Ericsson T39 manual Security Using WAP, Certificates, WIM Locks PIN Codes

Page 15

Security Using WAP

When using certain WAP services the user may want a secure connection between the phone and the WAP gateway, for example when using banking services. An icon in the display indi- cates when a secure connection is used. The T39 is based on the WAP June2000 (WAP 1.2.1) specifications where security functionality is specified with a technology called Wireless Trans- port Layer Security (WTLS).

The WAP protocols that handle the connection, its transport and its security are structured in protocol layers. The security is handled by the WTLS layer operating above the transport proto- col layer. There are WTLS classes that define the levels of security for a WTLS connection:

WTLS class 1 involves encryption with no authentication.

WTLS class 2 involves encryption with server authentication.

WTLS class 3 involves encryption with both server and client authentication

Server authentication

Requires a server certificate stored at the server side and a root certifi-

 

cate stored at the client side.

Client authentication

Requires a client certificate stored at the client side and a trusted certif-

 

icate stored at the server side.

A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys and algorithms needed for WTLS handshaking, encryption/decryption and signature generation. The WIM module can be placed on a SIM card and will then be referred to as a SWIM card.

Certificates

To use secure connections, the user needs to have certificates saved in the phone. There are two types of certificates:

Trusted certificate

A certificate that guarantees that a WAP site is genuine. If the phone

 

has a stored certificate of a certain type, it means the user can trust all

 

WAP gateways that use the certificate. Trusted certificates can be pre-

 

installed in the phone, pre-installed in the SWIM, or downloaded from

 

the trusted supplier’s WAP page.

Client certificate

A personal certificate that verifies the user’s identity. A bank that the

 

user has a contract with may issue this kind of certificate. Client certif-

 

icates can be pre-installed in the SWIM card.

WIM Locks (PIN Codes)

There are two types of WAP security locks (PIN codes) for the WIM on SIM. The locks protect the subscription from unauthorized use when browsing. The locks should typically be supplied from the supplier of the SWIM.

Access lock

An access lock protects the data in the WIM. The user is asked to enter

 

the PIN code the first time the SWIM card is accessed when establish-

 

ing a connection.

Signature lock

A signature lock is used for confirming transactions - like a digital sig-

 

nature.

In the T39, the user can check which transactions have been made with the phone when brows- ing. Each time the user confirms a transaction with a signature lock code, a contract is saved in the phone. The contract contains details about the transaction.

15

Page 14 Page 16
Image 15
Page 14 Page 16
Contents Mobile Phone T39 White Paper Page Contents Appendix Technical Specifications Purpose Of This Document PrefaceSynchronization T39 Powerfully Attractive And Always OnlineBluetooth wireless technology Product OverviewFunctions And Features For Productivity Bluetooth Bluetoothtm Wireless TechnologyUsing Bluetooth Wireless Technology In The T39 Gprs General Packet Radio ServicesUsing Gprs In The T39 Using WAP In The T39 WAP ServicesCompany network for their users SMS Access Bearer Type CharacteristicsGprs Access GSM Data AccessSecurity Using WAP CertificatesWIM Locks PIN Codes Service Indication SI Over-The-Air Provisioning Of WAP SettingsConfiguration Of WAP Settings Push ServicesService Loading SL Enhanced Messaging Service EMS Powerful MessagingPictures And Animations Sounds And MelodiesPicture Editor Mobile Internet and E-MAIL Data ConnectionsBuilt-in E-mail Client Mobile Positioning High Speed Data Gives a Faster Speed Modem and AT CommandsGprs Enables Constant Connection And High Speed GSM Data CommunicationAT Commands Support Overview Of AT Command FunctionsGSM Ussd Obex GSM GprsSynchronize With Local Calendar And Phone Book Synchronize Calendar and Phone BookSynchronize Over WAP Using SyncML Hierarchical Phone Book With ContactsSynchronization Software And The T39 XTNDConnect PC XTNDConnect PC For EricssonAirCalendar For Mobile People Infrared Transceiver Connection Via InfraredConnection Via Cable Profiles Functions and FeaturesIn-phone Functions And Features Downloadable Background PicturesVoice Memo Voice ControlMagic Word Hierarchical Phone BookMore In-phone Functions And Features Ring Signal ExchangeFixed Dialling And Restricted Calls Network-Dependent FeaturesMore Network-dependent Features Business Card ExchangeVoice mail WAP SIM AT Services Supported By The T39 Service Mode Support T39SIM Application Toolkit Poll Interval GET InputMore Time Polling OFFSMS PP Download SET UP CallSET UP Menu Send UssdSend Short Mess User Interaction With SIM ATPage Terminology and Abbreviations Hdml GIFGprs GSMTLS PIMSIR TCP/IPWIM WbmpWbxml WDPLinks Trademarks And Acknowledgements Related InformationDocuments SoftwareExterior Description Appendix Technical SpecificationsAmbient Temperatures GeneralGmsk Performance And Technical CharacteristicsDimension GSM 900/E-GSM TdmaSpeech Coding Dimension Value in GSMDimension Full rate Enhanced full rate Current Consumptions, Talk And Standby TimesDimension Support in the T39 Bluetooth Wireless Technology Technical DataWAP Browser Technical Data Feature Support in the T39 WAP browserWAP/WML Feature Support in the T39 WAP browser Gprs Technical Data Dimension Support in T39SIM Built-in GSM Data Modem Technical Data Infrared Transceiver Technical DataDimension Support in the T39 Connection Via Cable Signal in RS-232 Support in DRS-10EMS Feature Support in T39 Enhanced Messaging Service Technical DataMy Pictures Page Index
Top Page Image Contents