White Paper T100/T102
15 September 2002
Security using WAP
The T100/T102 supports WAP 1.2.1, a version of
the Wireless Application Protocol that includes
WTLS class 2.
When using certain WAP services, the user may
want more security than normal, for example when
using banking services. The user establishes a
secure connection between the phone and the
WAP gateway.
To use such secure connections, certificates have
to be saved in the phone. The T100/T102 comes
with a number of pre-installed WAP certificates, so
called Trusted certificates.
WTLS class 2 includes the following security fea-
tures:
• Encryption of a message, ensuring that only the
sender and the recipient can read the contents
of a message.
• Server authentication, meaning that the mes-
sage is encrypted and users can verify that they
really are communicating with the WAP gateway
they believe they are connected to.
Configuration of WAP settings
An easy way to perform the WAP configuration of a
single phone is by using the step-by-step WAP
configurator provided on the Sony Ericsson Mobile
Internet. The configurator utilizes OTA provisioning,
and is available on http://www.SonyEricsson.com,
no login required.
A manual configuration is made using the menu
system in the phone. This is described in the User’s
Guide.
To simplify configuring WAP settings in a number of
phones, all settings can be sent as an SMS mes-
sage to each phone. This makes it easy for an
operator, a service provider or a company to dis-
tribute settings for Internet/Intranet, and WAP, with-
out having to configure each phone manually.
• The OTA configuration message is distributed
via SMS point-to-point.
• The setup information is a binary encoded XML
message, according to WBXML. To receive
information about OTA specifications, please
contact your local Sony Ericsson representative
for consumer products. A configurator that uti-
lizes OTA provisioning can be tested on Sony
Ericsson Mobile Internet.
• The user is not alerted about new settings until
the ongoing browsing session ends. Further-
more, settings are not changed during an ongo-
ing browsing session.
• The necessary user interaction is limited to
receiving and accepting/rejecting the configura-
tion message, and selecting which WAP profile
to allocate the settings to.
• Security can be handled using a keyword identi-
fier displayed on the screen as a shared secret
between the SMS sender and recipient. It is
important that the user can verify that the con-
figuration message is authentic.
Push services
These are useful for sending updated WAP site
contents or WAP links to mobile users. Examples
of services that can be implemented using push
services:
• Notification of new voice mails, etc. Instant
messaging and chat.
• News, sport results, weather forecasts, financial
information (stock quotes etc).
• Personal Information Manager (PIM) - delivery
of contacts, meeting requests etc.