White Paper T290i/T290c

A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys and algorithms needed for WTLS handshaking, encryp- tion/decryption and signature generation. The WIM module can be placed on a SIM card which is then referred to as a SWIM card.

Certificates

To use secure connections, the user needs to have certificates stored in the phone. There are two types of certificates:

Trusted certificate

A certificate that guarantees that a WAP site is genuine. If the phone has a stored certificate of a certain type, it means that the user can trust all WAP gateways that use the certificate.

Trusted certificates can be pre-installed in the phone, in the SWIM or they can be downloaded from the trusted supplier’s WAP page.

Client certificate

A personal certificate that verifies the user’s identity. A bank that the user has a contract with may issue this kind of certificate. Client certifi-

cates can be pre-installed in the SWIM card.

WIM locks (PIN codes)

There are two types of WAP security locks (PIN codes) for a SWIM, which protect the subscription from unauthorised use. The PIN codes should typi- cally be provided by the supplier of the SWIM.

Access lock

An access lock protects the data in the WIM. The user is asked to enter the PIN code the first time the SWIM card is accessed when estab- lishing a connection.

Signature lock

A signature lock is used for confirming transac- tions, much like a digital signature.

In the T290i/T290c, the user can check which transactions have been made with the phone when browsing. Each time the user confirms a transac- tion with a signature lock code, a contract is stored in the phone. The contract contains details about the transaction.

Configuration of WAP settings

An easy way to perform WAP configuration in the T290i/T290c is to use the step-by-step WAP con- figurator available on http://www.SonyErics- son.com. The configurator utilizes OTA provisioning.

Manual configuration is done using the menu sys- tem in the phone. This is described in the User’s Guide.

WAP settings can also be customized in the mobile phone based on the operator’s preferences.

Over-the-air provisioning of WAP settings

To simplify the configuration of WAP settings in the T290i/T290c, all settings can be sent to the phone as an SMS message. This makes it easy for an operator, a service provider or a company to dis- tribute settings for Internet/intranet, and WAP, with- out the user having to configure the phone manually. This also makes it easy to upgrade serv- ices, as no manual configuration is required.

The OTA configuration message is distributed via SMS point-to-point.

The setup information is a binary encoded XML message (WBXML). To receive information about OTA specifications, please contact your local Sony Ericsson representative for con- sumer products. A configurator that utilizes OTA provisioning can be tested on www.SonyErics- son.com.

The user is alerted about new settings when the ongoing browsing session ends. Settings are not changed during an ongoing browsing ses- sion.

User interaction is limited to receiving and accepting/rejecting the configuration message, and selecting which WAP profile to allocate the settings to.

Security can be handled using a keyword identi- fier displayed on the screen as a shared secret between the SMS sender and recipient. It is important that the user can verify that the con- figuration message is authentic.

22

October 2004

Page 22
Image 22
Sony Ericsson T290c, T290i manual Configuration of WAP settings, Certificates, WIM locks PIN codes