Tip

PKI security for a wireless phone

PKI security for a wireless phone

This tip was submitted to the searchSecurity Tip Exchange by user Tom Mahone. Let other users know how useful it is by rating the tip below.

Most host services communicate with the Web (application) server using Hyper Text Transport Protocol (HTTP) over Secure Sockets Layer (SSL). SSL is an Internet standard for secure communications between Web browser clients and Web servers. Each end-user application controls whether it uses an SSL connection.

The gateway acts as a proxy on behalf of the compatible phone hand-held Internet device, relaying messages to and from the phone. SSL includes both authentication and encryption mechanisms. Encryption methods over SSL include DES, Triple-DES and SSL3 (the latest version of SSL). SSL provides support for authentication of both client (the gateway in the case of some applications) and the server, using public keys and X.509 digital certificates. At the gateway, data is decrypted from Handheld Device Transport Protocol and re-encrypted using SSL. AT&T Wireless protects this portion of the communications at the gateway with physical security. In addition, firewalls limit access to the gateway. The net result is a secure connection all the way from the compatible phone to the Web server.

SSL ensures that only specific compatible phones communicate with allowed Web servers and that this communication is private. The corporate firewall needs to be configured so the host

    Requires Free Membership to View

gateway can communicate with the Web server, which typically resides behind the corporate firewall or in a demilitarized zone. In turn, the Web server is configured so that users can access desired services and databases. One final note on using SSL at the application server is that the protocols do involve a relatively high computer-processing load, which should be considered during implementation planning.

We can also provide a virtual private network method to ensure private transmissions over public networks, as well. A VPN establishes a secure tunnel between its endpoints. Each endpoint authenticates the other endpoint, forwards traffic to authorized services and encrypts and decrypts communications. A VPN typically encrypts the IP packet (or other network layer protocol), adds a special header and encapsulates all this information in a new IP packet. There are a number of solutions that allow us to implement a VPN. A VPN approach is particularly effective when connecting to a fixed-end system via the Internet. With a frame relay fixed-end connection, there is less need to employ VPN technology.


This was first published in August 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.