Operation Manual
Wireless Security White Paper 22
Infowave
Infowave provides an encrypted end-to-end security model from the mobile user through the
wireless data network and Internet to the corporate server. Infowave is a gateway solution that
controls all traffic to and from wireless users. Infowave requires that a single configurable port be
opened in the firewall and set up as follows:
• The port must allow only User Datagram Protocol (UDP) traffic.
5
• The port must admit traffic only to the machine that is running the Wireless Business Engine
(the Wireless Business Engine is the only software listening to the port). In addition,
incoming packets must be encrypted with the server’s public key, and must contain a valid
logon packet with NTLM logon credentials to be processed. Otherwise, the packets are
discarded.
The Infowave security model is based on the following elements:
• Authentication — proves the identity of the user
• Authorization — determines what the user is allowed to do
• Encryption — assures the privacy of transmissions
• Data Integrity — assures that the information has not been altered
• Non-Repudiation — prohibits the user from denying the transmission after the fact
Figure 11 illustrates the Infowave security flow.
Figure 11: Infowave Security Flow
More detail on each element of the security model follows.
5
UDP is an alternative to Transmission Control Protocol -- TCP, and does not provide the service of dividing messages into packets
and reassembling them at the receiving end. It is useful when very small messages are exchanged.
Client S erver
Encrypt DESX Session
Key, NTLM Token,
Configuration Information
Decrypt DESX Session
Key, NT LM Authentication
Call, S end NT LM Token2
ECC
DESX
DESX
DESX
Authenticate NT LM T oken
2, Key, Send NTLM Token
3
Authenticate NT LM T oken
3, S end S ucces s or F ailure
Status
Authentication Complete,
Ready to S end Data
DESX
Send and Receive Session
Data
Send and Receive Session
Data