Security module
The security module provides security services for WAP-related applications and enables digital
signing. If present, the security module is in the SIM card as an optional service of your service
provider. The security module helps to prevent the card content from being maliciously read or
modified. (It can contain certificates, as well as private and public keys to operate the certificates. The
certificates are stored in the security module by the SIM card issuer or the service provider.)
Digital signature
You can sign, for example, a bill or a financial contract digitally while using WAP. Note that the
signature can be traced back to you via the private key and the associated certificate that was used to
perform the signature, so signing using the digital signature is the same as signing your name to a
paper bill, contract or other document.
When you select a link, for example, the title of the book you want to buy and its price, the digital
signature procedure starts and shows the text to be signed. At this point the header text is
Read
and
the digital signature icon
is shown.
Note: If the digital signature icon does not appear, this means that there is a security breach,
and you should not enter any personal data such as your signing PIN.
To sign the displayed text, select
Sign
, after you have read all of the text.
Note: The text may not fit within a single screen. Therefore, make sure to scroll through and
read all of the text before signing.
Select the user certificate you want to use in the signing. Key in the signing PIN (supplied by the
service provider) and press
OK
. Since the PIN code will not be sent outside the phone, it will remain
©2002 Nokia Corporation. All rights reserved.
Me
n
u
fu
ncti
o
n
s
74
secret. The phone shows a confirmation of your purchase, the digital signature icon will disappear, and
you can continue browsing or end the WAP connection.
Certificates
There are three kinds of certificates:
• Server certificates
A server certificate is sent from the server to the phone and its validity is checked using the
authority certificates stored in the phone or the security module. This process helps to determine
whether a WAP gateway or a WAP server is the one it claims to be.
You will see a note on the phone display if the identity of the WAP server or WAP gateway cannot
be verified, if the WAP server or WAP gateway certificate is not authentic or if you do not have the
right authority certificate on your phone.
• Authority certificates
Authority certificates are used by some WAP services, such as banking services, for checking
signatures, server certificates or other authority certificates.
You can download the certificate from a WAP page, if the WAP service supports the use of authority
certificates. After the download, you can view the certificate and then save or delete it. If you save
the certificate, it is added to the certificate list on the phone. Authority certificates may also be
available in the security module.
• User certificates
User certificates are issued to users by a Certifying Authority, for example, a bank. They associate a
user with a specific private key in a security module, and they are stored in the module by the SIM
card issuer or the service provider.
©2002 Nokia Corporation. All rights reserved.
Me
n
u
fu
ncti
o
n
s
75
Me
n
u
fu
ncti
o
n
s
Security module settings
Press
Menu
, select
Services
,
Settings
and
Security module settings
. If there is no security module in the
phone,
Insert security module
is displayed.
In the
Security module settings
menu you have the following options:
•
Security module details
show the security module label, its status, manufacturer and serial number.
•
Module PIN request
: The phone asks you for the module PIN code, which is supplied with the SIM
card. Key in the code, and select
On
to set the security module to ask for the module PIN code.
•
Change module PIN
: Key in the current module PIN code. Press
Change
and key in the new code
twice.
•
Change signing PIN
shows a list of signing PINs in alphabetical order, if you have more than one
signing PIN on your phone. The signing PIN is supplied with the SIM card. Select the signing PIN you
want to change. Key in the current signing PIN code. Press
Change
and key in the new code twice.
If you key in a wrong PIN code several times, the phone may display
PIN code blocked
and ask you to
key in the PUK code. Contact your service provider to get the PUK code, and key it in. To key in the PUK
code later, you must first try to use the PIN, and you will then be asked for the PUK code.