SlideShare una empresa de Scribd logo

Mobile Web Security Bootstrap on Ericsson Labs

Ericsson Labs
Ericsson Labs

The Mobile Web Security Bootstrap (MWSB) API can be used to establish shared secret keys between an application server and a mobile web client. The key can be used to secure mobile applications that, for instance, require authentication, data confidentiality and integrity, and single sign on.

Tecnología
1 de 10
Descargar para leer sin conexión
Mobile Web Security Bootstrap A labs.ericsson.com API http://labs.ericsson.com/apis/mobile-web-security-bootstrap/
ericsson labs APIs Maps & positioning communication security Mobile Mobile SMS Send & Mobile Group Voice Mobile Web Security Oauth2 Location Maps Receive Push Mixer Bootstrap CAPTCHA Framework Web Async Identity Management Key Management Maps Voice Framework Service Web technologies NFC & sensors User & network information Web Web Background Mobile Sensor Mobile Network Tag Tool Connectivity EventSource Service Actuator Link Identification Probe Web Device Mobile Network Distributed Web Real-Time Real- Sensor Networking Connectivity Shared Memory Communication Application Platform Look-up Look- Machine learning Media and graphics Face Cluster Text-to-Speech Text- to- Detector Constructor © Ericsson AB 2010 | Page 2
Mobile Web Security Bootstrap › The SIM is commonly used for getting cellular access, mobile connectivity and access to some mobile services › The SIM proven security features can also be used for securing any mobile web applications › This service provides an API for establishing a secret key between mobile web clients and web applications © Ericsson AB 2010 | Page 3
Why Mobile Web Security Bootstrap? › Security – As secure as SIM › Standard – Based on industry standard › Acceptance – Many standardized applications › Convenience – Transparent to users › Extensibility – Any applications can exploit the SIM © Ericsson AB 2010 | Page 4
Main Features › Based on 3GPP industry standard Generic Bootstrapping Architecture › Client and server Web/Java APIs available and documented with examples › HTTP interfaces › Soft client available to allow focusing on the development of the network side of the web application © Ericsson AB 2010 | Page 5
Overview Mobile Web › Ub interface – Mobile client uses Network Application Server Network Application API to bootstrap a master secret Application key Ua Zn › Ua interface – Mobile Web Client uses API to derive application- * HTTP specific master key Mobile › Zn interface – Mobile Web Bootstrap Web Client Application Server uses API to Ub Server obtain the corresponding Bootstrap application-specific master key Client HTTP At the end of the API usage Subscriber transactions the client and server Database share an application-specific secret-key Mobile Web Client MWSB Mobile Web Security Bootstrap © Ericsson AB 2010 | Page 6
Java Client API › Soft Client API provided for focusing on server application › Example showing how to establish a shared key // Create soft client with user identity and permanent key GbaClient softclient = new GbaClient(myID, myKey); // Bootstrap client with master key. btid is the handler. String btid = softclient.bootstrap(); // Derive application-specific key to be shared with app server byte[] appKey = softclient.getKsNaf(app_Fqdn); // Use the app key for HTTP Digest Authentication boolean authResult = runUaHttpDigest(app_URL, btid, appKey); © Ericsson AB 2010 | Page 7
Java Server API › API towards mobile client and API towards MWSB › Servlet example showing how to establish a shared key // Applicatin Servlet doGet() // Create application context with Labs authorization API key GbaNaf app = new GbaNaf(myFqdn, myApiKey) // Parse GET authorization headers & fetch btid (key Handler) Authorization authz = Authorization.parse(authorizationHeader); String btid = authz.getUsername(); // Derive the application-specific key to be shared with client appKey = app.getKsNaf(btid); // Use the shared key to authenticate the mobile client Digest.verify(authorization, appKey) © Ericsson AB 2010 | Page 8
Possible applications Identity Management Authentication Single Sign-On Integrity Confidentiality Key Management © Ericsson AB 2010 | Page 9
© Ericsson AB 2010 | Page 10

Recomendados

Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture webinos project
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
 
webinos - Architecture and Strategy
webinos - Architecture and Strategywebinos - Architecture and Strategy
webinos - Architecture and Strategywebinos project
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 

Recomendados

Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture Issues in the Web Application Landscape and webinos Architecture
Issues in the Web Application Landscape and webinos Architecture webinos project
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
 
webinos - Architecture and Strategy
webinos - Architecture and Strategywebinos - Architecture and Strategy
webinos - Architecture and Strategywebinos project
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsEricsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]moirajacobs
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudJoe Drumgoole
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
Company Profile
Company ProfileCompany Profile
Company ProfileDenny Charter
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)Phil Windley
 
Salesforce touch
Salesforce touchSalesforce touch
Salesforce touchSiva Vittala
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile bankingbkraft
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App EnablementCA API Management
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudydheerajkureel
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019Goran Angelov
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Intranets and Extranets
Intranets and Extranets Intranets and Extranets
Intranets and Extranets We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchEricsson Labs
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsEricsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs
 

Más contenido relacionado

La actualidad más candente

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsEricsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]moirajacobs
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudJoe Drumgoole
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkPaul Madsen
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demandpjpallen
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)Phil Windley
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile bankingbkraft
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App EnablementCA API Management
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudydheerajkureel
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareNeil Costigan
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019Goran Angelov
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 

La actualidad más candente (18)

Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConference
 
Web Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson LabsWeb Device Connectivity on Ericsson Labs
Web Device Connectivity on Ericsson Labs
 
Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]Jan20 mb sintro [compatibility mode]
Jan20 mb sintro [compatibility mode]
 
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The CloudSimplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
Simplifying Enterprise Mobility - Powering Mobile Apps from The Cloud
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
 
Mobile Native OAuth Decision Framework
Mobile Native OAuth Decision FrameworkMobile Native OAuth Decision Framework
Mobile Native OAuth Decision Framework
 
Signify Passcode On Demand
Signify Passcode On DemandSignify Passcode On Demand
Signify Passcode On Demand
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
Context Automation (with video demos)
Context Automation (with video demos)Context Automation (with video demos)
Context Automation (with video demos)
 
Salesforce touch
Salesforce touchSalesforce touch
Salesforce touch
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
End to end content managed online mobile banking
End to end content managed online mobile bankingEnd to end content managed online mobile banking
End to end content managed online mobile banking
 
API Management and Mobile App Enablement
API Management and Mobile App EnablementAPI Management and Mobile App Enablement
API Management and Mobile App Enablement
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudy
 
BehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshareBehavioSec Web Summit START slideshare
BehavioSec Web Summit START slideshare
 
Datapower it sec2019
Datapower it sec2019Datapower it sec2019
Datapower it sec2019
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Intranets and Extranets
Intranets and Extranets Intranets and Extranets
Intranets and Extranets
 

Destacado

Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchEricsson Labs
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsEricsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsEricsson Labs
 
Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Ericsson Labs
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsEricsson Labs
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 

Destacado (8)

Ericsson Application Awards 2011
Ericsson Application Awards 2011Ericsson Application Awards 2011
Ericsson Application Awards 2011
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson Research
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson Labs
 
Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010Understanding Smartphone Traffic - DroidCon 2010
Understanding Smartphone Traffic - DroidCon 2010
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson Labs
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIs
 

Similar a Mobile Web Security Bootstrap on Ericsson Labs

Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!espheresecurity
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Tor Björn Minde
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
Netbiscuits V2 16 English
Netbiscuits V2 16 EnglishNetbiscuits V2 16 English
Netbiscuits V2 16 EnglishOtt1967
 
Building reliable systems from unreliable components
Building reliable systems from unreliable componentsBuilding reliable systems from unreliable components
Building reliable systems from unreliable componentsArnon Rotem-Gal-Oz
 
Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement CA API Management
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Servicesukdpe
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformService2Media
 
ServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoInventit Inc.
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsJames Pearce
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideCA API Management
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013Sanjeev Sharma
 
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Seo Jinho
 
Hybrid Mobile Application Framework
Hybrid Mobile Application FrameworkHybrid Mobile Application Framework
Hybrid Mobile Application Framework동수 장
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Developing with Windows Live
Developing with Windows LiveDeveloping with Windows Live
Developing with Windows Livegoodfriday
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services PlatformDavid Chou
 

Similar a Mobile Web Security Bootstrap on Ericsson Labs (20)

Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop
 
Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!Mobile Application Security – Effective methodology, efficient testing!
Mobile Application Security – Effective methodology, efficient testing!
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network Service
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
 
Netbiscuits V2 16 English
Netbiscuits V2 16 EnglishNetbiscuits V2 16 English
Netbiscuits V2 16 English
 
Building reliable systems from unreliable components
Building reliable systems from unreliable componentsBuilding reliable systems from unreliable components
Building reliable systems from unreliable components
 
Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement Mobile is the New Face of Customer Engagement
Mobile is the New Face of Customer Engagement
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle Platform
 
ServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpoServiceSync Overview at CloudExpo
ServiceSync Overview at CloudExpo
 
T04f
T04fT04f
T04f
 
HTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applicationsHTML5 and the dawn of rich mobile web applications
HTML5 and the dawn of rich mobile web applications
 
API Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to GuideAPI Management for Enterprise Mobile Access a How-to Guide
API Management for Enterprise Mobile Access a How-to Guide
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013
 
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
Windows Phone 7.5 와 Windows 8 메트로 스타일 앱 개발
 
Hybrid Mobile Application Framework
Hybrid Mobile Application FrameworkHybrid Mobile Application Framework
Hybrid Mobile Application Framework
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
Developing with Windows Live
Developing with Windows LiveDeveloping with Windows Live
Developing with Windows Live
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
 

Más de Ericsson Labs

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Ericsson Labs
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson Labs
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Ericsson Labs
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation Ericsson Labs
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Labs
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020Ericsson Labs
 
3D visual communication
3D visual communication3D visual communication
3D visual communicationEricsson Labs
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationEricsson Labs
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked CloudEricsson Labs
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked SocietyEricsson Labs
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected MegacityEricsson Labs
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked SocietyEricsson Labs
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyEricsson Labs
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003Ericsson Labs
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Ericsson Labs
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsEricsson Labs
 
HTML5 impact on application programming
HTML5 impact on application programmingHTML5 impact on application programming
HTML5 impact on application programmingEricsson Labs
 

Más de Ericsson Labs (18)

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020
 
3D visual communication
3D visual communication3D visual communication
3D visual communication
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson Collaboration
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked Cloud
 
Exploring Big Data
Exploring Big DataExploring Big Data
Exploring Big Data
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked Society
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected Megacity
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked Society
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked Society
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson Labs
 
HTML5 impact on application programming
HTML5 impact on application programmingHTML5 impact on application programming
HTML5 impact on application programming
 

Último

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Mobile Web Security Bootstrap on Ericsson Labs

  • 1. Mobile Web Security Bootstrap A labs.ericsson.com API http://labs.ericsson.com/apis/mobile-web-security-bootstrap/
  • 2. ericsson labs APIs Maps & positioning communication security Mobile Mobile SMS Send & Mobile Group Voice Mobile Web Security Oauth2 Location Maps Receive Push Mixer Bootstrap CAPTCHA Framework Web Async Identity Management Key Management Maps Voice Framework Service Web technologies NFC & sensors User & network information Web Web Background Mobile Sensor Mobile Network Tag Tool Connectivity EventSource Service Actuator Link Identification Probe Web Device Mobile Network Distributed Web Real-Time Real- Sensor Networking Connectivity Shared Memory Communication Application Platform Look-up Look- Machine learning Media and graphics Face Cluster Text-to-Speech Text- to- Detector Constructor © Ericsson AB 2010 | Page 2
  • 3. Mobile Web Security Bootstrap › The SIM is commonly used for getting cellular access, mobile connectivity and access to some mobile services › The SIM proven security features can also be used for securing any mobile web applications › This service provides an API for establishing a secret key between mobile web clients and web applications © Ericsson AB 2010 | Page 3
  • 4. Why Mobile Web Security Bootstrap? › Security – As secure as SIM › Standard – Based on industry standard › Acceptance – Many standardized applications › Convenience – Transparent to users › Extensibility – Any applications can exploit the SIM © Ericsson AB 2010 | Page 4
  • 5. Main Features › Based on 3GPP industry standard Generic Bootstrapping Architecture › Client and server Web/Java APIs available and documented with examples › HTTP interfaces › Soft client available to allow focusing on the development of the network side of the web application © Ericsson AB 2010 | Page 5
  • 6. Overview Mobile Web › Ub interface – Mobile client uses Network Application Server Network Application API to bootstrap a master secret Application key Ua Zn › Ua interface – Mobile Web Client uses API to derive application- * HTTP specific master key Mobile › Zn interface – Mobile Web Bootstrap Web Client Application Server uses API to Ub Server obtain the corresponding Bootstrap application-specific master key Client HTTP At the end of the API usage Subscriber transactions the client and server Database share an application-specific secret-key Mobile Web Client MWSB Mobile Web Security Bootstrap © Ericsson AB 2010 | Page 6
  • 7. Java Client API › Soft Client API provided for focusing on server application › Example showing how to establish a shared key // Create soft client with user identity and permanent key GbaClient softclient = new GbaClient(myID, myKey); // Bootstrap client with master key. btid is the handler. String btid = softclient.bootstrap(); // Derive application-specific key to be shared with app server byte[] appKey = softclient.getKsNaf(app_Fqdn); // Use the app key for HTTP Digest Authentication boolean authResult = runUaHttpDigest(app_URL, btid, appKey); © Ericsson AB 2010 | Page 7
  • 8. Java Server API › API towards mobile client and API towards MWSB › Servlet example showing how to establish a shared key // Applicatin Servlet doGet() // Create application context with Labs authorization API key GbaNaf app = new GbaNaf(myFqdn, myApiKey) // Parse GET authorization headers & fetch btid (key Handler) Authorization authz = Authorization.parse(authorizationHeader); String btid = authz.getUsername(); // Derive the application-specific key to be shared with client appKey = app.getKsNaf(btid); // Use the shared key to authenticate the mobile client Digest.verify(authorization, appKey) © Ericsson AB 2010 | Page 8
  • 9. Possible applications Identity Management Authentication Single Sign-On Integrity Confidentiality Key Management © Ericsson AB 2010 | Page 9
  • 10. © Ericsson AB 2010 | Page 10