Securing Wireless Transactions
Implementing PKI in the wired world is becoming an increasingly important way to authenticate and secure e-commerce transactionsImplementing PKI in the wired world is becoming an increasingly important way to authenticate and secure e-commerce transactions. But, experts say, security managers shouldnt stop there. The same security and identity verification capabilities that are making PKI important for wired transactions will also make it a fit for wireless transactions, experts say. Various public-key infrastructure productsincluding Certicom Corp.s WAP (Wireless Application Protocol)-enabled Trustpoint PKI Portal and RSA Security Inc.s Secure IDhave been modified for mobile applications, providing encryption, authentication and nonrepudiation for wireless data. PKI allows wireless users to encrypt their over-the-air communications using public keys that are trusted by the server and the mobile device. Public keys can authenticate the application provider and the user to one another, ensuring the integrity of data flowing between user and application. And, PKIs nonrepudiation capability guarantees the merchant that the consumer is who he or she claims to be.
Some large e-businesses with big wireless plans are beginning to embrace PKI. Last summer, IT managers at Visa International began evaluating whether or not SET (Secure Electronic Transaction), Visas PKI solution for financial transactions, can be extended into the companys wireless channels. In the end, Visa officials decided that the technology did meet the companys needs, said Joe Chouinard, vice president of Visas New eCommerce Channels division, in San Francisco. Visa chose to use a Wireless Transport Layer Security PKI extension to ensure end-to-end security for its mobile commerce program launched last month in Australia.