White Paper M600
40 February 2006
• Built-in pop-up blocking.
Browser security
M600 supports the TLS/SSL to provide a secure
encrypted link between the browser and the web
site. This method is commonly used for secure
transactions on the web. An icon in the display
indicates when a secure connection is in use.
TLS Security
When using certain Internet services the user may
require a secure connection between the phone
and the web site, such as, when using banking
services. An icon in the display indicates when a
secure connection is used. M600 is based on the
WAP 2.0 specifications where security functionality
is specified with a technology called WAP TLS Pro
-
file (Wireless Application Protocol Transport Layer
Security).
The Internet protocols that handle the connection,
its transport and its security are structured in proto
-
col layers. The security is handled by the TLS layer
operating above the transport protocol layer. There
are three TLS classes that define the levels of secu
-
rity for a TLS connection:
• Anonymous TLS involves encryption with no
authentication.
• Server authentication involves encryption with
server authentication.
• Client authentication involves encryption with
both server and client authentication
Certificates
To use secure connections, the user needs to have
certificates saved in the phone. Certificates can be
downloaded and installed when required. There are
two types of certificates:
M600 is preinstalled with X.509 certificates from
Baltimore, Entrust, Geotrust, GlobalSign, GTE
Cybertrust, RSA, Sony Ericsson, Thawte and Veri
-
Sign.
Server
authentication
Requires a server certificate
stored at the server side and a
trusted certificate stored at the
client side.
Client
authentication
Requires a client certificate
stored at the client side and a
trusted certificate stored at the
server side.
Certificate
authority
A trusted certificate used to ver-
ify that a web site is genuine. If
the phone has a stored trusted
certificate of a certain type, it
means the user can trust all web
sites which present a certificate
that can be verified by the
trusted certificate. Certificates
are preinstalled in the phone and
can be downloaded from the
trusted supplier's web page.
User
certificate
A personal certificate that veri-
fies the user's identity. A bank
that the user has a contract with
may issue this kind of certificate.