White Paper T610/612
24
Server authentication requires a server certificate stored
at the server side and a trusted certificate stored at the
client side.
Client authentication requires a client certificate stored at
the client side and a trusted certificate stored at the server
side.
A Wireless Identity Module (WIM) can contain both
trusted and client certificates, private keys and
algorithms needed for WTLS handshaking, encryption/
decryption and signature generation. The WIM module
can be placed on a SIM card and is then referred to as a
SWIM card.
Certificates
To use secure connections, the user needs to have
certificates stored in the phone. There are two types of
certificates:
Trusted certificate
A certificate that guarantees that a WAP site is genuine.
If the phone has a stored certificate of a certain type, it
means that the user can trust all WAP gateways that use
the certificate. Trusted certificates can be pre-installed in
the phone, in the SWIM or they can be downloaded from
the trusted supplier’s WAP page.
Client certificate
A personal certificate that verifies the user’s identity. A
bank that the user has a contract with may issue this kind
of certificate. Client certificates can be pre-installed in
the SWIM card.
WIM locks (PIN codes)
There are two types of WAP security locks (PIN codes)
for a SWIM, which protect the subscription from
unauthorized use. The PIN codes should typically be
provided by the supplier of the SWIM.
Access lock
An access lock protects the data in the WIM. The user is
asked to enter the PIN code the first time the SWIM card
is accessed when establishing a connection.
Signature lock
A signature lock is used for confirming transactions,
much like a digital signature.
In the T610/612, the user can check which transactions
have been made with the phone when browsing. Each
time the user confirms a transaction with a signature lock
code, a contract is stored in the phone. The contract
contains details about the transaction.
Configuration of WAP settings
An easy way to perform WAP configuration in the T610/
612 is to use the step-by-step WAP configurator
available on http://www.SonyEricsson.com. The
configurator utilizes OTA provisioning.
Manual configuration is done using the menu system in
the phone. This is described in the User’s guide.
Over-the-air provisioning
of WAP settings
To simplify the configuration of WAP settings in the
T610/612, all settings can be sent to the phone as an
SMS message. This makes it easy for an operator, a
service provider or a company to distribute settings for
Internet/intranet, and WAP, without the user having to
configure the phone manually. This also makes it easy to
upgrade services, as no manual configuration is required.
• The OTA configuration message is distributed via
SMS point-to-point.
• The setup information is a binary encoded XML mes-
sage (WBXML). To receive information about OTA
specifications, please contact your local Sony Erics-
son representative for consumer products. A configu-
rator that utilizes OTA provisioning can be tested on
www.SonyEricsson.com
• The user is alerted about new settings when the ongo-
ing browsing session ends. Settings are not changed
during an ongoing browsing session.
• User interaction is limited to receiving and accepting/
rejecting the configuration message, and selecting
which WAP profile to allocate the settings to.
• Security can be handled using a keyword identifier
displayed on the screen as a shared secret between the
SMS sender and recipient. Therefore the user can
verify that the configuration message is authentic.