dcsimg
RealTime IT News

Nokia Bundles Smart Card Functionality Into VPN Portfolio

Nokia Monday added to its growing line of virtual private network (VPN) solutions by including support for smart cards, external public key infrastructure and remote client for IPSec over network address translation (NAT).

In the industry-wide effort to increase security over networks for remote users, Nokia's new technology allows mobile users to log into the network from remote sites with varying networking environments, such as hotels and airports. And they may do so with less fear of prying, potentially harmful minds. The chief handset maker's motive is to cut communication costs and maximize IT return on investment for its enterprise-class customers.

More than ever, smart cards are being leveraged for use with VPNs for remote user authentication to provide a convenient alternative to storing those digital certificates and susceptible information on hard drives. Nokia's VPN smart card implementation lets mobile users connect to a Nokia VPN Gateway easily and by popping their personal smart card into the computer's card reader and entering their PIN code. An encrypted tunnel to the corporate network is created immediately by the Nokia VPN client software, which leverages the digital certificate on the smart card. Because all confidential authentication details reside on the smart cards instead of the computers themselves, unauthorized access is prohibited more effectively.

Nokia VPN (now at version 3.1) uses a PKI smart card of Setec's SetCOS product family. Setec's PKI smart card is an ISO standard multi-application card with 16 KB of EEPROM for applications. It supports 1024 bit RSA keys, and both RSA key generation and RSA calculation are handled completely inside the card so as not to compromise the sensitive private RSA keys.

Lauri Pesonen, chief technology officer and executive vice president at smart card provider Setec, explained the advantages of smart-card-based data integration.

"PKI smart cards are used more and more for securing email and web applications, for secure single sign-on and for legally binding digital signatures," Pesonen said. "VPN remote user authentication fits perfectly into the line of security applications utilizing smart card technology."

Nokia has also added support for NAT, which is the translation of an Internet Protocol address (IP address) used within one network to a different IP address within another network. Formerly, remote VPN connections from behind a NAT device have been impossible due to converted IP address information.

In addition to support for smart cards and IPSec over NAT, Nokia is also announcing the following software enhancements in their VPN solution:

  • Simplified VPN management -- the upgraded management tools of the Nokia VPN solution, featuring auditing and SNMP enhancements, help administrators ease deployment and management pains
  • Automatic retrieval of certificate revocation lists (CRLs) from Certificate Authorities (CA), such as VeriSign, for checking if certificates used in a Nokia VPN are valid
  • Online certificate enrollment for Nokia VPN Gateways and Clients -- gateways and clients can obtain a digital certificate online by sending their public key directly to a CA using SCEP (simple certificate enrollment protocol)
  • Remote users relying on the Linux FreeS/WAN IPSec V1.8 implementation can connect to Nokia VPN Gateways

Nokia's improved VPN 3.1 will be available on the entire portfolio of the Nokia VPN appliances (CC500, CC2500, CC5200, CC5205) in early September 2001 in North America, Europe and Asia-Pacific.



×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.