SlideShare une entreprise Scribd logo

Mobile Web Security Bootstrap on Ericsson Labs

Ericsson Labs
Ericsson Labs

The Mobile Web Security Bootstrap (MWSB) API can be used to establish shared secret keys between an application server and a mobile web client. The key can be used to secure mobile applications that, for instance, require authentication, data confidentiality and integrity, and single sign on.

Technologie
1  sur  10
Télécharger pour lire hors ligne
Mobile Web Security Bootstrap A labs.ericsson.com API http://labs.ericsson.com/apis/mobile-web-security-bootstrap/
ericsson labs APIs Maps & positioning communication security Mobile Mobile SMS Send & Mobile Group Voice Mobile Web Security Oauth2 Location Maps Receive Push Mixer Bootstrap CAPTCHA Framework Web Async Identity Management Key Management Maps Voice Framework Service Web technologies NFC & sensors User & network information Web Web Background Mobile Sensor Mobile Network Tag Tool Connectivity EventSource Service Actuator Link Identification Probe Web Device Mobile Network Distributed Web Real-Time Real- Sensor Networking Connectivity Shared Memory Communication Application Platform Look-up Look- Machine learning Media and graphics Face Cluster Text-to-Speech Text- to- Detector Constructor © Ericsson AB 2010 | Page 2
Mobile Web Security Bootstrap › The SIM is commonly used for getting cellular access, mobile connectivity and access to some mobile services › The SIM proven security features can also be used for securing any mobile web applications › This service provides an API for establishing a secret key between mobile web clients and web applications © Ericsson AB 2010 | Page 3
Why Mobile Web Security Bootstrap? › Security – As secure as SIM › Standard – Based on industry standard › Acceptance – Many standardized applications › Convenience – Transparent to users › Extensibility – Any applications can exploit the SIM © Ericsson AB 2010 | Page 4
Main Features › Based on 3GPP industry standard Generic Bootstrapping Architecture › Client and server Web/Java APIs available and documented with examples › HTTP interfaces › Soft client available to allow focusing on the development of the network side of the web application © Ericsson AB 2010 | Page 5
Overview Mobile Web › Ub interface – Mobile client uses Network Application Server Network Application API to bootstrap a master secret Application key Ua Zn › Ua interface – Mobile Web Client uses API to derive application- * HTTP specific master key Mobile › Zn interface – Mobile Web Bootstrap Web Client Application Server uses API to Ub Server obtain the corresponding Bootstrap application-specific master key Client HTTP At the end of the API usage Subscriber transactions the client and server Database share an application-specific secret-key Mobile Web Client MWSB Mobile Web Security Bootstrap © Ericsson AB 2010 | Page 6
Java Client API › Soft Client API provided for focusing on server application › Example showing how to establish a shared key // Create soft client with user identity and permanent key GbaClient softclient = new GbaClient(myID, myKey); // Bootstrap client with master key. btid is the handler. String btid = softclient.bootstrap(); // Derive application-specific key to be shared with app server byte[] appKey = softclient.getKsNaf(app_Fqdn); // Use the app key for HTTP Digest Authentication boolean authResult = runUaHttpDigest(app_URL, btid, appKey); © Ericsson AB 2010 | Page 7
Java Server API › API towards mobile client and API towards MWSB › Servlet example showing how to establish a shared key // Applicatin Servlet doGet() // Create application context with Labs authorization API key GbaNaf app = new GbaNaf(myFqdn, myApiKey) // Parse GET authorization headers & fetch btid (key Handler) Authorization authz = Authorization.parse(authorizationHeader); String btid = authz.getUsername(); // Derive the application-specific key to be shared with client appKey = app.getKsNaf(btid); // Use the shared key to authenticate the mobile client Digest.verify(authorization, appKey) © Ericsson AB 2010 | Page 8
Possible applications Identity Management Authentication Single Sign-On Integrity Confidentiality Key Management © Ericsson AB 2010 | Page 9
© Ericsson AB 2010 | Page 10

Recommandé

Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture webinos project
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
 
webinos - Architecture and Strategy
webinos - Architecture and Strategywebinos - Architecture and Strategy
webinos - Architecture and Strategywebinos project
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 

Recommandé

Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture webinos project
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
 
webinos - Architecture and Strategy
webinos - Architecture and Strategywebinos - Architecture and Strategy
webinos - Architecture and Strategywebinos project
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsEricsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]moirajacobs
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudJoe Drumgoole
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
Company Profile
Company ProfileCompany Profile
Company ProfileDenny Charter
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)Phil Windley
 
Salesforce touch
Salesforce touchSalesforce touch
Salesforce touchSiva Vittala
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile bankingbkraft
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App EnablementCA API Management
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudydheerajkureel
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019Goran Angelov
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Intranets and Extranets
Intranets and Extranets Intranets and Extranets
Intranets and Extranets We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchEricsson Labs
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsEricsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs
 

Contenu connexe

Tendances

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsEricsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]moirajacobs
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudJoe Drumgoole
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)Phil Windley
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile bankingbkraft
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App EnablementCA API Management
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudydheerajkureel
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019Goran Angelov
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 

Tendances (18)

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConference
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)
 
Salesforce touch
Salesforce touchSalesforce touch
Salesforce touch
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile banking
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App Enablement
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudy
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshare
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Intranets and Extranets
Intranets and Extranets Intranets and Extranets
Intranets and Extranets
 

En vedette

Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchEricsson Labs
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsEricsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsEricsson Labs
 
Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Ericsson Labs
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsEricsson Labs
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 

En vedette (8)

Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson Research
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson Labs
 
Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson Labs
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIs
 

Similaire à Mobile Web Security Bootstrap on Ericsson Labs

Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!espheresecurity
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Tor Björn Minde
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
Netbiscuits V2 16 English
Netbiscuits V2 16 EnglishNetbiscuits V2 16 English
Netbiscuits V2 16 EnglishOtt1967
 
Building reliable systems from unreliable components
Building reliable systems from unreliable componentsBuilding reliable systems from unreliable components
Building reliable systems from unreliable componentsArnon Rotem-Gal-Oz
 
Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement CA API Management
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Servicesukdpe
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformService2Media
 
ServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoInventit Inc.
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsJames Pearce
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideCA API Management
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013Sanjeev Sharma
 
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Seo Jinho
 
Hybrid Mobile Application Framework
Hybrid Mobile Application FrameworkHybrid Mobile Application Framework
Hybrid Mobile Application Framework동수 장
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Developing with Windows Live
Developing with Windows LiveDeveloping with Windows Live
Developing with Windows Livegoodfriday
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services PlatformDavid Chou
 

Similaire à Mobile Web Security Bootstrap on Ericsson Labs (20)

Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop
 
Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network Service
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
 
Netbiscuits V2 16 English
Netbiscuits V2 16 EnglishNetbiscuits V2 16 English
Netbiscuits V2 16 English
 
Building reliable systems from unreliable components
Building reliable systems from unreliable componentsBuilding reliable systems from unreliable components
Building reliable systems from unreliable components
 
Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle Platform
 
ServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpo
 
T04f
T04fT04f
T04f
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applications
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to Guide
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013
 
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
 
Hybrid Mobile Application Framework
Hybrid Mobile Application FrameworkHybrid Mobile Application Framework
Hybrid Mobile Application Framework
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
Developing with Windows Live
Developing with Windows LiveDeveloping with Windows Live
Developing with Windows Live
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
 

Plus de Ericsson Labs

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Ericsson Labs
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson Labs
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Ericsson Labs
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation Ericsson Labs
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Labs
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020Ericsson Labs
 
3D visual communication
3D visual communication3D visual communication
3D visual communicationEricsson Labs
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationEricsson Labs
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked CloudEricsson Labs
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked SocietyEricsson Labs
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected MegacityEricsson Labs
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked SocietyEricsson Labs
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyEricsson Labs
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003Ericsson Labs
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Ericsson Labs
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsEricsson Labs
 
HTML5 impact on application programming
HTML5 impact on application programmingHTML5 impact on application programming
HTML5 impact on application programmingEricsson Labs
 

Plus de Ericsson Labs (18)

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020
 
3D visual communication
3D visual communication3D visual communication
3D visual communication
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson Collaboration
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked Cloud
 
Exploring Big Data
Exploring Big DataExploring Big Data
Exploring Big Data
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked Society
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected Megacity
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked Society
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked Society
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson Labs
 
HTML5 impact on application programming
HTML5 impact on application programmingHTML5 impact on application programming
HTML5 impact on application programming
 

Dernier

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 

Dernier (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 

Mobile Web Security Bootstrap on Ericsson Labs

  • 1. Mobile Web Security Bootstrap A labs.ericsson.com API http://labs.ericsson.com/apis/mobile-web-security-bootstrap/
  • 2. ericsson labs APIs Maps & positioning communication security Mobile Mobile SMS Send & Mobile Group Voice Mobile Web Security Oauth2 Location Maps Receive Push Mixer Bootstrap CAPTCHA Framework Web Async Identity Management Key Management Maps Voice Framework Service Web technologies NFC & sensors User & network information Web Web Background Mobile Sensor Mobile Network Tag Tool Connectivity EventSource Service Actuator Link Identification Probe Web Device Mobile Network Distributed Web Real-Time Real- Sensor Networking Connectivity Shared Memory Communication Application Platform Look-up Look- Machine learning Media and graphics Face Cluster Text-to-Speech Text- to- Detector Constructor © Ericsson AB 2010 | Page 2
  • 3. Mobile Web Security Bootstrap › The SIM is commonly used for getting cellular access, mobile connectivity and access to some mobile services › The SIM proven security features can also be used for securing any mobile web applications › This service provides an API for establishing a secret key between mobile web clients and web applications © Ericsson AB 2010 | Page 3
  • 4. Why Mobile Web Security Bootstrap? › Security – As secure as SIM › Standard – Based on industry standard › Acceptance – Many standardized applications › Convenience – Transparent to users › Extensibility – Any applications can exploit the SIM © Ericsson AB 2010 | Page 4
  • 5. Main Features › Based on 3GPP industry standard Generic Bootstrapping Architecture › Client and server Web/Java APIs available and documented with examples › HTTP interfaces › Soft client available to allow focusing on the development of the network side of the web application © Ericsson AB 2010 | Page 5
  • 6. Overview Mobile Web › Ub interface – Mobile client uses Network Application Server Network Application API to bootstrap a master secret Application key Ua Zn › Ua interface – Mobile Web Client uses API to derive application- * HTTP specific master key Mobile › Zn interface – Mobile Web Bootstrap Web Client Application Server uses API to Ub Server obtain the corresponding Bootstrap application-specific master key Client HTTP At the end of the API usage Subscriber transactions the client and server Database share an application-specific secret-key Mobile Web Client MWSB Mobile Web Security Bootstrap © Ericsson AB 2010 | Page 6
  • 7. Java Client API › Soft Client API provided for focusing on server application › Example showing how to establish a shared key // Create soft client with user identity and permanent key GbaClient softclient = new GbaClient(myID, myKey); // Bootstrap client with master key. btid is the handler. String btid = softclient.bootstrap(); // Derive application-specific key to be shared with app server byte[] appKey = softclient.getKsNaf(app_Fqdn); // Use the app key for HTTP Digest Authentication boolean authResult = runUaHttpDigest(app_URL, btid, appKey); © Ericsson AB 2010 | Page 7
  • 8. Java Server API › API towards mobile client and API towards MWSB › Servlet example showing how to establish a shared key // Applicatin Servlet doGet() // Create application context with Labs authorization API key GbaNaf app = new GbaNaf(myFqdn, myApiKey) // Parse GET authorization headers & fetch btid (key Handler) Authorization authz = Authorization.parse(authorizationHeader); String btid = authz.getUsername(); // Derive the application-specific key to be shared with client appKey = app.getKsNaf(btid); // Use the shared key to authenticate the mobile client Digest.verify(authorization, appKey) © Ericsson AB 2010 | Page 8
  • 9. Possible applications Identity Management Authentication Single Sign-On Integrity Confidentiality Key Management © Ericsson AB 2010 | Page 9
  • 10. © Ericsson AB 2010 | Page 10