Server authentication requires a server certificate stored at the server side and a trusted certificate stored at the client side.

Client authentication requires a client certificate stored at the client side and a trusted certificate stored at the server side.

A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys and algorithms needed for WTLS handshaking, encryption/ decryption and signature generation. The WIM module can be placed on a SIM card and is then referred to as a SWIM card.

Certificates

To use secure connections, the user needs to have certificates stored in the phone. There are two types of certificates:

Trusted certificate

A certificate that guarantees that a WAP site is genuine. If the phone has a stored certificate of a certain type, it means that the user can trust all WAP gateways that use the certificate. Trusted certificates can be pre-installed in the phone, in the SWIM or they can be downloaded from the trusted supplier’s WAP page.

White Paper T610/612

Client certificate

A personal certificate that verifies the user’s identity. A bank that the user has a contract with may issue this kind of certificate. Client certificates can be pre-installed in the SWIM card.

WIM locks (PIN codes)

There are two types of WAP security locks (PIN codes) for a SWIM, which protect the subscription from unauthorized use. The PIN codes should typically be provided by the supplier of the SWIM.

Access lock

An access lock protects the data in the WIM. The user is asked to enter the PIN code the first time the SWIM card is accessed when establishing a connection.

Signature lock

A signature lock is used for confirming transactions, much like a digital signature.

In the T610/612, the user can check which transactions have been made with the phone when browsing. Each time the user confirms a transaction with a signature lock code, a contract is stored in the phone. The contract contains details about the transaction.

Configuration of WAP settings

An easy way to perform WAP configuration in the T610/ 612 is to use the step-by-step WAP configurator available on http://www.SonyEricsson.com. The configurator utilizes OTA provisioning.

Manual configuration is done using the menu system in the phone. This is described in the User’s guide.

Over-the-air provisioning of WAP settings

To simplify the configuration of WAP settings in the T610/612, all settings can be sent to the phone as an SMS message. This makes it easy for an operator, a service provider or a company to distribute settings for Internet/intranet, and WAP, without the user having to configure the phone manually. This also makes it easy to upgrade services, as no manual configuration is required.

The OTA configuration message is distributed via SMS point-to-point.

The setup information is a binary encoded XML mes- sage (WBXML). To receive information about OTA specifications, please contact your local Sony Erics- son representative for consumer products. A configu- rator that utilizes OTA provisioning can be tested on www.SonyEricsson.com

The user is alerted about new settings when the ongo- ing browsing session ends. Settings are not changed during an ongoing browsing session.

User interaction is limited to receiving and accepting/ rejecting the configuration message, and selecting which WAP profile to allocate the settings to.

Security can be handled using a keyword identifier displayed on the screen as a shared secret between the SMS sender and recipient. Therefore the user can verify that the configuration message is authentic.

24

Page 24
Image 24
Sony Ericsson T612 manual Configuration of WAP settings, Certificates, WIM locks PIN codes