Certificate Authority Vendors
In the Wi-Fi CERTIFIED Passpoint® certification program, mobile devices use Online Sign-Up (OSU) to accomplish registration and credential provisioning to obtain secure network access. Each Service Provider network has an OSU Server, an AAA Server, and access to a certificate authority (CA). A CA is a collection of computer hardware, software, and the people who operate it. The CA is known by two attributes: its name and its public key. One of the requirements for a mobile device and the hotspot to trust each other is that the OSU Server shall hold a certificate signed by a Certificate Authority whose root certificate is issued by one of the CAs authorized by Wi-Fi Alliance, and that these trusted root CA certificates are installed on the mobile device. A CA performs four basic CA functions:
- Issues certificates (i.e., creates and signs them)
- Maintains certificate status information and issues Certificate Revocation Lists (CRLs)
- Publishes its current (unexpired) certificates and CRLs so users can obtain the information they need to implement security services
- Maintains archives of status information about the expired or revoked certificates it issued
Certificates are governed by the Wi-Fi CERTIFIED Passpoint Online Sign-Up Certificate Policy Specification. An OSU server certificate should be obtained from any of the CAs authorized by Wi-Fi Alliance as listed below.
Kyrio
Kyrio provides globally managed Public Key Infrastructure (PKI) services trusted by industry leading network service providers, device manufacturers and enterprises across broadband, video, Passpoint and OpenADR smart grid ecosystems. Kyrio’s 15+ years of successful experience includes PKI governance, technology management, and operations. Working closely with device manufacturers to securely implement PKI in their products, Kyrio’s heritage stems from in-depth experience creating and designing PKI-based security models in industry specifications and standards. Kyrio is a wholly-owned subsidiary of CableLabs.