Sony Ericsson T312 Manuel D’Utilisation
White Paper
T310/T312
19
January 2003
Security using WAP
For certain WAP services, such as banking
services, a secure connection between the phone
and WAP gateway is necessary. An icon in the
display of the T310/T312 indicates when a secure
connection is in use.
services, a secure connection between the phone
and WAP gateway is necessary. An icon in the
display of the T310/T312 indicates when a secure
connection is in use.
The T310/T312 is based on the WAP 2.0 (WML 1.3)
specification suite, in which security functionality is
specified by a technology called Wireless Transport
Layer Security (WTLS). The WAP protocols for
handling connection, transport and security are
structured in layers, with security handled by the
WTLS layer, operating above the transport protocol
layer. WTLS classes define the levels of security for
a WTLS connection:
specification suite, in which security functionality is
specified by a technology called Wireless Transport
Layer Security (WTLS). The WAP protocols for
handling connection, transport and security are
structured in layers, with security handled by the
WTLS layer, operating above the transport protocol
layer. WTLS classes define the levels of security for
a WTLS connection:
•
WTLS class 1 – encryption with no authentica-
tion.
tion.
•
WTLS class 2 – encryption with server authenti-
cation.
cation.
•
WTLS class 3 – encryption with both server and
client authentication.
client authentication.
Server authentication requires a server certificate
stored at the server side and a trusted certificate
stored at the client side.
stored at the server side and a trusted certificate
stored at the client side.
Client authentication requires a client certificate
stored at the client side and a trusted certificate
stored at the server side.
stored at the client side and a trusted certificate
stored at the server side.
A Wireless Identity Module (WIM) can contain both
trusted and client certificates, private keys and
algorithms needed for WTLS handshaking and
signature generation. The WIM module can be
placed on a SIM card and is then referred to as a
SWIM card.
trusted and client certificates, private keys and
algorithms needed for WTLS handshaking and
signature generation. The WIM module can be
placed on a SIM card and is then referred to as a
SWIM card.
Certificates
To use authenticated connections, the user needs
to have certificates stored in the phone. There are
two types of certificates:
to have certificates stored in the phone. There are
two types of certificates:
•
Trusted certificate
A certificate that guarantees that a WAP site is
genuine. If the phone has a stored certificate of
a certain type, it means that the user can trust
all WAP gateways that use the certificate.
Trusted certificates can be pre-installed in the
phone, in the SWIM or they can be downloaded
from the trusted supplier’s WAP page.
A certificate that guarantees that a WAP site is
genuine. If the phone has a stored certificate of
a certain type, it means that the user can trust
all WAP gateways that use the certificate.
Trusted certificates can be pre-installed in the
phone, in the SWIM or they can be downloaded
from the trusted supplier’s WAP page.
•
Client certificate
A personal certificate that verifies the user’s
identity. A bank that the user has a contract with
may issue this kind of certificate. Client certifi-
cates can be pre-installed in the SWIM card.
A personal certificate that verifies the user’s
identity. A bank that the user has a contract with
may issue this kind of certificate. Client certifi-
cates can be pre-installed in the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN
codes) for a SWIM, which protect the subscription
from unauthorized use. The PIN codes should
typically be provided by the supplier of the SWIM.
codes) for a SWIM, which protect the subscription
from unauthorized use. The PIN codes should
typically be provided by the supplier of the SWIM.
•
Access lock
An access lock protects the data in the WIM.
The user is asked to enter the PIN code the first
time the SWIM card is accessed when estab-
lishing a connection.
An access lock protects the data in the WIM.
The user is asked to enter the PIN code the first
time the SWIM card is accessed when estab-
lishing a connection.
•
Signature lock
A signature lock is used for confirming transac-
tions, much like a digital signature.
A signature lock is used for confirming transac-
tions, much like a digital signature.
In the T310/T312, the user can check which
transactions have been made with the phone when
browsing. Each time the user confirms a
transaction with a signature lock code, a contract is
stored in the phone. The contract contains details
about the transaction.
transactions have been made with the phone when
browsing. Each time the user confirms a
transaction with a signature lock code, a contract is
stored in the phone. The contract contains details
about the transaction.
Configuration of WAP settings
An easy way to perform WAP configuration in the
T310/T312 is to use the step-by-step WAP
configurator available on http://
www.SonyEricsson.com. The configurator utilizes
T310/T312 is to use the step-by-step WAP
configurator available on http://
www.SonyEricsson.com. The configurator utilizes
OTA provisioning.