1 <?xml version="1.0" encoding="utf-8"?> |
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!--Arbortext, Inc., 1988-2004, v.4002--> |
|
3 <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" |
|
4 "concept.dtd"> |
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
5 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
3 <!-- This component and the accompanying materials are made available under the terms of the License |
6 <!-- This component and the accompanying materials are made available under the terms of the License |
4 "Eclipse Public License v1.0" which accompanies this distribution, |
7 "Eclipse Public License v1.0" which accompanies this distribution, |
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
8 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
6 <!-- Initial Contributors: |
9 <!-- Initial Contributors: |
7 Nokia Corporation - initial contribution. |
10 Nokia Corporation - initial contribution. |
8 Contributors: |
11 Contributors: |
9 --> |
12 --> |
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-9058F379-C495-4B22-B270-FF6A80E450B8" xml:lang="en"><title>Device |
13 <concept id="GUID-9058F379-C495-4B22-B270-FF6A80E450B8" xml:lang="en"><title>Device |
13 security mechanisms</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
14 security mechanisms</title> |
|
15 <prolog> |
|
16 <metadata> |
|
17 <keywords></keywords> |
|
18 </metadata> |
|
19 </prolog> |
|
20 <conbody> |
14 <p>The list below contains some common device security mechanisms.</p> |
21 <p>The list below contains some common device security mechanisms.</p> |
15 <section id="GUID-24AD1095-E039-46B5-A39A-1D814D697DA1"><title>Device protection</title> |
22 <section id="GUID-24AD1095-E039-46B5-A39A-1D814D697DA1"><title>Device protection</title> <p>The |
16 <p>The Symbian platform is not well equipped to protect against a physical |
23 Symbian platform is not well equipped to protect against a physical attack |
17 attack (that is, when an attacker has physical access to the mobile device) |
24 (that is, when an attacker has physical access to the mobile device) because |
18 because access to a device is controlled by the device lock feature, which |
25 access to a device is controlled by the device lock feature, which is often |
19 is often not used. Other external methods of protection, like a PIN code or |
26 not used. Other external methods of protection, like a PIN code or Subscriber |
20 Subscriber Identity Module (SIM) locking, tend to provide protection only |
27 Identity Module (SIM) locking, tend to provide protection only when accessing |
21 when accessing a cellular network, leaving the information content vulnerable. |
28 a cellular network, leaving the <?Pub Caret?>information content vulnerable. |
22 Without <xref href="GUID-A1ED2377-E196-423F-A5A2-1889C1CC3E05.dita">cryptographic |
29 Without <xref href="GUID-A1ED2377-E196-423F-A5A2-1889C1CC3E05.dita">cryptographic |
23 protection</xref>, it is possible to gain access to the device's information |
30 protection</xref>, it is possible to gain access to the device's information |
24 storage with hardware-based methods (for example, wiretapping connectors and |
31 storage with hardware-based methods (for example, wiretapping connectors and |
25 direct reading of memory chips).</p> |
32 direct reading of memory chips).</p> </section> |
26 </section> |
33 <section id="GUID-BE16A5D1-B580-4ED6-82D7-16B33B8EEADF"><title>Device authentication</title> <p>Sometimes, |
27 <section id="GUID-BE16A5D1-B580-4ED6-82D7-16B33B8EEADF"><title>Device authentication</title> |
34 for security reasons, an application needs to identify the mobile device it |
28 <p>Sometimes, for security reasons, an application needs to identify the |
35 is running on, for example, to use specific ciphering keys or to apply copy |
29 mobile device it is running on, for example, to use specific ciphering keys |
36 protection. Identification can be done by checking the device's International |
30 or to apply copy protection. Identification can be done by checking the device's |
37 Mobile Equipment Identity (IMEI) code, which is unique in each device used |
31 International Mobile Equipment Identity (IMEI) code, which is unique in each |
38 in cellular networks. To retrieve the IMEI code, you can use, for example |
32 device used in cellular networks. To retrieve the IMEI code, you can use, |
39 the <xref format="application/java-archive" href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/ETel_3rd_Party_API/CTelephonyClass.html#%3a%3aCTelephony%3a%3aGetPhoneId%28TRequestStatus%20%26amp%3b%2cTDes8%20%26amp%3b%29const" |
33 for example the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/ETel_3rd_Party_API/CTelephonyClass.html#%3a%3aCTelephony%3a%3aGetPhoneId%28TRequestStatus%20%26amp%3b%2cTDes8%20%26amp%3b%29const" format="application/java-archive"><codeph>CTelephony::GetPhoneId</codeph></xref> method. For more information, |
40 ><codeph>CTelephony::GetPhoneId</codeph></xref> method. There are different |
34 see <xref href="http://wiki.forum.nokia.com/index.php" scope="external">Retrieving |
41 APIs for retrieving the IMEI code in different versions of SDKs. Refer to |
35 Phone's Manufacturer, Model & IMEI number in Symbian</xref> in the |
42 the SDK API or Symbian documentation for the proper method.</p> <p>Another |
36 Forum Nokia Developer Community Wiki. There are different APIs for retrieving |
43 way to get information about the running platform and the mobile device is |
37 the IMEI code in different versions of SDKs. Refer to the SDK API or Symbian |
44 to use the <codeph>HAL:Get()</codeph> method defined in <codeph>hal.h</codeph> header |
38 documentation for the proper method.</p> |
45 file. For more information and examples, see <xref href="http://developer.symbian.org/wiki/index.php/Device_Product_ID,_Platform_ID_and_HAL_information" |
39 <p>Another way to get information about the running platform and the mobile |
46 scope="external">Device Product ID, Platform ID and HAL information</xref> at |
40 device is to use the <codeph>HAL:Get()</codeph> method defined in <codeph>hal.h</codeph> header |
47 the Symbian Foundation.</p> <p><b>User authentication</b></p> <p>When powering |
41 file. For more information and examples, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/61ae01cb-3c34-47f6-843e-485d4f56409b/S60_Platform_Identification_Codes.html" scope="external">S60 Platform: Identification Codes</xref> on Forum Nokia.</p> |
48 on the device, the user is authenticated in the <i>operating system level</i> with |
42 <p><b>User authentication</b></p> |
49 standard device authentication methods, such as a PIN code and security code |
43 <p>When powering on the device, the user is authenticated in the <i>operating |
50 requests. However, these features can be turned off by the user and are easily |
44 system level</i> with standard device authentication methods, such as a PIN |
51 reset with special hardware. If an application needs to authenticate the user, |
45 code and security code requests. However, these features can be turned off |
52 it should be done in the <i>application level</i> by implementing a separate |
46 by the user and are easily reset with special hardware. If an application |
53 user name/password authentication mechanism.</p> </section> |
47 needs to authenticate the user, it should be done in the <i>application level</i> by |
54 <section id="GUID-962E0183-0CBD-457D-B24C-C0BDB30A58A4"><title>Mobile hardware</title> <p>The |
48 implementing a separate user name/password authentication mechanism.</p> |
55 Symbian platform attempts to ensure the integrity of data even in the presence |
49 </section> |
56 of unreliable communication and a shortage of resources, such as memory, power, |
50 <section id="GUID-962E0183-0CBD-457D-B24C-C0BDB30A58A4"><title>Mobile hardware</title> |
57 and storage.</p> <p>The user may detach removable storage media at any time, |
51 <p>The Symbian platform attempts to ensure the integrity of data even in |
58 either intentionally or unintentionally. The platform has a built-in detach |
52 the presence of unreliable communication and a shortage of resources, such |
59 handling mechanism, but applications should still be prepared for a sudden |
53 as memory, power, and storage.</p> |
60 loss of storage media to prevent data loss or corruption. To check the type |
54 <p>The user may detach removable storage media at any time, either intentionally |
61 of storage media (removable/fixed), use the <xref format="application/java-archive" |
55 or unintentionally. The platform has a built-in detach handling mechanism, |
62 href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aDrive%28%29" |
56 but applications should still be prepared for a sudden loss of storage media |
63 ><codeph>RFs::Drive()</codeph></xref> method. </p> <p>The device may shut |
57 to prevent data loss or corruption. To check the type of storage media (removable/fixed), |
64 down at any time, either by accident or because the battery runs out. Important |
58 use the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aDrive%28%29" format="application/java-archive"><codeph>RFs::Drive()</codeph></xref> method. </p> |
65 data stored in nonpermanent memory should be written to permanent memory as |
59 <p>The device may shut down at any time, either by accident or because |
66 early as possible. To query the battery level, use the <codeph>HAL::Get(EPowerBatteryStatus)</codeph> method. |
60 the battery runs out. Important data stored in nonpermanent memory should |
67 For information on how to retrieve system information, see the <xref href="GUID-54042C84-6216-5930-9CBF-BAF635CECD4D.dita">Power |
61 be written to permanent memory as early as possible. To query the battery |
68 HAL Handler Tutorial</xref>.</p> <p>Even though internal storage is not physically |
62 level, use the <codeph>HAL::Get(EPowerBatteryStatus)</codeph> method. For |
69 protected, you can secure memory cards with password protection. If the locking |
63 information on how to retrieve system information, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/1bd6bf54-7886-43a5-8335-821bcb603049/S60_Platform_System_Information_Example_v2_0_en.zip.html" scope="external">S60 Platform: System Information Example</xref> on Forum Nokia.</p> |
70 option is used (method <xref format="application/java-archive" href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aLockDrive%28%29" |
64 <p>Even though internal storage is not physically protected, you can secure |
71 ><codeph>RFs::LockDrive</codeph></xref>), memory card contents are protected |
65 memory cards with password protection. If the locking option is used (method <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aLockDrive%28%29" format="application/java-archive"><codeph>RFs::LockDrive</codeph></xref>), memory card contents are protected |
|
66 with a password and cannot be read in any other device without it. Password |
72 with a password and cannot be read in any other device without it. Password |
67 locking is an extended functionality of the Multimedia card (MMC), and may |
73 locking is an extended functionality of the Multimedia card (MMC), and may |
68 not be compatible with all hardware and software configurations.</p> |
74 not be compatible with all hardware and software configurations.</p> </section> |
69 </section> |
75 <section id="GUID-9058F379-C495-4B22-B270-FF6A80E450B9"><title>Third-party |
70 <section id="GUID-9058F379-C495-4B22-B270-FF6A80E450B9"><title>Third-party solutions</title> |
76 solutions</title> <p>A mobile device can be protected with third-party security |
71 <p>A mobile device can be protected with third-party security applications. <i>Antivirus |
77 applications. <i>Antivirus software</i> can detect and quarantine any viruses |
72 software</i> can detect and quarantine any viruses that try to access the |
78 that try to access the device, as well as restore infected files. Antivirus |
73 device, as well as restore infected files. Antivirus software is usually used |
79 software is usually used together with <i>firewalls</i> to observe and protect |
74 together with <i>firewalls</i> to observe and protect both incoming and outgoing |
80 both incoming and outgoing data connections. This enables monitoring of important |
75 data connections. This enables monitoring of important data and prevents it |
81 data and prevents it from being sent out of the device. Firewall and antivirus |
76 from being sent out of the device. Firewall and antivirus software can also |
82 software can also be part of an <i>intrusion detection system</i> that notifies |
77 be part of an <i>intrusion detection system</i> that notifies the user whenever |
83 the user whenever a malicious attempt is detected.</p> <p>Furthermore, there |
78 a malicious attempt is detected.</p> |
84 are applications you can use to encrypt existing files, manage passwords, |
79 <p>Furthermore, there are applications you can use to encrypt existing |
85 and store information and data securely (in vaults). You can even cipher information |
80 files, manage passwords, and store information and data securely (in vaults). |
86 in applications and connection methods which do not initially support ciphering |
81 You can even cipher information in applications and connection methods which |
87 (for example, short message service [SMS]).</p> </section> |
82 do not initially support ciphering (for example, short message service [SMS]).</p> |
88 </conbody> |
83 </section> |
89 </concept> |
84 </conbody></concept> |
90 <?Pub *0000006870?> |