Nokia Bundles Smart Card Functionality Into VPN Portfolio

Nokia Monday added to its growing line of virtual private network (VPN) solutions by including support for smart cards,
external public key infrastructure and remote client for IPSec over network address translation (NAT).

In the industry-wide effort to increase security over networks for remote users, Nokia’s new technology allows mobile users to log
into the network from remote sites with varying networking environments, such as hotels and airports. And they may do so with less
fear of prying, potentially harmful minds. The chief handset maker’s motive is to cut communication costs and maximize IT return on
investment for its enterprise-class customers.

More than ever, smart cards are being leveraged for use with VPNs for remote user authentication to provide a convenient alternative
to storing those digital certificates and susceptible information on hard drives. Nokia’s VPN smart card implementation lets mobile
users connect to a Nokia VPN Gateway easily and by popping their personal smart card into the computer’s card reader and entering
their PIN code. An encrypted tunnel to the corporate network is created immediately by the Nokia VPN client software, which
leverages the digital certificate on the smart card. Because all confidential authentication details reside on the smart cards
instead of the computers themselves, unauthorized access is prohibited more effectively.

Nokia VPN (now at version 3.1) uses a PKI smart card of Setec’s SetCOS product family. Setec’s PKI smart card is an ISO standard
multi-application card with 16 KB of EEPROM for applications. It supports 1024 bit RSA keys, and both RSA key generation and RSA
calculation are handled completely inside the card so as not to compromise the sensitive private RSA keys.

Lauri Pesonen, chief technology officer and executive vice president at smart card provider Setec, explained the advantages of
smart-card-based data integration.

“PKI smart cards are used more and more for securing email and web applications, for secure single sign-on and for legally binding
digital signatures,” Pesonen said. “VPN remote user authentication fits perfectly into the line of security applications utilizing
smart card technology.”

Nokia has also added support for NAT, which is the translation of an Internet Protocol address (IP address) used within one network
to a different IP address within another network. Formerly, remote VPN connections from behind a NAT device have been impossible due
to converted IP address information.

In addition to support for smart cards and IPSec over NAT, Nokia is also announcing the following software enhancements in their VPN

  • Simplified VPN management — the upgraded management tools of the Nokia VPN solution, featuring auditing and SNMP enhancements,
    help administrators ease deployment and management pains

  • Automatic retrieval of certificate revocation lists (CRLs) from Certificate Authorities (CA), such as VeriSign, for checking if
    certificates used in a Nokia VPN are valid

  • Online certificate enrollment for Nokia VPN Gateways and Clients — gateways and clients can obtain a digital certificate
    online by sending their public key directly to a CA using SCEP (simple certificate enrollment protocol)

  • Remote users relying on the Linux FreeS/WAN IPSec V1.8 implementation can connect to Nokia VPN Gateways

Nokia’s improved VPN 3.1 will be available on the entire portfolio of the Nokia VPN appliances (CC500, CC2500, CC5200, CC5205) in
early September 2001 in North America, Europe and Asia-Pacific.

News Around the Web