Remote PKI - PowerPoint PPT Presentation

wireless pki n.
Skip this Video
Loading SlideShow in 5 Seconds..
Remote PKI PowerPoint Presentation
Remote PKI

play fullscreen
1 / 37
Download
Download Presentation

Remote PKI

Presentation Transcript

  1. Wireless PKI Tõnis ReimoProject Manager

  2. Authentication Mechanisms Today • Password cards • Pro: cheap, easy to use, • Contra: usable only for one service, insecure - easy to copy. • PIN-calculators • Pro: higher security level, easy to use, • Contra: price tag, usable only for one service, user needs to carry it • ID-card • Pro: highest security level, legally digital signature, usable with different service providers • Contra: need for a smart card reader and specific software, no ID-card in Latvia and Lithuania (yet)

  3. Wireless PKI • Wireless Public Key Infrastructure provides all advantages of “wired” PKI in mobile way • Mobile phone operates as a smartcard reader with display • Communication with PC/service and mobile phone goes through: • Mobile signing/authentication service • Mobile gateway of GSM operator

  4. PKI: Wired vs. Wireless • WPKI is easier to use – no installation/ configuration of hardware and software is required • WPKI does not replace wired PKI – it is a complimentary one • WPKI suits for user who: • does not want to manage additional PKI hard- and software (or does not know how to do it) • does not want to carry password cards or PIN-calculators • is wiling to use WPKI-based applications

  5. WPKI-enabled application:The User View

  6. 10 sek

  7. 10 sek

  8. 12 sek

  9. 12 sek

  10. 12 sek

  11. Implementing WPKI

  12. WPKI enrollment • User: applies for WPKI certificate with Service Provider (SP) • SP: forwards the application to Network Operator (NO) • SP: informs the user where from to pick up new SIM card • NO: identifies the user • NO: hands over the SIM • NO: helps user to activate the certificate • RA/CA: activates the certificate • NO: performs other actions needed

  13. Using WPKI • User connects to SP, the service requests for mobile phone number • SP sends signing request to TSP • TSP replies with Signing Session ID (SSI) which is displayed to the user • TSP sends signing request through NO to user’s mobile phone • User verifies SSI and signs the message by entering PIN code • TSP verifies validity of user certificate with CA validation service • TSP returns digital signature or confirmation of successful authentication

  14. Mutual relations

  15. Mutual Relations (1) • CA – NO • CA: issuance of certificates • NO acts as Registration Authority of CA providing: • physical user authentication • certificate handover • suspension/revocation service • user helpdesk • TSP – NO • NO provides for mobile gateway to transport signing messages

  16. Mutual Relations (2) • NO – User • Receives users application for certificate (could be done by SP as well) • Provides WPKI-enabled SIM card along with certificates • Provides user assistance and support • Provides suspension and revocation services

  17. Mutual Relations (3) • TSP – SP • TSP provides for mobile authentication, digital signing and digital signature verification services using different network operators • Certificate validation service is included within the service • TSP provides technology to SP necessary for use of these services • CA – TSP • CA provides for certificate validity information (OCSP)

  18. Business Model Basics

  19. Obvious expenses • CA • Certificate issuance and lifecycle maintenance (for NO-s) • Provision of validation services (for TSP) • TSP • Runs the service (for SP-s) • NO • Serves end users, acting as a RA (for CA) • Runs mobile gateways (for TSP) • All parties – expenses for communication channels

  20. Who pays for what ? • User: for certificate to NO+CA • Option: could be recovered by SP • User: per transaction to NO • SMS messages are billed anyway, the rest can be for free • SP: per transaction to TSP • Can be set as a monthly fee • TSP – NO: communication with mobile gateways • Could be for free • TSP: for validation service to CA • Can be set as a monthly fee

  21. Advantages at the end of the Day • For SP: • Secure and convenient way for user authentication • Possibility to employ digital signatures in the service • For MO: • Provision of value-added service • For User: • Convenient way to use e-services securely • Possibility to use digital signature (outside of SP environment) • Possibility to use other PKI-based services (e.g secure e-mail, secure login, encryption etc.)

  22. Thank You! tarvi@sk.eereimo@xk.ee