[Cover] [Previous Section] [Next Section] [Index]
Current chapter: Creating Secure HDML Services
Section 44 out of 67 total sections
, Section 2 out of 5 sections in this chapter
Overview of UP.Link platform security
The UP.Link platform extends standard Web security practices and protocols to handheld devices. The following sections summarize how the UP.Link platform supports secure communication.
UP.Link-UP.Phone communication
In general, communication between the UP.Link server and the UP.Phone is very secure. By default, the UP.Link server and the UP.Phone use encrypted Handheld Device Transfer Protocol (HDTP), which provides the following types of security protection:
- Privacy--the content of each message is encrypted using RSA's RC5 cipher algorithm
- Authenticity--shared secret and session keys mutually authenticate the UP.Phone and UP.Link
- Integrity--both the UP.Phone and UP.Link server detect message corruption
An UP.Link server administrator can choose to use unencrypted HDTP, which provides relatively little security. To determine whether an UP.Link server is using encrypted or unencrypted HDTP, consult with the UP.Link server administrator.
Service-to-UP.Link server communication
The security of communications between your service and an UP.Link server is dependent on the communication protocol you choose. The UP.Link platform supports the following protocols:
|
Protocol or security practice
|
Means/Degree of security
|
|---|
HTTP
|
None
|
HTTP with Basic Authentication
|
Relatively low
|
HTTPS with Basic Authentication
|
High
|
HTTPS with SSL Client Certificates
|
Very high
|
IMPORTANT
Use the same security precautions (e.g. HTTPS and Basic Authentication) in UP.Phone transactions as you would for the same transactions with a conventional Web browser.
[Cover] [Previous Section] [Next Section] [Index]
Current chapter: Creating Secure HDML Services
Section 44 out of 67 total sections
, Section 2 out of 5 sections in this chapter
Copyright © 1999, Unwired Planet, Inc. All rights
reserved.