Sony Ericsson T300 ユーザーズマニュアル
T300/T302
White Paper, August 2002
18
Server authentication requires a server certificate
stored at the server side and a trusted certificate
stored at the client side.
stored at the server side and a trusted certificate
stored at the client side.
Client authentication requires a client certificate
stored at the client side and a trusted certificate
stored at the server side.
stored at the client side and a trusted certificate
stored at the server side.
A Wireless Identity Module (WIM) can contain
both trusted and client certificates, private keys
and algorithms needed for WTLS handshaking,
encryption/decryption and signature generation.
The WIM module can be placed on a SIM card
and is then referred to as a SWIM card.
both trusted and client certificates, private keys
and algorithms needed for WTLS handshaking,
encryption/decryption and signature generation.
The WIM module can be placed on a SIM card
and is then referred to as a SWIM card.
Certificates
To use secure connections, the user needs to
have certificates stored in the phone. There are
two types of certificates:
have certificates stored in the phone. There are
two types of certificates:
•
Trusted certificate
A certificate that guarantees that a WAP
site is genuine. If the phone has a stored
certificate of a certain type, it means that
the user can trust all WAP gateways that
use the certificate. Trusted certificates can
be pre-installed in the phone, in the SWIM
or they can be downloaded from the
trusted supplier’s WAP page.
A certificate that guarantees that a WAP
site is genuine. If the phone has a stored
certificate of a certain type, it means that
the user can trust all WAP gateways that
use the certificate. Trusted certificates can
be pre-installed in the phone, in the SWIM
or they can be downloaded from the
trusted supplier’s WAP page.
•
Client certificate
A personal certificate that verifies the
user’s identity. A bank that the user has a
contract with may issue this kind of certifi-
cate. Client certificates can be pre-
installed in the SWIM card.
A personal certificate that verifies the
user’s identity. A bank that the user has a
contract with may issue this kind of certifi-
cate. Client certificates can be pre-
installed in the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN
codes) for a SWIM, which protect the
subscription from unauthorized use. The PIN
codes should typically be provided by the
supplier of the SWIM.
codes) for a SWIM, which protect the
subscription from unauthorized use. The PIN
codes should typically be provided by the
supplier of the SWIM.
•
Access lock
An access lock protects the data in the
WIM. The user is asked to enter the PIN
code the first time the SWIM card is
accessed when establishing a connection.
An access lock protects the data in the
WIM. The user is asked to enter the PIN
code the first time the SWIM card is
accessed when establishing a connection.
•
Signature lock
A signature lock is used for confirming
transactions, much like a digital signature.
A signature lock is used for confirming
transactions, much like a digital signature.
In the T300/T302, the user can check which
transactions have been made with the phone
when browsing. Each time the user confirms a
transaction with a signature lock code, a
contract is stored in the phone. The contract
contains details about the transaction.
transactions have been made with the phone
when browsing. Each time the user confirms a
transaction with a signature lock code, a
contract is stored in the phone. The contract
contains details about the transaction.
Configuration of WAP
settings
settings
An easy way to perform WAP configuration in the
T300/T302 is to use the step-by-step WAP
configurator available on http://
www.SonyEricsson.com. The configurator
utilizes OTA provisioning.
T300/T302 is to use the step-by-step WAP
configurator available on http://
www.SonyEricsson.com. The configurator
utilizes OTA provisioning.
Manual configuration is done using the menu
system in the phone. This is described in the
User’s guide.
system in the phone. This is described in the
User’s guide.
Over-the-air provisioning
of WAP settings
of WAP settings
To simplify the configuration of WAP settings in
the T300/T302, all settings can be sent to the
phone as an SMS message. This makes it easy
for an operator, a service provider or a company
to distribute settings for Internet/intranet, and
WAP, without the user having to configure the
phone manually. This also makes it easy to
upgrade services, as no manual configuration is
required.
the T300/T302, all settings can be sent to the
phone as an SMS message. This makes it easy
for an operator, a service provider or a company
to distribute settings for Internet/intranet, and
WAP, without the user having to configure the
phone manually. This also makes it easy to
upgrade services, as no manual configuration is
required.
•
The OTA configuration message is distrib-
uted via SMS point-to-point.
uted via SMS point-to-point.
•
The setup information is a binary encoded
XML message (WBXML). To receive infor-
mation about OTA specifications, please
contact your local Sony Ericsson repre-
sentative for consumer products. A config-
urator that utilizes OTA provisioning can be
tested on www.SonyEricsson.com.
XML message (WBXML). To receive infor-
mation about OTA specifications, please
contact your local Sony Ericsson repre-
sentative for consumer products. A config-
urator that utilizes OTA provisioning can be
tested on www.SonyEricsson.com.
•
The user is alerted about new settings
when the ongoing browsing session ends.
Settings are not changed during an ongo-
ing browsing session.
when the ongoing browsing session ends.
Settings are not changed during an ongo-
ing browsing session.
•
User interaction is limited to receiving and
accepting/rejecting the configuration mes-
sage, and selecting which WAP profile to
allocate the settings to.
accepting/rejecting the configuration mes-
sage, and selecting which WAP profile to
allocate the settings to.
•
Security can be handled using a keyword
identifier displayed on the screen as a
shared secret between the SMS sender
and recipient. It is important that the user
can verify that the configuration message
is authentic.
identifier displayed on the screen as a
shared secret between the SMS sender
and recipient. It is important that the user
can verify that the configuration message
is authentic.