Nokia 8910 - Security module

background image

Security module

The security module provides security services for WAP-related applications and enables digital
signing. If present, the security module is in the SIM card as an optional service of your service
provider. The security module helps to prevent the card content from being maliciously read or
modified. (It can contain certificates, as well as private and public keys to operate the certificates. The
certificates are stored in the security module by the SIM card issuer or the service provider.)

Digital signature

You can sign, for example, a bill or a financial contract digitally while using WAP. Note that the
signature can be traced back to you via the private key and the associated certificate that was used to
perform the signature, so signing using the digital signature is the same as signing your name to a
paper bill, contract or other document.

When you select a link, for example, the title of the book you want to buy and its price, the digital
signature procedure starts and shows the text to be signed. At this point the header text is

Read

and

the digital signature icon

is shown.

Note: If the digital signature icon does not appear, this means that there is a security breach,
and you should not enter any personal data such as your signing PIN.

To sign the displayed text, select

Sign

, after you have read all of the text.

Note: The text may not fit within a single screen. Therefore, make sure to scroll through and
read all of the text before signing.

Select the user certificate you want to use in the signing. Key in the signing PIN (supplied by the
service provider) and press

OK

. Since the PIN code will not be sent outside the phone, it will remain

background image

©2002 Nokia Corporation. All rights reserved.

Me

n

u

fu

ncti

o

n

s

74

secret. The phone shows a confirmation of your purchase, the digital signature icon will disappear, and
you can continue browsing or end the WAP connection.

Certificates

There are three kinds of certificates:

• Server certificates

A server certificate is sent from the server to the phone and its validity is checked using the
authority certificates stored in the phone or the security module. This process helps to determine
whether a WAP gateway or a WAP server is the one it claims to be.

You will see a note on the phone display if the identity of the WAP server or WAP gateway cannot
be verified, if the WAP server or WAP gateway certificate is not authentic or if you do not have the
right authority certificate on your phone.

• Authority certificates

Authority certificates are used by some WAP services, such as banking services, for checking
signatures, server certificates or other authority certificates.

You can download the certificate from a WAP page, if the WAP service supports the use of authority
certificates. After the download, you can view the certificate and then save or delete it. If you save
the certificate, it is added to the certificate list on the phone. Authority certificates may also be
available in the security module.

• User certificates

User certificates are issued to users by a Certifying Authority, for example, a bank. They associate a
user with a specific private key in a security module, and they are stored in the module by the SIM
card issuer or the service provider.

background image

©2002 Nokia Corporation. All rights reserved.

Me

n

u

fu

ncti

o

n

s

75

Me

n

u

fu

ncti

o

n

s

Security module settings

Press

Menu

, select

Services

,

Settings

and

Security module settings

. If there is no security module in the

phone,

Insert security module

is displayed.

In the

Security module settings

menu you have the following options:

Security module details

show the security module label, its status, manufacturer and serial number.

Module PIN request

: The phone asks you for the module PIN code, which is supplied with the SIM

card. Key in the code, and select

On

to set the security module to ask for the module PIN code.

Change module PIN

: Key in the current module PIN code. Press

Change

and key in the new code

twice.

Change signing PIN

shows a list of signing PINs in alphabetical order, if you have more than one

signing PIN on your phone. The signing PIN is supplied with the SIM card. Select the signing PIN you
want to change. Key in the current signing PIN code. Press

Change

and key in the new code twice.

If you key in a wrong PIN code several times, the phone may display

PIN code blocked

and ask you to

key in the PUK code. Contact your service provider to get the PUK code, and key it in. To key in the PUK
code later, you must first try to use the PIN, and you will then be asked for the PUK code.