stored at the client side and a trusted certificate stored at the server side.
A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys and algorithms needed for WTLS handshaking, encryption/decryption and signature generation. The WIM module can be placed on a SIM card and is then referred to as a SWIM card.
Certificates
To use secure connections, the user needs to have certificates stored in the phone. There are two types of certificates:
•Trusted certificate
A certificate that guarantees that a WAP site is genuine. If the phone has a stored certificate of a certain type, it means that the user can trust all WAP gateways that use the certificate. Trusted certificates can be
•Client certificate
A personal certificate that verifies the user’s identity. A bank that the user has a contract with may issue this kind of certifi- cate. Client certificates can be pre- installed in the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN codes) for a SWIM, which protect the subscription from unauthorized use. The PIN codes should typically be provided by the supplier of the SWIM.
•Access lock
An access lock protects the data in the WIM. The user is asked to enter the PIN code the first time the SWIM card is accessed when establishing a connection.
•Signature lock
A signature lock is used for confirming transactions, much like a digital signature.
In the T68i, the user can check which transactions have been made with the phone when browsing. Each time the user confirms a transaction with a signature lock code, a contract is stored in the phone. The contract contains details about the transaction.
T68i
White Paper, April 2002
Configuration of WAP settings
An easy way to perform WAP configuration in the T68i is to use the
Manual configuration is done using the menu system in the phone. This is described in the User’s Guide.
Over-the-air provisioning of WAP settings
To simplify the configuration of WAP settings in the T68i, all settings can be sent to the phone as an SMS message. This makes it easy for an operator, a service provider or a company to distribute settings for Internet/intranet, and WAP, without the user having to configure the phone manually. This also makes it easy to upgrade services, as no manual configuration is required.
•The OTA configuration message is distrib- uted via SMS
•The setup information is a binary encoded XML message (WBXML). To receive infor- mation about OTA specifications, please contact your local Sony Ericsson repre- sentative for consumer products. A config- urator that utilizes OTA provisioning can be tested on www.SonyEricssonMobile.com.
•The user is alerted about new settings when the ongoing browsing session ends. Settings are not changed during an ongo- ing browsing session.
•User interaction is limited to receiving and accepting/rejecting the configuration mes- sage, and selecting which WAP profile to allocate the settings to.
•Security can be handled using a keyword identifier displayed on the screen as a shared secret between the SMS sender and recipient. It is important that the user can verify that the configuration message is authentic.
Push services
Examples of WAP services that can be pushed include:
•Notification of new
•News, sports results, weather forecasts,
23
