Support User Manuals

Sony Ericsson Z300 Cell Phone User Manual

Open as PDF

of 54

White Paper Z300

17 October 2005

Security using WAP

The Z300 supports WAP 1.2.1, a version of the

Wireless Application Protocol that includes WTLS

class 2.

While using certain WAP services, the user may

want more security than normal, for example when

using banking services. The user establishes a

secure connection between the phone and the

WAP gateway.

To use such secure connections, certificates have

to be saved in the phone. The Z300 comes with a

number of pre-installed WAP certificates, so called

trusted certificates.

WTLS class 2 includes the following security fea-

tures:

• Encryption of a message, ensuring that only the

sender and the recipient can read the contents

of a message.

• Server authentication, meaning that the mes-

sage is encrypted and users can verify that they

really are communicating with the WAP gateway

they believe they are connected to.

Configuration of WAP settings

An easy way to perform the WAP configuration of a

single phone is by using the Sony Ericsson step-

by-step WAP configurator. The configurator utilizes

OTA provisioning, and is available on

www.SonyEricsson.com; no login required.

A manual configuration is done using the menu

system in the phone. This is described in the user

guide.

To simplify configuration of WAP settings in a

number of phones, all settings can be sent as an

SMS message to each phone. This makes it easy

for an operator, a service provider or a company to

distribute settings for Internet/intranet, and WAP,

without having to configure each phone manually.

• The OTA configuration message is distributed

via SMS point-to-point.

• The setup information is a binary encoded XML

message, according to WBXML. To receive

information about OTA specifications, please

contact your local Sony Ericsson representative

for consumer products.

• The user is not alerted about new settings until

the ongoing browsing session ends. Further

-

more, settings are not changed during an ongo-

ing browsing session.

• The necessary user interaction is limited to

receiving and accepting/rejecting the configura

-

tion message, and selecting the WAP profile to

allocate the settings to.

• Security can be handled using a keyword identi-

fier displayed on the screen as a shared secret

between the SMS sender and recipient. It is

important that the user can verify that the con

-

figuration message is authentic.

previous next