Browser Security - Sony Ericsson P900 White Paper

Hide thumbs Also See for P900:

User manual (193 pages)

Working instruction, mechanical (26 pages)

Troubleshooting manual (21 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

page of 128

/ 128
Contents
Table of Contents
Bookmarks

Table of Contents

Browser, M-Services and MeT

Browser Security

World Wide Web

The P900 supports the TLS/SSL to provide a secure encrypted link between the browser and the website.

This method is commonly used for secure transactions on the WWW. An icon in the display indicates when

a secure connection is in use.

WAP Security

When using certain WAP services the user may want a secure connection between the phone and the WAP

gateway, for example when using banking services. An icon in the display indicates when a secure

connection is used. The P900 is based on the WAP 2.0 specifications where security functionality is

specified with a technology called Wireless Transport Layer Security (WTLS) and WAP TLS Profile.

The WAP protocols that handle the connection, its transport and its security are structured in protocol layers.

The security is handled by the WTLS layer operating above the transport protocol layer. There are three

WTLS classes that define the levels of security for a WTLS connection:

•

WTLS class 1 involves encryption with no authentication.

•

WTLS class 2 involves encryption with server authentication.

•

WTLS class 3 involves encryption with both server and client authentication

Server authentication

Client authentication

A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys and

algorithms needed for WTLS handshaking, encryption/decryption and digital signature generation. The WIM

module can be placed on a SIM card and will then be referred to as a SWIM card.

Certificates

To use secure connections, the user needs to have certificates saved in the phone. User certificates can be

downloaded. There are two types of certificates:

Certificate authority

The user may organize bookmarks into user-defined folders, for example

creating a folder of sports bookmarks and a folder of transport bookmarks.

It is also possible to view a list of all signed documents (see MeT example

above) and access incoming WAP Push messages.

Requires a server certificate stored at the server side and a trusted

certificate stored at the client side.

Requires a client certificate stored at the client side and a trusted certificate

stored at the server side.

A certificate used to verify that a WAP site is genuine. If the phone has a

stored certificate of a certain type, it means the user can trust all WAP

gateways which present a certificate that can be verified by the trusted

certificate. Certificates can be preinstalled in the phone, pre-installed in the

P900/P908 White Paper, December 2003

LZT 108 6643 R1G

Table of Contents

This manual is also suitable for:

P908

Browser Security - Sony Ericsson P900 White Paper

Browser Security

Related Manuals for Sony Ericsson P900

Related Content for Sony Ericsson P900

This manual is also suitable for:

Table of Contents