Sony Ericsson P802 Cell Phone User Manual

Open as PDF

of 90

For Internal Use Only

P800 Smartphone

White Paper, May 2002

Browser Security

World Wide Web

The P800 supports the TLS/SSL to provide a secure encrypted link between the browser and the

website. This method is commonly used for secure transactions on the WWW.

WAP Security

When using certain WAP services the user may want a secure connection between the phone

and the WAP gateway, for example when using banking services. An icon in the display indicates

when a secure connection is used. The P800 is based on the WAP 2.0 specifications where

security functionality is specified with a technology called Wireless Transport Layer Security

(WTLS).

The WAP protocols that handle the connection, its transport and its security are structured in

protocol layers. The security is handled by the WTLS layer operating above the transport protocol

layer. There are 3 WTLS classes that define the levels of security for a WTLS connection:

•

WTLS class 1 involves encryption with no authentication.

• WTLS class 2 involves encryption with server authentication.

•

WTLS class 3 involves encryption with both server and client authentication

Server authentication Requires a server certificate stored at the server side and a root

certificate stored at the client side.

Client authentication Requires a client certificate stored at the client side and a trusted

certificate stored at the server side.

A Wireless Identity Module (WIM) can contain both trusted and client certificates, private keys

and algorithms needed for WTLS handshaking, encryption/decryption and signature generation.

The WIM module can be placed on a SIM card and will then be referred to as a SWIM card.

Certificates

To use secure connections, the user needs to have certificates saved in the phone. There are two

types of certificates:

Certificate authority A certificate used to verify that a WAP site is genuine. If the phone

has a stored certificate of a certain type, it means the user can trust

all WAP gateways which present a certificate that can be verified by

the trusted certificate. Certificates can be preinstalled in the phone,

pre-installed in the SWIM, or downloaded from the trusted supplier’s

WAP page.

User certificate A personal certificate that verifies the user’s identity. A bank that the

user has a contract with may issue this kind of certificate. User

certificates can be pre-installed in the SWIM card.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Sony Ericsson P802 Cell Phone User Manual