The document discusses the feasibility of unified security architectures for web and WAP-based services. It analyzes application and infrastructure aspects, finding that transport-bound security, information-bound security, and security tokens can be integrated. With advances in WAP 2.0, web and WAP security may be largely unified at the application level, while infrastructure-level requirements like WPKI can be accommodated at the network border. This allows businesses to avoid investing in separate security infrastructures for web and WAP services.

1. Unified Security Architectures for Web and WAP: Vision or Fiction? Oliver Pfaff Siemens AG

3. Service frontend E-/M-Business service User agent PSTN IP network Considered E-/M-Business Architecture PSTN Intranet Network operator Home, hotel ,... Office Mobile Business logic Service backend Service portals E-/M-Business transaction span

7. Client-Specific Authentication Services E-/M-Business service User agent PKI ‘ Application plane’ ‘ Infrastructure plane’ PKCS#11 MS-CAPI WIM Sign Security token Signed nonce (WTLS) Signed text (WMLScript Crypto) Sign Signed nonce (SSL/TLS) Signed text (PKCS#7) Sign Security module Validate Entity-ID (PKI domain) Entity-ID (E-/M-Business domain)

9. ICC-Based WIM Options WPKI domain E-/M-Business owner concerns WIM owner E-/M-Business’s discretion May security tokens and PKI be deployed for Web and WAP services simultaneously? E-/M-Business’s discretion Operator’s discretion May WIM resources be re-used for Web applications? Wireless operator Integrated SIM/WIM card SIM plus WIM via internal secondary reader (dual-slot) SIM plus WIM via external reader

16. AID Application ID API Application Programming Interface CA Certification Authority CMS Cryptographic Message Syntax CSD Circuit Switched Data DF Dedicated File DMZ De-Militarized Zone EF Elementary File HTTP Hypertext Transfer Protocol ICC Integrated Circuit Card ID Identifier IETF Internet Engineering Task Force IP Internet Protocol ISO International Standards Organization MF Master File MIME Multipurpose Internet Mail Extensions MS Microsoft MS-CAPI MS Cryptographic API MS-CSP MS Cryptographic Service Provider PC/SC Personal Computer/Smart Card PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PKIX PKI-X.509 Abbreviations POP Proof Of Possession PPP Point-to-Point Protocol PSE Personal Security Environment PSTN Public Switched Telephone Network RA Registration Authority RFC Request For Comment SIM Subscriber Identity Module SSL Secure Sockets Layer TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol URL Uniform Resource Locator W3C World Wide Web Consortium WAP Wireless Application Protocol WIM Wireless Identity Module WML Wireless Markup Language WMLScript WML Script WPKI Wireless PKI WSP Wireless Session Protocol WTP Wireless Transaction Protocol WTLS Wireless TLS WWW World Wide Web

17. Author Information Dr. Oliver Pfaff Siemens AG Information and Communication Networks Charles-De-Gaulle-Str. 2 D-81730 Munich E-Mail: oliver.pfaff@icn.siemens.de Telephone: +49.89.722.53227 Mobile: +49.172.8250805