T68i
White Paper, April 2002
23
stored at the client side and a trusted certificate
stored at the server side.
A Wireless Identity Module (WIM) can contain
both trusted and client certificates, private keys
and algorithms needed for WTLS handshaking,
encryption/decryption and signature generation.
The WIM module can be placed on a SIM card
and is then referred to as a SWIM card.
Certificates
To use secure connections, the user needs to
have certificates stored in the phone. There are
two types of certificates:
•
Trusted certificate
A certificate that guarantees that a WAP
site is genuine. If the phone has a stored
certificate of a certain type, it means that
the user can trust all WAP gateways that
use the certificate. Trusted certificates can
be pre-installed in the phone, in the SWIM
or they can be downloaded from the
trusted supplier’s WAP page.
•
Client certificate
A personal certificate that verifies the
user’s identity. A bank that the user has a
contract with may issue this kind of certifi-
cate. Client certificates can be pre-
installed in the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN
codes) for a SWIM, which protect the
subscription from unauthorized use. The PIN
codes should typically be provided by the
supplier of the SWIM.
•
Access lock
An access lock protects the data in the
WIM. The user is asked to enter the PIN
code the first time the SWIM card is
accessed when establishing a connection.
•
Signature lock
A signature lock is used for confirming
transactions, much like a digital signature.
In the T68i, the user can check which
transactions have been made with the phone
when browsing. Each time the user confirms a
transaction with a signature lock code, a
contract is stored in the phone. The contract
contains details about the transaction.
Configuration of WAP
settings
An easy way to perform WAP configuration in the
T68i is to use the step-by-step WAP configurator
available on http://
www.SonyEricssonMobile.com. The configurator
utilizes OTA provisioning.
Manual configuration is done using the menu
system in the phone. This is described in the
User’s Guide.
Over-the-air provisioning of WAP
settings
To simplify the configuration of WAP settings in
the T68i, all settings can be sent to the phone as
an SMS message. This makes it easy for an
operator, a service provider or a company to
distribute settings for Internet/intranet, and WAP,
without the user having to configure the phone
manually. This also makes it easy to upgrade
services, as no manual configuration is required.
•
The OTA configuration message is distrib-
uted via SMS point-to-point.
•
The setup information is a binary encoded
XML message (WBXML). To receive infor-
mation about OTA specifications, please
contact your local Sony Ericsson repre-
sentative for consumer products. A config-
urator that utilizes OTA provisioning can be
tested on www.SonyEricssonMobile.com.
•
The user is alerted about new settings
when the ongoing browsing session ends.
Settings are not changed during an ongo-
ing browsing session.
•
User interaction is limited to receiving and
accepting/rejecting the configuration mes-
sage, and selecting which WAP profile to
allocate the settings to.
•
Security can be handled using a keyword
identifier displayed on the screen as a
shared secret between the SMS sender
and recipient. It is important that the user
can verify that the configuration message
is authentic.
Push services
Examples of WAP services that can be pushed
include:
•
Notification of new e-mail, voice mail, etc.
•
News, sports results, weather forecasts,
Summary of Contents for T68i
Page 1: ...T68i T68ie April 2002 ...