Table of Contents
Advertisement
A Wireless Identity Module (WIM) can contain both
trusted and client certificates, private keys and
algorithms needed for WTLS handshaking, encryp-
tion/decryption and signature generation. The WIM
module can be placed on a SIM card which is then
referred to as a SWIM card.
Certificates
To use secure connections, the user needs to have
certificates stored in the phone. There are two
types of certificates:
• Trusted certificate
A certificate that guarantees that a WAP site is
genuine. If the phone has a stored certificate of
a certain type, it means that the user can trust
all WAP gateways that use the certificate.
Trusted certificates can be pre-installed in the
phone, in the SWIM or they can be downloaded
from the trusted supplier's WAP page.
• Client certificate
A personal certificate that verifies the user's
identity. A bank that the user has a contract with
may issue this kind of certificate. Client certifi-
Configuration of WAP settings
An easy way to perform WAP configuration in the
T290i/T290c is to use the step-by-step WAP con-
figurator available on http://www.SonyErics-
son.com. The configurator utilizes OTA
provisioning.
Manual configuration is done using the menu sys-
tem in the phone. This is described in the User's
Guide.
WAP settings can also be customized in the mobile
phone based on the operator's preferences.
Over-the-air provisioning of WAP
settings
To simplify the configuration of WAP settings in the
T290i/T290c, all settings can be sent to the phone
as an SMS message. This makes it easy for an
operator, a service provider or a company to dis-
tribute settings for Internet/intranet, and WAP, with-
out the user having to configure the phone
manually. This also makes it easy to upgrade serv-
ices, as no manual configuration is required.
cates can be pre-installed in the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN
codes) for a SWIM, which protect the subscription
from unauthorised use. The PIN codes should typi-
cally be provided by the supplier of the SWIM.
• Access lock
An access lock protects the data in the WIM.
The user is asked to enter the PIN code the first
time the SWIM card is accessed when estab-
lishing a connection.
• Signature lock
A signature lock is used for confirming transac-
tions, much like a digital signature.
In the T290i/T290c, the user can check which
transactions have been made with the phone when
browsing. Each time the user confirms a transac-
tion with a signature lock code, a contract is stored
in the phone. The contract contains details about
the transaction.
• The OTA configuration message is distributed
via SMS point-to-point.
• The setup information is a binary encoded XML
message (WBXML). To receive information
about OTA specifications, please contact your
local Sony Ericsson representative for con-
sumer products. A configurator that utilizes OTA
provisioning can be tested on www.SonyErics-
son.com.
• The user is alerted about new settings when the
ongoing browsing session ends. Settings are
not changed during an ongoing browsing ses-
sion.
• User interaction is limited to receiving and
accepting/rejecting the configuration message,
and selecting which WAP profile to allocate the
settings to.
• Security can be handled using a keyword identi-
fier displayed on the screen as a shared secret
between the SMS sender and recipient. It is
important that the user can verify that the con-
figuration message is authentic.
22
White Paper
T290i/T290c
October 2004
Advertisement
Table of Contents
