Page 1
1 (9) Nokia 9290 Communicator Nokia Mobile Phones Security White Paper Security White Paper Copyright Nokia Corporation 2001-2002. All rights reserved. ...
Nokia operates a policy of continuous development. Nokia reserves the right to make changes and improvements to any of the products described in this document without prior notice. Under no circumstances shall Nokia be responsible for any loss of data or income or any special, incidental, consequential or indirect damages howsoever caused.
2.4 Locking The Device The Nokia 9290 Communicator has a feature that enables the locking of the whole device. In this locked state, the device and its data can only be accessed by entering the special lock code. Incoming faxes and data calls are accepted, and voice calls are accepted, and voice calls can be answered when the device cover is closed.
The card needs to be locked and unlocked manually. When in locked state, the information on the card cannot be accessed without reverse-engineering the card itself. Some of the Nokia 9290 Communicator software are stored on the MultiMediaCard. In order to be able to use this software, the card needs to be unlocked. The locking of the MultiMediaCard is independent from device locking discussed above.
As the Nokia 9290 Communicator is a versatile and open programming environment, anyone can create new software for it. Malicious software is a security risk which should be taken into account. Fortunately, the Nokia 9290 Communicator has a secure software installation system that can be used to minimise the risks. The user must always be cautious when installing software, however.
Nokia 9290 Communicator supports various security protocols. 5.1 Incoming Data Calls By relying only on the factory configuration, it is not possible to access the Nokia 9290 Communicator’s files from an incoming data call. However, as with any normal computer, malicious third-party software can potentially degrade the security of the device.
These methods may include, for example, one-time passwords (password generators, tokens, or password lists). If the method works with normal PAP or CHAP, it can be used with the Nokia 9290 Communicator. Other login schemes can be supported using a login script. Some of the alternatives are described below.
5.3.5 Other one-time password systems As the Nokia 9290 Communicator is an open software platform, it is possible to implement any kind of one-time password system (such as S/Key and OPIE) as a separate application. One-time password generators that are currently available for other Symbian operating system (EPOC32) devices can be ported to the Nokia 9290 Communicator with relative ease using the software development kit from Nokia.
The WAP Forum specifies WTLS. The Nokia 9290 Communicator supports strong 128-bit encryption in WTLS, but is able to lower the security level if required by the server. The Nokia 9290 Communicator supports server authentication and key exchange using the RSA algorithm and data encryption using the RC5 algorithm.