Toronto-based Diversinet Corp. launched a new product in April dedicated to being the middle point between mobile commerce (m-commerce) end-users and digital certification authorities like VeriSign Inc. and Digital Signature Trust Co.
Passport Portal is a software application targeted at companies that want to put m-commerce capabilities on handheld devices using the Wireless Application Protocol (WAP). Acting as the intermediary between end-users and trusted certification authorities, Passport Portal gives users a single point of access for acquiring digital certificates and validating those certificates, said Verne Meredith, vice-president of sales and marketing for Diversinet.
“For security to work, there has to be security intelligence in multiple places. There has to be intelligence buried in the WAP browser or on the phone itself. There has to be a server-based or back-end security application that manages identities and provisions, which is what our product does,” Meredith said.
Passport Portal is an open, standards-based application that uses Java, Java Message Service and Extensible Markup Language (XML) technologies to provide an interface for managing digital certificates and signatures. Broken down to the simplest explanation, what it does is route transactions to different certificate authorities, Meredith said. Think of it like a post office, he said.
“So you may be doing an application where the certificate authority is VeriSign and I may be doing one where the certificate authority is Digital Signature Trust, and the system has to be smart enough to know that, so it knows where to go to essentially authenticate your identity and to check your signature,” he said. Meredith added that an upcoming version of Passport Portal will allow routing to extend to more than just WAP-enabled devices.
The software sits at the back-end. A mobile device connects it through an m-commerce application on the device and tells Passport Portal what transaction it wants to do. Passport Portal determines which certificate authority to send the request to, which in turn verifies the user’s identity and signature.
According to James Kobielus, an analyst at The Burton Group Inc. in Sterling, Va., the important question about this area is: Is there a need for it all?
“People are going to want to use [m-commerce applications], but how many people? That’s the overall issue here in terms of how critically important is security on mobile commerce,” Kobielus said. “In other words, is the level of security available without digital certificates sufficient?”
In the Web world, most people do not have their own digital certificates, he said. E-commerce servers have their own certificates, though, so there is a secure pipe between the server and the browser in the Web world.
“Same thing in the WAP world. We can have and do have secure pipes between WAP handsets and WAP gateways based solely on gateway or server side certificates that are used for WTLS (wireless transport lay security) protocol,” Kobielus said.
In the mass consumer market, digital certificates are anything but a showstopper, he added. Digital certificate services are probably not a must-have. In the business world, it’s a different story, and digital certificates and signatures will become more important over time.
Diversinet’s Passport Portal is available now and is priced at approximately US$150,000. Diversinet can be found on the Web at www.dvnet.com.