With concerns rising over the need for enhanced security in future wireless e-commerce, several firms in both the wireless and security industries launched efforts last week aimed at designing secure wireless networks.
The largest initiative was that between leading phone manufacturers L.M. Ericsson, Motorola Inc. and Nokia Corp., which announced a joint effort to develop an open and common framework for secure mobile e-commerce transmissions. The three hope to use existing and emerging standards to build a framework for mobile e-commerce transmissions that all can use on a de facto basis. The open platform then would be available for integration on all mobile devices developed in the future.
The three companies said they have invited representatives from the telecom, financial and information technology industries to help with the effort, as well as to expand on existing security initiatives. Cornerstone technologies to be used include Wireless Application Protocol security functions-such as Wireless Transport Layer Security and Wireless Identification Module-as well as public key infrastructure and other existing mobile payment schemes.
“The ambition is to formulate an environment which allows mobile operators, financial institutions and other service providers to facilitate secure mobile transactions,” said Jan Ahrenbring, vice president of marketing and communications at Ericsson Mobile Communications. “The most important thing that is needed to get all these consumers to start using mobile e-commerce is a standard, which makes it safe and easy to use.”
The three companies said they expect to issue technical and other details about the security standard by the end of May, and hope to have an open framework formulated before summer.
More security measures
Also looking to wireless security concerns is RSA Security Inc., which formed an agreement with Compaq Computer Corp. to bring a new, advanced cryptography technology to wireless handsets, called MultiPrime. Both companies said they will incorporate the encryption technology in their respective products. RSA said it will implement it across its entire BSAFE product line, starting with BSAFE WTLS-C, expected to be released later this year for WAP-enabled devices.
In addition, RSA unveiled its new Wireless Development Center in Stockholm, Sweden, dedicated to extending RSA’s security products to the wireless market. The announcement was made at the European RSA Conference, held in Munich, Germany. John Adams, RSA chief technology officer, will lead the new center.
Finally, Tantau Software Inc. of Austin, Texas-a software developer of mobile commerce solutions for enterprise customers-instituted a Security Alliance Partner Program, created to integrate its own encryption, authentication and authorization technologies with other security technologies like public key infrastructure. Partners in the program also will collaborate on wireless security projects and marketing activities toward a common security model for multiple wireless devices, similar to the Ericsson-Motorola-Nokia program.
Specifically, Tantau said it wanted to work with security vendors on such issues as server and client-side certificates, ways to authenticate wireless “cookies,” policy authorization of wireless users and integration of smart-card security technologies. To do so, the program will work with the WAP Forum as well as Radicchio, a global consortium promoting PKI security solutions for wireless commerce.
