Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Sagem OrgaStrong, Global, Innovative.
2
Sagem Orga – CTST – New Orleans, May 2009
CTST
François BlanchardGlobal Account Marketing Manager
3
Sagem Orga – CTST – New Orleans, May 2009
Market drivers
The game has changed
New risks and new opportunities
Mobile Network Operators are now WEB service providersConvergence of technology and servicesMultiple devices to access services requiring a SIM card
The SIM card
The secure token of mobile networks (3GPP)The secure element for mobile NFC servicesAccess control element for mobile TV
Security of Internet is weak (Hacking, phishing)Forecast for IT security market $ 12B in 2010More than 35 000 WEB sites Open ID compatibleTons of web services means tons of passwords
4
Sagem Orga – CTST – New Orleans, May 2009
PostulatesMake the SIM card a secure token for the WEBSingle Sign On solution re-enforced by the mean of a SIM card and add convenienceCompatible with standards and usual WEB technical environment (Open ID and HTTPS)Propose a solution to make the MNO a key player for the security of WEB services
PartnerEthertrust market software for smart cards and design innovative solutions that
strengthen the security of WEB applications while dramatically simplifying their use.
TLS Tandem: a way to secure Internet
5
Sagem Orga – CTST – New Orleans, May 2009
Driving use cases, secure Internet authentications
E-CommerceE-Commerce
E-paymentE-BankingE-paymentE-Banking
Single Sign OnSingle Sign On
MNO WEB portalBank internet siteAny OpenID internet site
MNO WEB portalBank internet siteAny OpenID internet site
E-GamingE-Gaming
PokerGambling games
Corporate servicesCorporate servicesIntranetE-mailCorporate phonebook
6
Sagem Orga – CTST – New Orleans, May 2009
USB companion, the device for convergence
SIM
MNO secure token
Internet Everywhere
MNO WEB portal
Open ID
Protected user data
7
Sagem Orga – CTST – New Orleans, May 2009
How does it works
Macarte d'identitéINTERNET
Plug the dongle to laptop
Plug the dongle to laptop
Insert SIM in USB dongleInsert SIM in USB dongle
Connect to internet.
Connect to internet.
1- Automatic authentication1- Automatic authentication
2- Secure connection set up2- Secure connection set up
3- Get access to WEB services3- Get access to WEB services
4- Use services4- Use services
Java OSJava OS
TLS Tandem javacard applet
TLS Tandem javacard applet
Windows / Mac / Linux OSWindows / Mac / Linux OS
TLS Tandem ProxyTLS Tandem Proxy
USB dongle with SIM card reader (PCSC) and HSDPA
modem
USB dongle with SIM card reader (PCSC) and HSDPA
modem
Memory for Internet Everywhere software Memory for Internet
Everywhere software
8
Sagem Orga – CTST – New Orleans, May 2009
Role of the SIM in our solution
Store certificates
- At registration step the SIM applet will receive and store the WEB service certificate
Authentication
-Exchange user credential With scurity provider to Operate the mutual authentication
Set up secure session
-An HTTPS or SSL sessionIs set up by the SIM card
Transfer session keys
-The session key and encryption keys are Transmitted to proxy
Service
-The SIM contains a payment application used for the e-transaction
9
Sagem Orga – CTST – New Orleans, May 2009
Solution architecture: case 1, TLS Tandem
Mobile Operator Internet
WEB Service4 – Set up secured connection
2 – Access request to WEB service
1 – Create a TLS Tandem account
3 – Check service access rights
10
Sagem Orga – CTST – New Orleans, May 2009
Solution architecture: case 2, Open ID
Mobile Operator
Security Provider
Internet
WEB Service
3 – Check service access rights
2 – Re-routing to security provider
Certificate check
4 – Set up secured connection
1 – Access request to WEB service
1 – Create Open ID account
11
Sagem Orga – CTST – New Orleans, May 2009
User experience
Secure SSL session
12
Sagem Orga – CTST – New Orleans, May 2009
2 Access to a partner web store
PartnerWEB
service
3 « One click »payment
Cash back
4
1Connect token and log to my MNO portal
Business model
13
Sagem Orga – CTST – New Orleans, May 2009
Benefits
The end user
The MNO
Simplify and protect its life on InternetNo more need for login & password Phishing killer solution
Technical
A unique and secure place to deploy the solution to ensure more security: every single byte flowing out of the SIM card is encryptedSpyware are blind, the computer is just a « plug » Authentication & Encryption algorythms are entirely computed in the SIM CardCompatible with existing infrastructure and standards
Become an Internet security provider – Open ID providerSecure usage of it WEB servicesTrace usage of WEB services for better billingIncrease usage of WEB services
14
Sagem Orga – CTST – New Orleans, May 2009
Our messageLet’s make the SIM card a secure token to provide more security to WEB
services
Our solution
TLS Tandem enables the SIM to play the role of secure token for WEB services.
2 main use cases for the mobile operator:1- Tls tandem: to secure access to its own set of WEB services reserved to MNO
subscribers
2- Open ID: to become an Open ID security provider for all the Internet re-inforcing security thanks to the SIM card
Conclusion
Sagem OrgaStrong, Global, Innovative.