|Openwave announces enhanced security for WAP Microbrowsers|
Posted: 11-Dec-2000 [Source: Openwave press release]
[Openwave (previously Phone.com) plans to enhance the security of its browser, server, and proxy offerings in compliance with WTLS (Wireless Transport Layer Security).]
Redwood City, Calif -- Openwave Systems Inc. (Nasdaq: OPWV), the combination of Phone.com and Software.com, today announced it is taking wireless security to the next level through the use of client-enabled server authentication by working with leading security vendors. Through agreements with leading security providers including Baltimore Technologies (Nasdaq: BALT and London: BLM), Certicom (Nasdaq: CERT and TSE: CIC), and Diversinet (Nasdaq Small Cap: DVNT, CDN: DVNT), Openwave will embed their respective "root keys," or electronic authentication functionality, in the Openwave UP.Browser WAP microbrowser. Openwave announced it will provide customers with enhanced security functionality for the Openwave(tm) UP.Browser(r), UP.Link(tm) Server and Secure Enterprise Proxy by incorporating server certificate functionality as defined by the WAP Forum. The root keys provided by these vendors are compliant with the WAP Forum's Wireless Transport Layer Security (WTLS) Class II.
Because the Openwave UP.Browser microbrowser will contain embedded root keys from many of the industry's leading security providers, Openwave's wireless handset manufacturer customers are provided with the convenience of multi-vendor support. Likewise, wireless network operators that license the Openwave UP.Link server, and enterprises such as financial institutions that license the Secure Enterprise Proxy will have the flexibility to purchase WTLS server certificates from the e-security provider of their choice, offering their users the added security of server authentication.
As the wireless Internet continues to grow, security is of paramount concern for users, network operators and content providers, particularly providers of financial services. All parties demand the highest level of security available when engaging in m-commerce, m-banking and other transaction services involving the wireless transfer of personal and financial data. The concept of authentication through the use of root certificates and server certificates provides the end user with a reliable method for verifying the authenticity of the server prior to conducting a transaction.
In order to provide authentication during a secure transaction, a "root certificate" or "root key" stored in the microbrowser is used to verify a "server certificate" sent by a WAP gateway. A certificate is simply a short, electronic document that contains data about the certificate issuer and the company to which the certificate was issued. This document is then encrypted with a private encryption key used solely for the purposes of encrypting these certificates.
Back to Headlines...