January 16, 2001, 9:15 AM — Computer maker Hewlett-Packard and mobile phone company Nokia have integrated HP's Praesidium Virtualvault security software with the Nokia Activ server, in an effort to provide a secure platform for businesses to conduct wireless transactions.
The U.S. Department of Defense classifies the server's security at the maximum level allowed in civilian systems, said Daniel Dorr, HP's director for worldwide business development and wireless.
HP's security works in a partitioned runtime environment. "The vault passes your transaction to the back-end system. Users have no direct access to the applications and no direct access to the data," Dorr said.
Analysts have warned that Wireless Access Protocol Version 1.1, has a small, but real, security vulnerability at its gateway server -- the server decrypts wireless transmissions for a moment before re-encrypting them for the wired network. A cunning hacker could use the gateway server to steal data.
The integrated server security system uses Virtualvault on Nokia's server to defeat that vulnerability, Dorr said.
"One of the virtues of the vault is that you can't administer it from the outside," he said. The only way for a hacker to watch the server with a sniffer -- a tool for watching account activities -- is to be physically present, he said, adding that it's not possible for a single account to access the whole system.
Pricing for the integrated server system wasn't immediately available, but entry-level Virtualvault software starts at $40,000, Dorr said.