iApplianceWeb-OEG

Sponsor-Editors Sites
• iApplianceReview
• Appliance-Lab
• CyberNode Appliances
• VideoIP Services
• Energy Gateways
• Metering & Appliances
• Netcentric Community
• Techrite Associates

EETimes Sites
• EE TIMES
• EE TIMES ASIA
• EE TIMES CHINA
• EE TIMES FRANCE
• EE TIMES GERMANY
• EE TIMES KOREA
• EE TIMES TAIWAN
• EE TIMES UK

EETimes Network Sites
• CommsDesign
• iApplianceWeb.com
• Microwave Engineering
• EEdesign
• Deepchip.com
• Design & Reuse
• Embedded.com
• Embedded Edge
• Elektronik i Norden
• Planet Analog
• Silicon Strategies

• Byte
• ChannelWeb
• CMP
• CommWeb
• Com. Convergence
• CRN
• Conferences and Events
• DB2
• Dr. Dobbs Journal
• DV.Com
• EBN
• EBN China
• eeProductCenter
• Electronics Express
• Electronics Express
• Internet Week
• Network Computing
• Network Magazine
• NetSeminar Services
• QuestLink
• TechWeb
• VAR Business
• Windows Developer

Nokia Brings Smart Card Support to VPNs

By Veronica Hendricks
iApplianceWeb
(08/28/01, 09:46:25 AM EDT)

Nokia's newest release features enhancements in the remote access, PKI, and management functionality of the whole line of Nokia VPN appliances. Specific enhancements include smart card support, external PKI support for increased functionality, and remote client support for IPSec over NAT (Network Address Translation).

Smart cards are now being leveraged for use with VPNs for remote user authentication to provide a secure, convenient alternative to storing digital certificates and susceptible information on computer hard drives. Nokia's VPN smart card implementation lets mobile users connect to a Nokia VPN Gateway by inserting their personal smart cards into their computers' card readers and entering their PIN codes. An encrypted tunnel to the corporate network is created immediately by the Nokia VPN client software, which leverages the digital certificates on the smart cards. As all confidential authentication details reside on the smart cards instead of the computers themselves, unauthorized access is effectively prohibited.

The Nokia VPN uses Setec's SetCOS PKI smart card, an ISO standard multi-application card with 16 KB of EEPROM for applications. It supports 1024 bit RSA keys, and both RSA key generation and RSA calculation are handled completely inside the card, thereby never compromising the sensitive private RSA keys.

Another significant upgrade to the Nokia VPN solution is that Nokia VPN gateways and clients now operate across networks that perform network address translation (NAT). This enhancement allows mobile users to dial into the network from remote sites of varying networking environments, such as hotels and airports. Previously, remote VPN connections from behind a NAT device have been impossible due to converted IP address information.

In addition to support for smart cards and IPSec over NAT, Nokia has also added the following software enhancements:

Simplified VPN management -- upgraded management tools featuring auditing and SNMP enhancements.
Automatic retrieval of Certificate Revocation Lists (CRLs) from Certificate Authorities (CA) for checking if certificates used in a Nokia VPN are valid.
On-line certificate enrollment for Nokia VPN Gateways and Clients -- gateways and clients can obtain a digital certificate online by sending their public key directly to a CA using SCEP (simple certificate enrollment protocol).
Connection to Nokia VPN Gateways for remote users relying on the Linux FreeS/WAN IPSec V1.8 implementation.
The Nokia dedicated VPN tools consist of the Nokia VPN Client software, Nokia VPN Policy Manager, and the Nokia VPN Gateways, including CC5205, CC5200, CC2500, and CC500 models.
Nokia's enhanced VPN offering will be available on the entire portfolio of the dedicated Nokia VPN appliances (CC500, CC2500, CC5200, CC5205) in early September 2001 in North America, Europe, and Asia-Pacific.
List:
Nokia