Security Using Wap; Configuration Of Wap Settings; Push Services - Sony Ericsson T100 White Paper

Security using WAP

The T100/T102/T106 supports WAP 1.2.1, a ver-
sion of the Wireless Application Protocol that
includes WTLS class 2.
When using certain WAP services, the user may
want more security than normal, for example when
using banking services. The user establishes a
secure connection between the phone and the
WAP gateway.
To use such secure connections, certificates have
to be saved in the phone. The T100/T102/T106
comes with a number of pre-installed WAP certifi-
cates, so called Trusted certificates.

Configuration of WAP settings

An easy way to perform the WAP configuration of a
single phone is by using the step-by-step WAP
configurator provided on the Sony Ericsson Mobile
Internet. The configurator utilizes OTA provisioning,
and is available on http://www.SonyEricsson.com;
no login required.
A manual configuration is made using the menu
system in the phone. This is described in the User's
guide.
To simplify configuring WAP settings in a number of
phones, all settings can be sent as an SMS mes-
sage to each phone. This makes it easy for an
operator, a service provider or a company to dis-
tribute settings for Internet/Intranet, and WAP, with-
out having to configure each phone manually.
• The OTA configuration message is distributed
via SMS point-to-point.

Push services

These are useful for sending updated WAP site
contents or WAP links to mobile users. Examples
of services that can be implemented using push
services:
White Paper
WTLS class 2 includes the following security fea-
tures:
• Encryption of a message, ensuring that only the
sender and the recipient can read the contents
of a message.
• Server authentication, meaning that the mes-
sage is encrypted and users can verify that they
really are communicating with the WAP gateway
they believe they are connected to.
• The setup information is a binary encoded XML
message, according to WBXML. To receive
information about OTA specifications, please
contact your local Sony Ericsson representative
for consumer products. A configurator that uti-
lizes OTA provisioning can be tested on Sony
Ericsson Mobile Internet.
• The user is not alerted about new settings until
the ongoing browsing session ends. Further-
more, settings are not changed during an ongo-
ing browsing session.
• The necessary user interaction is limited to
receiving and accepting/rejecting the configura-
tion message, and selecting which WAP profile
to allocate the settings to.
• Security can be handled using a keyword identi-
fier displayed on the screen as a shared secret
between the SMS sender and recipient. It is
important that the user can verify that the con-
figuration message is authentic.
• Notification of new voice mails etc. Instant mes-
saging and chat.
• News, sport results, weather forecasts, financial
information (stock quotes etc).
• Personal Information Manager (PIM) - delivery
of contacts, meeting requests etc.
15
T100/T102/T106
March 2003