(keitai-l) Re: question on enterprise security

From: Kyle Barrow <kyle_at_X-9.com>
Date: 02/13/01
Message-ID: <NDBBIBLMOEECJPBNJNKCMEDJCGAA.kyle@X-9.com>
>  I thought
> this was discussed on this list and the consensus was that since the data
> sent from DoCoMo to the handset was via proprietary non-public standard,
> that this would be plenty secure.  Correct?  So its just basic
> SSL security
> from the web server?

Correct. SSL to the gateway, proprietary from gateway to phone. I don't have
any details on DoCoMo security (does anyone else on the list) but banks are
confident enough to conduct online banking via i-mode which of course means
absolutely nothing.

> bottomline:  what is the best way to ensure security on non-official imode
> websites such that corporate information can be accessed?

Any security model should always be proportional to the value of the data
being transmitted and the difficulty of obtaining this data through
nefarious means. Until more is known about DoCoMo's proprietary system you
must assume it is possible for someone to intercept this data - the
difficulty of which is the unknown.

Conversely, if someone wants someone else's credit card number they can wade
through any restaurant of hotel miniskip - no SSL there ;)

Kyle

X-9 DESIGN LAB
http://www.X-9.com


[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Tue Feb 13 10:37:05 2001