SchlumbergerSema rolls out wireless PKI solution

SchlumbergerSema is a participant at CommunicAsia 2001--one of Asia's premier telecommunications and IT events, which runs from June 19 to 22 at the Singapore Expo.

A demonstration of the new solution to ZDNet Asia was really a non-event - since everything happens on the backend, nothing really needs to be configured on the user-end.

The demo solution was put together with the help of Nokia's Signet and Activ WAP servers, an Ericsson WTLS-compliant handset, and a PKI platform put together from Entrust, and was first tested in an interoperability center in Hong Kong as 'proof of concept'.

Mobile service providers who intend to use this solution would enable their customers to do mobile business through WAP more securely with other merchants or partners utilizing the Entrust PKI platform. The use of digital certificates also allows for non-repudiation, since fraud is a common area of concern when it comes to Internet and mobile commerce.

Entrust provides the mobile trust software and services for the creation, management and revocation of the device and user certificates, while SchlumbergerSema smart card technology stores the key pairs and performs encryption functions as well as point-of-sale certificate registration.

"This is the first time in the world that we have full PKI on WAP," said Jean-Claude Deturche, vice-president of the Secure Advanced Wireless Services division for SchlumbergerSema in Asia.

The concept of wireless PKI for mobile devices was first brought into question because it was believed that the bottleneck for such a solution would lie in the inability of most devices to store digital signatures and certificates, as well as have enough computing power in order to decrypt them.

The smart cards developed by SchlumbergerSema have processing capabilities separate from the device, powerful enough to engage computational functions required for PKI functionality without taxing the performance on the mobile device.

The solution allows users to change their own digital certificates, and also allows service providers to do batch processing in order to facilitate certificate generation for large numbers of users.

The future of 3G networks will also mean that cards with better capabilities will be in demand - having to provide more processing power, as well as be able to hold more data.

Third-generation networks will "provide a tremendous opportunity for us, as you can imagine," said Deturche.

He said that smart cards for 3G would require more functionality so as to be able to better configure the relationship between the user and the service provider.

Read more about Mobile Security, or tell us if you think mobile security is good enough for you.