用户中心
收藏本站
登录    网员申请 | VIS虚拟信息系统   
通信标准 | 政策法规 | 出版物 | 产业资讯 | 专题跟踪 | 交流研讨 | 通信学苑
 您当前的位置:PTSN首页>>通信标准>>开放移动联盟


WAP-198-WIM 无线识别模块
标准号 WAP-198-WIM     登录可关注该标准
中文名称 无线识别模块
英文名称 Wireless Identity Module
发布日期 2000-02-18
适用范围 The Wireless Application Protocol (WAP) is a result of continuous work to define an industry-wide specification for
developing applications that operate over wireless communication networks. The scope for the WAP Forum is to define a set
of specifications to be used by service applications. The wireless market is growing very quickly, and reaching new
customers and services. To enable operators and manufacturers to meet the challenges in advanced services, differentiation
and fast/flexible service creation WAP Forum defines a set of protocols in transport, security, transaction, session and
application layers. For additional information on the WAP architecture, please refer to “Wireless Application Protocol
Architecture Specification” [WAPARCH].
WAP security functionality includes the Wireless Transport Layer Security [WAPWTLS] and application level security,
accessible using the Wireless Markup Language Script [WMLScript]. For optimum security, some parts of the security
functionality need to be performed by a tamper-resistant device, so that an attacker cannot retrieve sensitive data. Such data
is especially the permanent private keys used in the WTLS handshake with client authentication, and for making application
level electronic signatures (such as confirming an application level transaction). In WTLS, also the master secrets, protecting
secure sessions, are relatively long living ?C which could be several days. This is in order to avoid frequent full handshakes
which are relatively heavy both computationally and due to large data transfer. Master secrets are used as a source of
entropy, to calculate MAC keys and message encryption keys which are used to secure a limited number of messages,
depending on usage of WTLS.
The WAP Identity Module (WIM) is used in performing WTLS and application level security functions, and especially, to
store and process information needed for user identification and authentication. The functionality presented here is based on
the requirement that sensitive data, especially keys, can be stored in the WIM, and all operations where these keys are
involved can be performed in the WIM.
An example of a WIM implementation is a smart card. In the phone, it can be the Subscriber Identity Module (SIM) card or
an external smart card. The way which a phone and a smart card interact is specified as a command-response protocol, using
Application Protocol Data Units (APDU) specific to this application. This specification is based on ISO7816 series of
standards on smart cards and the related GSM specifications [GSM11.11], where applicable.
This specification concentrates on defining an interface between the part of a WAP client device that is not considered
tamper-resistant, and a tamper-resistant component, the WIM.
A basic requirement for WIM implementation is that it is tamper-resistant. This means that certain physical hardware
protection is used, which makes it unfeasible to extract or modify information in the module (volatile, non-volatile memory
and other parts). Technology used in smart cards are examples of this kind of protection. Regular mobile phones and PDAs
cannot be considered tamper-resistant. For these devices, e.g. extracting information from the module may be difficult but
still feasible with a proper equipment.
This specification does not define exact requirements for tamper-resistance. Businesses can enforce certain requirements and
policies using PKI based mechanisms. Applications should only accept certificates signed by Certification Authorities that
are know to fullfil the requirements and policies.
PKI functionality (including WTLS client authentication with private keys, and WMLScript digital signatures) can be
implemented in pure software in normal PDAs or phones, using password protection, encryption etc. However, such
implementations cannot be considered as WIM implementations, and are out of scope of this specification. At the same time,
service interfaces defined in this specification may be useful for designing internal software interfaces for these
implementations.
页数 100
全文上线日期 2003-07-14
全文下载
 PDF (264K)  
  需要安装Acrobat Reader插件,详情参考使用说明
  只有通标网D、F、G、W、X、Y网员可以访问该资源。
·为保障您的浏览器正常下载此文件,请将本网站加入信任站点。设置详情>>


热卖光盘
·通信工程_传输布线
·通信工程_无线网络
·TD-LTE标准全文光盘
·LTE FDD标准全文光盘
·物联网标准全文光盘
更多..


关于我们 用户中心 友情链接
主办:中国通信标准化协会  维护:通信标准化推进中心 京ICP备05002969号-3
服务热线:010-82054513 
Copyright© 2007 www.ptsn.net.cn. All Rights Reserved.