Nokia 6610i - Browser security

129

Copyri

ght

©

2

005 Nokia. All ri

gh

ts reserved

.

Secu

rity m

odu

le

The

security mod

u

le can

contain certif

icates

as well as

private

and public keys. The

security module may i

mprove the securi

ty services for applications requir

ing

browser connection, and allows you to use a

digital signature. The

certificates are

saved in the security module

by th

e service pr

ovi

d

er.

Pre

ss

Me

n

u

and select

Services

,

Set

tings

,

Security settings

and

Security module

settings

. Select

•

Security module details

to show the security module title,

it

s statu

s,

manufacturer and ser

ial number.

•

Module PIN

requ

est

to set the p

h

o

n

e to ask for the module PIN when using

services provided

by security modu

le. Key i

n

the code and select

On

. To disable

the module PIN request, select

Off

.

•

Change module PIN

to chan

ge the module PIN, if allowed by the security

module. Enter the current module PIN co

d

e, th

en enter the new code twice.

•

Change signing PIN

. Select the signing PIN you want t

o

change. Enter

t

h

e

current PIN code, t

h

en enter the new code twice.

See also

General i

n

fo

rmation

on page

13

.

Cer

ti

ficates

There

ar

e thre

e kinds of

certifica

tes: s

erve

r certif

icates, aut

h

or

ity certificates and

user certif

icates.

•

The

phone us

es

a

se

rv

er ce

rt

ifica

te

to

i

mprove security in connection between

the phone and the gateway.

Th

e phone r

eceives the server certificate from the

130

Copyri

ght

©

2

005 Nokia. All ri

gh

ts reserved

.

service

provider

before the

connection is

established

an

d its validity is checked

using the authority certifi

cates

saved in

the phone. Server certificates are not

sa

ve

d.

The security indicator

is displ

ayed

duri

n

g

a connection, i

f the dat

a

transmission between th

e phone an

d the gat

eway (id

entified by th

e

IP addr

ess

in the

Edit

active service settings

-

Bearer settings

) is encrypted.

•

A

uthority certif

icates are used by some

se

rvices,

such as

banking services,

for

checking the vali

dity of

other certificates

. Authority certificat

es can either

be

saved in the security module by th

e

service pr

ovi

d

er, or they can

be

down

loaded from the networ

k, if the se

rvice suppo

rts the use of

authority

certif

icates.

•

U

ser certif

icates are issued to users by

a Certifying Authority. User certifi

cates

are required, for

example, to make a digi

ta

l signature and t

h

ey associate th

e

user with

a specific private key in a security module.

Th

e se

cu

ri

ty i

co

n

d

o

es

no

t i

n

d

ica

te

t

h

a

t th

e

data t

ransmiss

ion bet

w

een the

gate

way and the

cont

ent server (or

pl

ace where

the

re

ques

ted reso

urce is sto

red)

is

secure

. T

h

e service

provider secures the dat

a

transmiss

ion be

tw

een the

gat

eway and

the cont

ent server.

Imp

o

rt

an

t:

Note th

at

e

ve

n

if th

e

u

se of cert

ificates

make

s

the ris

ks

in

volved

in

re

mo

te co

nnections and soft

wa

re i

n

st

allation conside

rab

ly smaller, they

must be

use

d

correctl

y in

ord

er

to

be

nefi

t fr

o

m

inc

re

a

se

d security.

Th

e exi

stence of

a

certificate does

not offer any protecti

on by

it

sel

f; the

cert

ificat

e manage

r

must cont

ai

n

correct, authentic, or truste

d

certifica

tes for

in

creased security to be available. Certificates

have a res

tricted lifet

ime. If Ex

pired ce

rtificat

e or Cert

ificat

e

not

valid ye

t is shown

even if

the ce

rtificate should

be

valid

, ch

eck

tha

t th

e

cu

rren

t date an

d

tim

e in

yo

ur

device are

correct.

131

Copyri

ght

©

2

005 Nokia. All ri

gh

ts reserved

.

Be

fore c

h

ang

ing any

certi

fi

cate

s

etting

s, you mu

st

ma

ke su

re th

at

you

rea

lly t

rus

t t

h

e owner

of the

cert

ificat

e and that

t

h

e certifi

cate

really belongs to the list

ed owner.

Digital sig

n

ature

You can make digital signatures with your

phon

e. Th

is

feature requir

es support

from your SIM

car

d

. The signatu

re can be traced

back to

you via th

e private key on

the security module and the user certif

icate th

at was used to perform the

signature. Using the d

igital signature can

be the

same as signing your name to a

paper bill, contract or other document.

To make a digital signat

ur

e, select a li

n

k on a page, for

example, the title of the

book you want

to b

u

y and its price. The text t

o

sign (possibly including amount,

date, etc.) wil

l be shown.

Check

that

the header text is

Re

ad

and that the digital signature ico

n

is

shown.

Note:

If

th

e digital

signature icon does

not appear, there is a secu

ri

ty

breach, and yo

u

should not enter any per

sonal

data such as your signing

PIN.

To sig

n

the text, read all of the

te

xt first an

d then you

c

a

n select

Sig

n

.

Note:

The text may not fit with

in

a sin

gle screen. Ther

efore, make sure to

scroll

thr

o

ugh

and re

ad all

of the text before signing.

Sel

ect the user certificate you want

to use. Key in th

e si

gn

in

g

PIN (see

General inf

o

rmation

on pag

e

13

) and press

OK

. The digital signatu

re icon will

disappear, and the service may displ

ay

a confirmation of your purchase.