Security and notifications

The UP.Link platform supports the following types of notifications:

• Non-secure--which have no security requirements and are simply accepted by the UP.Link server

• Secure--which the UP.Link server accepts only if the HDML service sends them with a special type of server certificate (know as an application certificate). The certificate, which must be provided by an approved Certificate Authority, uniquely identifies the service and allows the UP.Link server to verify that the service is who it claims to be.

By default, UP.Link servers accept only non-secure notifications; secure notifications are disabled. The UP.Link operator must enable the secure port after installation in order to allow receipt of secure notifications. For more information on requesting certificates and sending notifications, see Chapter 5, Creating HDML Services that "Push" Information.

To better understand the role of certificates in the secure notification process, it is helpful to review the different scenarios in which the UP.Link server interacts with services. There are four principal scenarios (depicted in Figure 6-2):

i) Simple (non-secure) HTTP request-response.

Responding to a request from a phone, the UP.Link server issues an HTTP request to the service; the service generates an HTTP response. This is the scenario described in UP.SDK Getting Started Guide. It is the simplest scenario and does not involve any security measures.

ii) HTTP request-response using Secure Socket Layer (SSL) security.

This is the same scenario as a conventional SSL interaction between a Web browser and Web server. It requires the service's Web server to have a valid server certificate from a Certificate Authority accepted by the UP.Link server; the UP.Link server and the service exchange certificates.

iii) Notification with non-secure HTTP request-response.

Notifications are described in Creating HDML Services that "Push" Information. The notifier component of the service sends a notification to the UP.Link server. In order for the UP.Link server to accept the notification, the notifier must present a valid application certificate to the UP.Link server. If the UP.Link server requests the URL associated with the notification, the request and the response are exchanged with no security measures.

iv) Notification with secure HTTP request-response.

This scenario is a combination of scenarios ii) and iii). The service sends a secure notification, presenting a client certificate. If the UP.Link server requests the URL, it optionally supplies a client certificate and the service's Web server supplies a server certificate.

FIGURE  6-2.     HDML Service communication scenarios