Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Smart Cards -- Ignore unavailable to you. Want to Upgrade?

To: caly who wrote (250)	6/3/2000 6:23:00 PM
From: Eric L	Read Replies (1) \| Respond to of 343

calypso, Re: DKEY - (Wireless) PKI - WAP - Baltimore Technologies << smartcards are FINALLY picking up a head of steam in this country. It's certainly been a long time coming >> Although there is no mention of smart cards in this article, PKI on smart cards (provided by DKEY and others) will be used to secure M-Commerce transactions. This article has a good concise definition of PKI. >> *SECURING THE MOBILE E-CONOMY* From the May 15, 2000 issue of Wireless Week By Guy Singh The wireless world presents a greater security risk than the wired world, for two reasons. First, the encryption used in mobile communications is vulnerable. The second is specific to Wireless Application Protocol access to the Internet: A WAP gateway is an extra layer open to security breaches. A breakpoint occurs where the wireless transport layer security, which secures the connection between the mobile access device and the WAP gateway, changes to a secure socket layer to secure the connection between the WAP gateway and the Web server. Thus the success of mobile commerce depends upon an end-to-end security infrastructure that does not rely on cryptography. A wireless public key infrastructure provides four requirements of electronic security using cryptography, digital signatures and digital certificates: confidentiality (nobody can listen in), authentication (parties doing business are who they claim to be), integrity (transactions are not tampered with) and non-repudiation (agreements are legally binding). PKI provides each individual with a ?key pair??a private key and a public key. These key pairs are linked mathematically using asymmetric cryptography and each key pair is unique. The private key is used by the originator of a message to digitally sign the message. The digital signature is proof of that user?s identity, the equivalent of a legal, handwritten signature. The corresponding public key is used by the recipient of the message to verify the signature. Because it is the only matching key, only it can verify the signature and establish that the originator is who she claims to be, as well as checking that the data has not been altered. Consider a PKI-centric wireless transaction. A mobile commerce vendor sets up a WAP site using wireless mark-up language pages. Inside these pages they specify tags that call the signing function. The customer uses a WAP-enabled device to access the Web site. She downloads a page, fills in a form and clicks on the signing function. The customer enters a PIN code, which unlocks a ?private key,? stored in the user?s wireless identity module. This signs the form and returns it to the mobile commerce vendor. When the vendor sees signed data, it verifies the signature and the data?s integrity by retrieving the digital certificate from a repository owned by its certification authority, a trusted third party that vouches for the identity and authenticity of parties involved in a transaction. Wireless PKI-based technology enables secure mobile business across all types of transactions and wireless platforms, extending the wired trust model to wireless applications. Given the predicted growth rate of mobile subscribers? more than 1 billion by 2003? solutions must provide scalability, end-to-end security and compatibility. That?s critical to the growth of the wireless industry. Guy Singh is a product manager at Baltimore Technologies, a member of the WAP Forum. << - Eric -