Unlike UMTS and LTE, it looks like WiMAX will not make use of SIM cards but instead embedded authentication information directly in the device. In a world where only private keys are used, this would bind the device to an operator, i.e. a nice look-in scheme. WiMAX however, uses X.509 certificates issued by a certificate authority. If I understand things right, operator look-in of a device is then decided by whether the public key of the certificate authority is known in public or not. It looks like Verisign for example issues X.509 certificates for WiMAX. Now my big question now is: Are the public keys of certificate authorities used for generating WiMAX X.509 certificates public knowledge? Anyone?
« Getting Internet Access with '3' in the U.K. | Main | Oxford Tech Conference Roundup »
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c34f69e200e551f2adb28834
Listed below are links to weblogs that reference WiMAX Certificate Authorities:
Comments
The comments to this entry are closed.
The Books to this Blog
My Pictures on Flickr
www.flickr.com 
More of martin.sauter's photos
Android Cell Logger App
Learning Section Answers
Recent Posts
- A WebRTC Client as a Skype Alternative
- Is Powerline A Magic Bullet When The Wi-Fi Link Is Too Slow?
- BrickPi Over at Kickstarter
- SqueezePlug on the Raspberry Pi
- Android Stability: Over 1000 Hours to Reboot
- Remote Cloud Reset with a GSM Power Socket
- A Raspberry Pi, Asterisk and Ekiga a Skype Alternative?
- A Raspberry Pi as a GSM Gateway
- I've Seen A Foreign ownCloud
- International Bandwidth Equalization
Blogroll
Misc
- Clicky
Copyright
- (c) 2005-2013 Martin Sauter - All rights reserved
I think they'd have to be.
Given the point of public keys, most infrastructure makes no effort to hide them - this is the part that's allowed to travel unencrypted to establish encryption for subsequent communication.
If Verisign (or any cert authority) issues client certificates for which the root and its public key are kept secret (only issued to one telco), then the telco may as well just issue their own certificates at no cost.
Even then, I expect the public keys of individual devices could be retrieved or intercepted for the purpose of being identified and trusted by another WiMAX provider.
Posted by: swordfishBob | April 20, 2008 at 12:38 AM
Hi!
I am just not sure about all of this... In theory, Verisign could offer the service for operators who would like to keep things to themselves and keep the public key of the certificate authority to itself to prevent customers from going somewhere else. The reason for this could be that operators wouldn't want to invest in a device for key generation? Your guess is as good as mine.
I agree with you on the point of just using the public key of the user device. As far as I understand the mechanism, it could work. For example: The first time the device tries to get access to the network, the AAA database takes note of the public key and the MAC address of the device. That combination can't be forged later on. Since the combination cannot be verified without the CA's public key, the subscriber could be redirected to a landing page to give his credit card details to gain access. Next time he comes back the system recognizes him, grants access automatically or redirects him again to the landing page.
However, just my best guess at this point. Some further insight is very welcome...
Cheers,
Martin
Posted by: Martin | April 20, 2008 at 06:24 PM