Toronto-based 724 Solutions Inc.’s new open standards-based PKI Gateway product was launched in February as one option to link businesses to end-users for secure mobile commerce (m-commerce) transactions.
Targeting financial institutions, 724 Solutions’ PKI Gateway acts as the go-between technology for an end-user’s wireless device and a trusted certificate authority’s PKI (public key infrastructure) technology. The product allows for PKI and digital signature transactions.
“It’s a turnkey solution to provide certificate registration, as well as the business replication logic, to take advantage of digital signature functionalities for transactions,” said Camille Collantes, product manager, security, for 724 Solutions. Its main component is a secure transaction processor, which is responsible for digital signature verification. It also uses Certicom Corp.’s Trustpoint PKI Portal technology. In many countries, such as Germany, Singapore and the U.S., legislation has been created so a digital signature is legally equal to a signed piece of paper.
According to the white paper issued by 724 Solutions on the PKI Gateway, the product currently supports many devices, including WAP-enabled phones, SIM- or smart card-enabled phones, Research In Motion (RIM) Ltd. two-way paging devices, Palm Inc. personal digital assistants (PDA), Pocket PCs and desktop computers.
From the end-user’s side of things, once an m-commerce transaction is ready to be completed, the user is presented with a contract detailing the transaction to which the user is about to commit, such as a fund transfer for $1 million to a Swiss bank account. The user enters a password used to protect the private key, which is then unlocked. The private key and the contract are then sent through a cryptographic algorithm in the PKI Gateway where the digital signature is generated. Voila! The transaction is complete and your retirement savings are now waiting for you in Switzerland.
“[The product is for] financial institutions who would want to offer transactions that are of a higher value – so, higher-value fund transfers, high-value stock trades, as well as inter-bank fund transfer, commercial banking so [users] can do wire transfers,” Collantes said.
If a thief happens to steal the device and the user’s password, financial institutions would typically have a policy that would allow a user to cancel the private key in the device, Collantes said.
With the PKI Gateway, 724 Solutions is trying to create a consistent user experience no matter what device a client comes in on, said James Kobielus, an analyst at The Burton Group Inc. in Sterling, Va. The important thing about the PKI Gateway is that by a user issuing a password, the server can sign contracts digitally, he said.
“If it’s ever a matter of it going to a court of law, it can be shown that the server signed [the contract] at this particular point in time, so these were the transactions signed by the server at that time,” Kobielus said. The fact that the PKI Gateway is an open-architecture product that supports many devices and a variety of certified authorities will endear it to many of its customers because many companies have already chosen a PKI and certified authority structure and will not want to change, he said.
Pricing for 724 Solutions’ PKI Gateway has not yet been set. For more information, visit www.724solutions