Security in the area of mobile devices is one of the most predominant of present challenges. Some approaches do exist, such as large cards which are moved into the slot for SD chips, inconveniently projecting, or Soft Certificates providing security only to a certain extent – particularly on systems which are per se unsecure.
IICS, an enterprise based in Nürnberg, has set off to solve the problem and lately offered a solution integrated into a MiniSD card for the secure storage of certificates, including the bonus that no special drivers are required for access, which on mobile devices would be particularly difficult to install and to manage.
Another advantage of the IICS solution: It can be used on other platforms such as Symbian or Blackberry. Additionally, it offers encryption and certificate services which guarantee secure storage of the digital certificates mainly required for storing VPNs and e-mails. Access by applications is realized via CSPs (Cryptography Service Provider) used by default in Windows, or PKCS#11, as well as a lean integrated API. CSPs and PKCS#11 can be used for access by many applications, one of it being the Internet Explorer.
To me, this solution seems to be one of the most exciting concerning security issues I have come across lately. It tackles in a groundbreaking way the task of secure communication in the area of mobile systems and secure handling of individual private keys. If the secure authentication for mobile devices will in the same way be addressed by manufacturers – who would primarily be responsible for doing this job – then we will have a chance of seeing the risk of using mobile devices drastically reduced. Anyway, the IICS solution alone can be considered an essential progress.
Created: 09.11.07, modified: 22.11.07