Nokia 9290 Cell Phone User Manual

Open as PDF

of 48

To enhance the security of PAP, CHAP, and MS-CHAP, some

other authentication methods can be used when creating a

network connection. If the method works with normal PAP

or CHAP, it can be used with the Nokia 9290 Communicator.

Other login schemes can be supported using a login script.

Some of the alternatives are:

• Callback system (supported PPP callback protocols:

IETF type 0 [RFC 1570] and the Microsoft callback

protocol)

• Centralized security (authentication server

configured based on RADIUS [RFC 2138] and

TACACS [RFC 1492])

• Multiple Passwords and one-time password schemes

• Token-based security

10.5 SSL and TLS

The Nokia 9290 Communicator supports the SSLv3 (Secure

Socket Layer) and TLSv1 (Transport Layer Security) protocols.

These protocols are integrated in the socket interface, so

third-party programs can easily use these protocols to offer

secure Internet connections.

10.5.1 Web browser

Web URLs (addresses) that start with “https” are SSL-secured

connections. The SSL connection is negotiated with the

server and then the data is transferred over the encrypted

connection. A small lock symbol is displayed as an indication

that the connection is encrypted.

The encryption strength depends on the SSL server. The

Nokia 9290 Communicator supports strong 128 bit encryption

in SSL and TLS, but can downgrade its security to a lower

level if the server is not capable of handling such strong

encryption.

The authenticity of the Web server is determined by the

help of certificates in the Certificate management tool.

As discussed above in the software security chapter, the

user can select which certificates are trusted and which are

not. When connecting to a server, whose identity is certified

by a trusted party, there will be no warning note. Other-

wise, the user will be able to review the identification

offered by the remote server. Some certification authority

root certificates are factory-installed on the device; Nokia

does not endorse any specific certification authority.

The HTTP (Hypertext Transfer Protocol) also provides a

simple authentication protocol, which uses a username/

password pair. It can be used to authenticate the user to

a remote server. This method can be used over the SSL for

additional security.

10.5.2 Reading and sending mail

Access to remote mailboxes (IMAP and POP) and sending

mail (SMTP) can also be secured using the SSL/TLS. You can

request a secure connection by ticking the appropriate box

in the settings.

In order to use secure connections with electronic mail, the

mail server has to support the “starttls” command (IMAP,

SMTP) or the “stls” command (POP).

Note: Sending electronic mail over a secure connection does

not encrypt the mail itself, only the connection to the mail

server. After the mail continues to its destination from the

first mail server, it is not encrypted. This feature is most useful

when accessing mail servers in a secure intranet through a

public Internet service provider.

10.5.3 Supported encryption algorithms

The selection of algorithms depends on the protocol being

used. It is advisable to avoid the use of “export-grade”

algorithms (RC4 with 40 secret bits and DES) for security

reasons. The Nokia 9290 Communicator supports the

following cryptographic algorithms in SSL/TLS:

• For server authentication and/or key exchange: RSA,

DSA, and Diffie-Hellman

• For data encryption: RC4™ (plus the “export” version

with 40 secret bits), DES, and Triple-DES

10.6 WAP security

When using WAP for a data call, the dial-up security is

the same as with Internet services. Please refer to the

chapter above.

WAP uses an optional security layer called WTLS. This can be

turned on in the settings, or the server can mandate it.

WTLS security ends at the WAP gateway. Connections to the

target server from the WAP gateway might not be encrypted.

WAP Forum specifies WTLS. The Nokia 9290 Communicator

supports strong 128 bit encryption in WTLS, but is able to

lower the security level if required by the server. The Nokia

9290 Communicator supports server authentication and

key exchange using the RSA algorithm and data encryption

using the RC5™ algorithm. The gateway is authenticated

using certificates. Some certification authority root certifi-

cates are factory-installed on the device; Nokia does not

endorse any specific certification authority.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Nokia 9290 Cell Phone User Manual