(keitai-l) Re: question on enterprise security

From: <kthanse_at_attglobal.net>
Date: 02/13/01
Message-ID: <3A8904C4.8962AF39@attglobal.net>
how secure is the remaining connection from DoCoMo to the handset over the air?
At the present time there is no security.  A large hole exists at the DoCoMo
gateway where the cHTML/HTML translation takes place.

I thought that most of the banking apps, etc. were registered sites and
therefore reading the phoneid
and doing a match on that as well for added security.
Banks, etc get a leased line pulled from the gateway.  This is expensive and
doesn't really provide any addtional security because of the translation.  Some
FI's have one time passwords or other "security" means, but nothing comparable
to SSL.

Also, if all this is so good, then why are the new 503i's supposed to address
"security concerns"
via iAppli's?
Java provides some level of security, but not to the level of SSL128.  Hence,
the lack of non-Japanese banks providing any banking features similar to what
you would find outside of Japan.

Pete Saladino wrote:

> Does anyone have information on the best ways businesses are using imode
> devices to access some corporate information while ensuring proper levels of
> security?  With just a regular non-official site serving chtml, you can set
> up an SSL connection between DoCoMo and the web server......how secure is
> the remaining connection from DoCoMo to the handset over the air?  I thought
> this was discussed on this list and the consensus was that since the data
> sent from DoCoMo to the handset was via proprietary non-public standard,
> that this would be plenty secure.  Correct?  So its just basic SSL security
> from the web server?
>
> bottomline:  what is the best way to ensure security on non-official imode
> websites such that corporate information can be accessed?  Is accessing data
> of this nature even an established practice?  I thought that most of the
> banking apps, etc. were registered sites and therefore reading the phoneid
> and doing a match on that as well for added security.  Also, if all this is
> so good, then why are the new 503i's supposed to address "security concerns"
> via iAppli's?   Just a little confused by the conflicting stories.
>
> thanks!
>
> -p
>
> Pete Saladino
> Scientョ: Innovate - For What's Next.(tm)
> email: psaladino@scient.com
> mobile: +81 90.7710.2215
> visit us:  http://www.scient.co.jp
>
> [ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]


[ Did you check the archives?   http://www.appelsiini.net/keitai-l/ ]
Received on Tue Feb 13 11:50:37 2001