wireless pki l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Wireless PKI PowerPoint Presentation
Download Presentation
Wireless PKI

Loading in 2 Seconds...

play fullscreen
1 / 37

Wireless PKI - PowerPoint PPT Presentation


  • 440 Views
  • Uploaded on

Wireless PKI Tõnis Reimo Project Manager Authentication Mechanisms Today Password cards Pro: cheap, easy to use, Contra: usable only for one service, insecure - easy to copy. PIN-calculators Pro: higher security level, easy to use,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless PKI' - andrew


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wireless pki

Wireless PKI

Tõnis ReimoProject Manager

authentication mechanisms today
Authentication Mechanisms Today
  • Password cards
    • Pro: cheap, easy to use,
    • Contra: usable only for one service, insecure - easy to copy.
  • PIN-calculators
    • Pro: higher security level, easy to use,
    • Contra: price tag, usable only for one service, user needs to carry it
  • ID-card
    • Pro: highest security level, legally digital signature, usable with different service providers
    • Contra: need for a smart card reader and specific software, no ID-card in Latvia and Lithuania (yet)
wireless pki3
Wireless PKI
  • Wireless Public Key Infrastructure provides all advantages of “wired” PKI in mobile way
  • Mobile phone operates as a smartcard reader with display
  • Communication with PC/service and mobile phone goes through:
    • Mobile signing/authentication service
    • Mobile gateway of GSM operator
pki wired vs wireless
PKI: Wired vs. Wireless
  • WPKI is easier to use – no installation/ configuration of hardware and software is required
  • WPKI does not replace wired PKI – it is a complimentary one
  • WPKI suits for user who:
    • does not want to manage additional PKI hard- and software (or does not know how to do it)
    • does not want to carry password cards or PIN-calculators
    • is wiling to use WPKI-based applications
wpki enrollment
WPKI enrollment
  • User: applies for WPKI certificate with Service Provider (SP)
  • SP: forwards the application to Network Operator (NO)
  • SP: informs the user where from to pick up new SIM card
  • NO: identifies the user
  • NO: hands over the SIM
  • NO: helps user to activate the certificate
  • RA/CA: activates the certificate
  • NO: performs other actions needed
using wpki
Using WPKI
  • User connects to SP, the service requests for mobile phone number
  • SP sends signing request to TSP
  • TSP replies with Signing Session ID (SSI) which is displayed to the user
  • TSP sends signing request through NO to user’s mobile phone
  • User verifies SSI and signs the message by entering PIN code
  • TSP verifies validity of user certificate with CA validation service
  • TSP returns digital signature or confirmation of successful authentication
mutual relations 1
Mutual Relations (1)
  • CA – NO
    • CA: issuance of certificates
    • NO acts as Registration Authority of CA providing:
      • physical user authentication
      • certificate handover
      • suspension/revocation service
      • user helpdesk
  • TSP – NO
    • NO provides for mobile gateway to transport signing messages
mutual relations 2
Mutual Relations (2)
  • NO – User
    • Receives users application for certificate (could be done by SP as well)
    • Provides WPKI-enabled SIM card along with certificates
    • Provides user assistance and support
    • Provides suspension and revocation services
mutual relations 3
Mutual Relations (3)
  • TSP – SP
    • TSP provides for mobile authentication, digital signing and digital signature verification services using different network operators
    • Certificate validation service is included within the service
    • TSP provides technology to SP necessary for use of these services
  • CA – TSP
    • CA provides for certificate validity information (OCSP)
obvious expenses
Obvious expenses
  • CA
    • Certificate issuance and lifecycle maintenance (for NO-s)
    • Provision of validation services (for TSP)
  • TSP
    • Runs the service (for SP-s)
  • NO
    • Serves end users, acting as a RA (for CA)
    • Runs mobile gateways (for TSP)
  • All parties – expenses for communication channels
who pays for what
Who pays for what ?
  • User: for certificate to NO+CA
    • Option: could be recovered by SP
  • User: per transaction to NO
    • SMS messages are billed anyway, the rest can be for free
  • SP: per transaction to TSP
    • Can be set as a monthly fee
  • TSP – NO: communication with mobile gateways
    • Could be for free
  • TSP: for validation service to CA
    • Can be set as a monthly fee
advantages at the end of the day
Advantages at the end of the Day
  • For SP:
    • Secure and convenient way for user authentication
    • Possibility to employ digital signatures in the service
  • For MO:
    • Provision of value-added service
  • For User:
    • Convenient way to use e-services securely
    • Possibility to use digital signature (outside of SP environment)
    • Possibility to use other PKI-based services (e.g secure e-mail, secure login, encryption etc.)
thank you

Thank You!

tarvi@sk.eereimo@xk.ee