Table of Contents
Advertisement
M e n u f u n c t i o n s
provider to secure the data transmission
between the gateway and the content server.
Security module
The security module provides security services
for WAP related applications, and allows the
use of the phones digital signature
functionality. If present, the security module
is in the SIM card as an optional service of
your service provider. The security module
helps to determine whether the card content
has not been maliciously read or modified. It
can contain certificates, as well as private
and public keys to operate the certificates.
The certificates are stored in the security
module by SIM card issuer or service provider.
Digital signature
With the digital signature functionality you
can, for example, digitally sign a bill or a
financial contract. The signature can be
traced back to you via the private key and the
associated certificate that was used to
perform the signature, so signing using the
digital signature is the same as signing your
name to a paper bill, contract or other
document.
A digital signature is initiated by a code
embedded in a WAP page. Select a link, for
example, the title of the book you want to buy
and its price. The digital signature procedure
starts and shows the text to sign. At this point
the header text is Read and the digital
signature icon
is shown.
Note: If the digital signature icon
does not appear, this means that
there is a security breach, and you
should not enter any personal data
such as your signing PIN.
To sign the displayed text, select Sign, after
you have read all of the text.
48
Copyright © 2004 Nokia. All rights reserved
Note: The text may not fit within a
single screen. Therefore, make sure
to scroll through and read all of the
text before signing.
Select the user certificate you want to use.
Key in the signing PIN and press OK. Since the
PIN code will not be sent outside the phone, it
will remain secret. The phone displays a
confirmation Code accepted. If you entered a
wrong PIN, an error note Code error is
displayed, and the phone asks you to key in
the PIN code again. After the confirmation
has been displayed, the digital signature icon
will disappear, and browsing continues. The
WAP service may display a confirmation of
your purchase.
Certificates
There are three kinds of certificates:
• Server certificates
A server certificate is sent from the server
to the phone and its validity is checked
using the authority certificates stored in
the phone or the security module. This way
you can be certain that a WAP gateway or
a WAP server is the one it claims to be.
You will see a note on the phone display if
the identity of the WAP server or WAP
gateway cannot be verified, if the WAP
server or WAP gateway certificate is not
authentic or if you do not have the right
authority certificate in your phone.
• Authority certificates
Authority certificates are used by some
WAP services, such as banking services, for
checking signatures or server certificates
or other authority certificates.
You can download the certificate from a
WAP page, if the WAP service supports the
use of authority certificates. After the
download, you can view the certificate
and then save or delete it. If you save the
Hide quick links:
Advertisement
Table of Contents
