAP Identity ModuleWIM means WAP Identity Module WIM plays 2 strategic roles for security in WAP 1.2WIM plays 2 strategic roles for security in WAP 1.2

supports client authentication and session management within the WTLS layer

supports digital signature function within the application security layer

Page 16: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

16How smart cards will enable secure transactions over Wireless Internet

WIM within WTLS layerWIM within WTLS layer

Supports client authentication and session managementSupports client authentication and session management authentication of WAP client

storage of private key execution of associated public key algorithm PIN protection

storage of CA and user certificates generation of session keys

secure long-living WTLS sessions generation of true random numbers

Based on ISO 7816-8 and PKCS#15 standardsBased on ISO 7816-8 and PKCS#15 standards

Private key never leaves the smart cardPrivate key never leaves the smart card

Page 17: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

17How smart cards will enable secure transactions over Wireless Internet

WIM within application security layerWIM within application security layer

Application security layerApplication security layer WMLScript Crypto library (WAP 1.2) digital signature of a text string

WIM supports the digital signature algorithmWIM supports the digital signature algorithm signature of the text tring

storage of private key execution of public key algorithm PIN protection

storage of user certificates complies with future European law

Non-repudiation of electronic transactionsNon-repudiation of electronic transactions

Page 18: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

18How smart cards will enable secure transactions over Wireless Internet

GSM operators caseGSM operators case

SIM and WIM functions on the same smart cardSIM and WIM functions on the same smart card quicker acceptation of WIM as smart card

SIM is the subscriber ID only trusted in the domain of the SIM is the subscriber ID only trusted in the domain of the GSM operator (secret key authentication)GSM operator (secret key authentication)

WIM is the subscriber ID trusted in a more wider domain WIM is the subscriber ID trusted in a more wider domain regulated by Certification Authorities (PKI)regulated by Certification Authorities (PKI)

Certification Authorities : Certification Authorities : A new source of revenue for GSM A new source of revenue for GSM

operators operators

Page 19: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

19How smart cards will enable secure transactions over Wireless Internet

WAP PKI architectureWAP PKI architecture

WAP gatewayContent server

Internet

WAP handset

GSM network

Certification Authority

AuC

CertificatesCRL

Page 20: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

20How smart cards will enable secure transactions over Wireless Internet

AgendaAgenda

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 21: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

21How smart cards will enable secure transactions over Wireless Internet

WISHES projectWISHES project

ESPRIT projectESPRIT project Omnitel, Gemplus, Nokia, SoneraOmnitel, Gemplus, Nokia, Sonera ObjectivesObjectives

prototype WAP 1.2 (WIM, Crypto API, Push)

push of information & services on-line payment over WAP

September 98 - March 2000September 98 - March 2000 3-month live trials3-month live trials Total workload : 200 men.monthTotal workload : 200 men.month Gemplus participationGemplus participation

SIM/WIM prototype SET wallet server prototype

Page 22: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

22How smart cards will enable secure transactions over Wireless Internet

WISHES payment architectureWISHES payment architecture

WAP Gateway

WAP handset SIM/WIM

GSM network

Merchant Server

Internet

Payment Gateway

SET Wallet Server

LAN

WAP 1.2 securitySET protocol

Page 23: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

23How smart cards will enable secure transactions over Wireless Internet

RADICCHIO initiativeRADICCHIO initiative

Launched September 27th, 1999Launched September 27th, 1999 Founding members : Sonera SmartTrust, Gemplus, EDSFounding members : Sonera SmartTrust, Gemplus, EDS Strong support of the industry (Ericsson, Lucent)Strong support of the industry (Ericsson, Lucent) Promote the deployment of PKI infrastructure to enable Promote the deployment of PKI infrastructure to enable

secure transactions over mobile networkssecure transactions over mobile networks Target both SIM toolkit technology and Wireless Internet Target both SIM toolkit technology and Wireless Internet

technology (WAP, I-mode)technology (WAP, I-mode) Open initiative, looking to recruit further membersOpen initiative, looking to recruit further members Website : www.radicchio.org Website : www.radicchio.org

Page 24: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

24How smart cards will enable secure transactions over Wireless Internet

CONCLUSIONCONCLUSION

The development of the role of the smart card in WAPThe development of the role of the smart card in WAP

WAP forum activities on security & smart cards

WAP 1.1 security capabilities

WIM security capabilities

Partnerships within WAP for building value added servicesPartnerships within WAP for building value added services

WISHES project

RADICCHIO initiative

Conclusion:Conclusion:

What will the smart card bring to VAS within a WAP environment

Page 25: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

25How smart cards will enable secure transactions over Wireless Internet

ConclusionConclusion

The WIM as part of WAP 1.2 security will be the enabler of The WIM as part of WAP 1.2 security will be the enabler of

Wireless CommerceWireless Commerce

authentication of the end-user

non-repudiation of electronic transactions

In the meantime, SIM toolkit is the unique alternativeIn the meantime, SIM toolkit is the unique alternative

Page 26: How smart cards will enable secure transactions over Wireless Internet 1 THE SMART CARD IN WAP OR How Smart Cards Will Enable Secure Transactions over

26How smart cards will enable secure transactions over Wireless Internet

Thank youThank you

Andrew HendersonAndrew Henderson

Marketing ManagerMarketing Manager

Wireless Communications - Gemplus Northern Wireless Communications - Gemplus Northern EuropeEurope

email : [email protected] : [email protected]