DENVER, United States-Attention to wireless security concerns has emerged as several internationally recognized corporate security software firms stated their intentions to concentrate on the wireless industry going forward.
“Everybody has made the leap that there’s going to be a wireless front-end to that Internet world. It’s mandatory now,” said Verne Meridith, vice president of sales and marketing at Diversinet, based in the United States. “All anybody is talking about is wireless.”
Diversinet is one of the few security companies that has focused specifically on wireless e-commerce security technology from the beginning. Sonera SmartTrust, a Finnish company, is another. While their early concentration on wireless has given them a significant head start, this exclusivity seems about to end.
Wireless challenges
Those traditionally focused on wireline Internet security features face several challenges when addressing the wireless space. Besides the low processing power and bandwidth restrictions inherent in wireless devices, network carriers represent a middleman not present in wireline Internet e-commerce.
Security companies have to find an extra chair to seat this third addition at the e-commerce table.
U.S.-based security firm VeriSign plans to do this by issuing digital certificates at the network server, which interacts with the private key existing on the user’s device.
Diversinet, however, claims it has the only solution that authenticates the user all the way to the device.
Server-side authentication “still can’t sign the certificate,” Meridith said. “Nonrepudiation is still an issue.”
The company introduced an enhanced version of its Passport Certificate Server 3.0, which includes support for the Palm operating system. It also introduced its Digital Permit Server 2.0, specifically designed for wireless applications.
The certificate server issues digital certificates for authentication purposes, while the permit server attaches permissions to the digital certificate. This allows for such e-commerce uses as coupons, essentially allowing the merchant to sign the coupon electronically.
“The certificate is your identity,” Meridith said. “The permits are the cards in your wallet, whatever would be personalized to you individually. Permissions coordinate where you can go and what you can do.”
SensCom Inc. signed a letter of intent to license and integrate the Passport Certificate Server and Digital Permit Server product in its wireless Internet e-commerce services and applications.
Traditional landline security firms like VeriSign, Baltimore Technologies, Entrust Technologies and RSA Security all recently made announcements relating to wireless e-commerce security concerns. Besides adding to the competition, their interest validates the growing importance of wireless data.
Making a loud entry into the wireless space was VeriSign, announcing partnerships, alliances and new products and technologies with several wireless firms, including Motorola, InfoSpace.com, Gemplus, Research In Motion, BellSouth Wireless Data (BSWD) and Sonera SmartTrust.
VeriSign is a provider of what is called Internet trust services. It provides authentication services through digital certificates, validation and payment solutions for Internet commerce applications.
The cornerstone of this charge is VeriSign’s Wireless Personal Trust Agent technology-a micro client code that enables the use of certificates in the wireless space. The code defines the system by which certificates are requested and revoked.
Leading a string of announcements was VeriSign’s agreement with Motorola, a memorandum of understanding stating that Motorola will incorporate the Wireless Personal Trust Agent-based security architecture into wireless devices.
The two also said they will jointly fund the development of security products like server-side solutions supporting the Wireless Application Protocol (WAP).
using the Wireless Transport Layer Security standard, end-to-end client authentication solutions and directory and validation services. Also included are encryption services for transmissions between devices and gateways, nonrepudiation of transactions and payment settlement services.
BellSouth Wireless Data said it tapped VeriSign to develop a complete wireless public key infrastructure solution for wireless e-commerce transactions on its Intelligent Wireless Network. BSWD said it plans to use VeriSign’s trust services to perform authentication services, encryption and validation between businesses and end users.
Also, the two hope to create a wireless PKI toolkit and application programming interface developers may use to add security features to applications written for BSWD’s network.
VeriSign also has formed partnerships with InfoSpace for secure targeted promotions and one-click buying services, as well as with RIM and Sonera to embed its security features with their products.
In addition, VeriSign and InfoSpace teamed with Gemplus, a smart-card solution provider, to add encryption and digital certification to short message service and SIM application toolkits.
Pereira said the agreements “clearly show we have a good set of partners. We can’t build out this trust infrastructure by ourselves.”
However, most of VeriSign’s news announcements were exactly that-announcements. The only products available to wireless carriers and developers today are tools and toolkits for application developers and a certificate for WAP servers. In the next few months, Pereira said the company will roll out certificate services for both enterprise and network operator servers.
