White paper
Sony Ericsson P1
35
May 2007
The Internet protocols that handle the connection,
its transport and its security are structured in
protocol layers. The security is handled by the TLS
layer operating above the transport protocol layer.
There are three TLS classes that define the levels
of security for a TLS connection:
• Anonymous TLS involves encryption with no
authentication.
• Server authentication involves encryption with
server authentication.
√
`äáÉåí=~ìíÜÉåíáÅ~íáçå=áåîçäîÉë=ÉåÅêóéíáçå=ïáíÜ=
ÄçíÜ=ëÉêîÉê=~åÇ=ÅäáÉåí=~ìíÜÉåíáÅ~íáçå
Certificates
To use secure connections, the user needs to have
certificates saved in the phone. Certificates can be
downloaded and installed when required. There are
two types of certificates:
Sony Ericsson P1 comes preinstalled with X.509
certificates from Baltimore, Entrust, Geotrust,
GlobalSign, GTE Cybertrust, RSA, Sony Ericsson,
Thawte and VeriSign.
RSS feeds
RSS provides a way for Web sites to distribute their
content outside of a Web browser. A news Web
site might have an RSS feed which contains
breaking stories, while a magazine Web site may
provide an RSS feed with excerpts of their latest
articles.
An RSS feed is a file containing a list of news items,
each of which has a title, a description and a URL
link for more information on the content provider's
Web site.
With the RSS Feeds application the user gets
information from the Internet into an easy-to-view
format without browsing the Web sites. The user
can browse information from dozens – or hundreds
– of Web sites without ever visiting them.
RSS Feeds includes the following features:
• Subscription.
• Update feeds manually or via a predefined
schedule.
• Organize feeds into folders.
• Read news items.
• Send a news item to another device via an infra-
red, WLAN, USB or Bluetooth connection, or via
email.
• Link to more information via the Web browser.
Server
authentication
Requires a server certificate
stored at the server side and a
trusted certificate stored at the
client side.
Client
authentication
Requires a client certificate
stored at the client side and a
trusted certificate stored at the
server side.
Certificate
authority
A trusted certificate used to
verify that a Web site is genuine.
If the phone has a stored
trusted certificate of a certain
type, it means the user can trust
all Web sites which present a
certificate that can be verified
by the trusted certificate.
Certificates are preinstalled in
the phone and can be
downloaded from the trusted
supplier's Web page.
User
certificate
A personal certificate that
verifies the user's identity. A
bank that the user has a
contract with may issue this
kind of certificate.