Australian certificate authority eSign has detailed bold plans to
secure wireless e-commerce transactions using custom-built parts of a
public key infrastructure (PKI).
Using software from VeriSign, the
company said it would build what it called "wireless trust" applications
with digital certificates, digital signatures and a cut-down version of
the Secure Sockets Layer protocol. eSign is a wholly owned subsidiary of
systems integrator Com Tech
Communications, and acts as VeriSign's Australian representative.
Future developments from eSign will include:
a "wireless personal trust agent", which would have to be embedded
in mobile devices to enable the rest of the security services;
short-lived wireless server certificates which eSign claimed would
still provide strong authentication and "real-time certificate
validation for low-footprint handhelds";
gateway-assisted SSL, which would substitute a compromised
certificate into the SSL process;
gateway-assisted PKI, which would mean that mobile phone users'
digital certificates would be stored in directories on the wireless gateways;
eSign's e-commerce payment systems will also be amended so that they can
handle tranactions from roaming devices.
"Australia has one of the highest penetrations of mobile phones and
Internet usage in the world," said Gregg Rowley, MD of eSign. "A
personal device such as a mobile phone is an ideal way for consumers to
access many Web services, and a convenient device for the storage and
use of digital certificates."