13 security mechanisms</title><prolog><metadata><keywords/></metadata></prolog><conbody>

    14 security mechanisms</title>

    15 <prolog>

    16 <metadata>

    17 <keywords></keywords>

    18 </metadata>

    19 </prolog>

    20 <conbody>

    15 <section id="GUID-24AD1095-E039-46B5-A39A-1D814D697DA1"><title>Device protection</title>

    22 <section id="GUID-24AD1095-E039-46B5-A39A-1D814D697DA1"><title>Device protection</title> <p>The

    16 <p>The Symbian platform is not well equipped to protect against a physical

    23 Symbian platform is not well equipped to protect against a physical attack

    17 attack (that is, when an attacker has physical access to the mobile device)

    24 (that is, when an attacker has physical access to the mobile device) because

    18 because access to a device is controlled by the device lock feature, which

    25 access to a device is controlled by the device lock feature, which is often

    19 is often not used. Other external methods of protection, like a PIN code or

    26 not used. Other external methods of protection, like a PIN code or Subscriber

    20 Subscriber Identity Module (SIM) locking, tend to provide protection only

    27 Identity Module (SIM) locking, tend to provide protection only when accessing

    21 when accessing a cellular network, leaving the information content vulnerable.

    28 a cellular network, leaving the <?Pub Caret?>information content vulnerable.

    25 direct reading of memory chips).</p>

    32 direct reading of memory chips).</p> </section>

    26 </section>

    33 <section id="GUID-BE16A5D1-B580-4ED6-82D7-16B33B8EEADF"><title>Device authentication</title> <p>Sometimes,

    27 <section id="GUID-BE16A5D1-B580-4ED6-82D7-16B33B8EEADF"><title>Device authentication</title>

    34 for security reasons, an application needs to identify the mobile device it

    28 <p>Sometimes, for security reasons, an application needs to identify the

    35 is running on, for example, to use specific ciphering keys or to apply copy

    29 mobile device it is running on, for example, to use specific ciphering keys

    36 protection. Identification can be done by checking the device's International

    30 or to apply copy protection. Identification can be done by checking the device's

    37 Mobile Equipment Identity (IMEI) code, which is unique in each device used

    31 International Mobile Equipment Identity (IMEI) code, which is unique in each

    38 in cellular networks. To retrieve the IMEI code, you can use, for example

    32 device used in cellular networks. To retrieve the IMEI code, you can use,

    39 the <xref format="application/java-archive" href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/ETel_3rd_Party_API/CTelephonyClass.html#%3a%3aCTelephony%3a%3aGetPhoneId%28TRequestStatus%20%26amp%3b%2cTDes8%20%26amp%3b%29const"

    33 for example the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/ETel_3rd_Party_API/CTelephonyClass.html#%3a%3aCTelephony%3a%3aGetPhoneId%28TRequestStatus%20%26amp%3b%2cTDes8%20%26amp%3b%29const" format="application/java-archive"><codeph>CTelephony::GetPhoneId</codeph></xref> method. For more information,

    40 ><codeph>CTelephony::GetPhoneId</codeph></xref> method. There are different

    34  see <xref href="http://wiki.forum.nokia.com/index.php" scope="external">Retrieving

    41 APIs for retrieving the IMEI code in different versions of SDKs. Refer to

    35 Phone's Manufacturer, Model &amp; IMEI number in Symbian</xref> in the

    42 the SDK API or Symbian documentation for the proper method.</p> <p>Another

    36 Forum Nokia Developer Community Wiki. There are different APIs for retrieving

    43 way to get information about the running platform and the mobile device is

    37 the IMEI code in different versions of SDKs. Refer to the SDK API or Symbian

    44 to use the <codeph>HAL:Get()</codeph> method defined in <codeph>hal.h</codeph> header

    38 documentation for the proper method.</p>

    45 file. For more information and examples, see <xref href="http://developer.symbian.org/wiki/index.php/Device_Product_ID,_Platform_ID_and_HAL_information"

    39 <p>Another way to get information about the running platform and the mobile

    46 scope="external">Device Product ID, Platform ID and HAL information</xref> at

    40 device is to use the <codeph>HAL:Get()</codeph> method defined in <codeph>hal.h</codeph> header

    47 the Symbian Foundation.</p> <p><b>User authentication</b></p> <p>When powering

    41 file. For more information and examples, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/61ae01cb-3c34-47f6-843e-485d4f56409b/S60_Platform_Identification_Codes.html" scope="external">S60 Platform: Identification Codes</xref> on Forum Nokia.</p>

    48 on the device, the user is authenticated in the <i>operating system level</i> with

    42 <p><b>User authentication</b></p>

    49 standard device authentication methods, such as a PIN code and security code

    43 <p>When powering on the device, the user is authenticated in the <i>operating

    50 requests. However, these features can be turned off by the user and are easily

    44 system level</i> with standard device authentication methods, such as a PIN

    51 reset with special hardware. If an application needs to authenticate the user,

    45 code and security code requests. However, these features can be turned off

    52 it should be done in the <i>application level</i> by implementing a separate

    46 by the user and are easily reset with special hardware. If an application

    53 user name/password authentication mechanism.</p> </section>

    47 needs to authenticate the user, it should be done in the <i>application level</i> by

    54 <section id="GUID-962E0183-0CBD-457D-B24C-C0BDB30A58A4"><title>Mobile hardware</title> <p>The

    48 implementing a separate user name/password authentication mechanism.</p>

    55 Symbian platform attempts to ensure the integrity of data even in the presence

    49 </section>

    56 of unreliable communication and a shortage of resources, such as memory, power,

    50 <section id="GUID-962E0183-0CBD-457D-B24C-C0BDB30A58A4"><title>Mobile hardware</title>

    57 and storage.</p> <p>The user may detach removable storage media at any time,

    51 <p>The Symbian platform attempts to ensure the integrity of data even in

    58 either intentionally or unintentionally. The platform has a built-in detach

    52 the presence of unreliable communication and a shortage of resources, such

    59 handling mechanism, but applications should still be prepared for a sudden

    53 as memory, power, and storage.</p>

    60 loss of storage media to prevent data loss or corruption. To check the type

    54 <p>The user may detach removable storage media at any time, either intentionally

    61 of storage media (removable/fixed), use the <xref format="application/java-archive"

    55 or unintentionally. The platform has a built-in detach handling mechanism,

    62 href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aDrive%28%29"

    56 but applications should still be prepared for a sudden loss of storage media

    63 ><codeph>RFs::Drive()</codeph></xref> method. </p> <p>The device may shut

    57 to prevent data loss or corruption. To check the type of storage media (removable/fixed),

    64 down at any time, either by accident or because the battery runs out. Important

    58 use the <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aDrive%28%29" format="application/java-archive"><codeph>RFs::Drive()</codeph></xref> method. </p>

    65 data stored in nonpermanent memory should be written to permanent memory as

    59 <p>The device may shut down at any time, either by accident or because

    66 early as possible. To query the battery level, use the <codeph>HAL::Get(EPowerBatteryStatus)</codeph> method.

    60 the battery runs out. Important data stored in nonpermanent memory should

    67 For information on how to retrieve system information, see the <xref href="GUID-54042C84-6216-5930-9CBF-BAF635CECD4D.dita">Power

    61 be written to permanent memory as early as possible. To query the battery

    68 HAL Handler Tutorial</xref>.</p> <p>Even though internal storage is not physically

    62 level, use the <codeph>HAL::Get(EPowerBatteryStatus)</codeph> method. For

    69 protected, you can secure memory cards with password protection. If the locking

    63 information on how to retrieve system information, see <xref href="http://www.forum.nokia.com/info/sw.nokia.com/id/1bd6bf54-7886-43a5-8335-821bcb603049/S60_Platform_System_Information_Example_v2_0_en.zip.html" scope="external">S60 Platform: System Information Example</xref> on Forum Nokia.</p>

    70 option is used (method <xref format="application/java-archive" href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aLockDrive%28%29"

    64 <p>Even though internal storage is not physically protected, you can secure

    71 ><codeph>RFs::LockDrive</codeph></xref>), memory card contents are protected

    65 memory cards with password protection. If the locking option is used (method <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/F32_EKA2/RFsClass.html#%3a%3aRFs%3a%3aLockDrive%28%29" format="application/java-archive"><codeph>RFs::LockDrive</codeph></xref>), memory card contents are protected

    68 not be compatible with all hardware and software configurations.</p>

    74 not be compatible with all hardware and software configurations.</p> </section>

    69 </section>

    75 <section id="GUID-9058F379-C495-4B22-B270-FF6A80E450B9"><title>Third-party

    70 <section id="GUID-9058F379-C495-4B22-B270-FF6A80E450B9"><title>Third-party solutions</title>

    76 solutions</title> <p>A mobile device can be protected with third-party security

    71 <p>A mobile device can be protected with third-party security applications. <i>Antivirus

    77 applications. <i>Antivirus software</i> can detect and quarantine any viruses

    72 software</i> can detect and quarantine any viruses that try to access the

    78 that try to access the device, as well as restore infected files. Antivirus

    73 device, as well as restore infected files. Antivirus software is usually used

    79 software is usually used together with <i>firewalls</i> to observe and protect

    74 together with <i>firewalls</i> to observe and protect both incoming and outgoing

    80 both incoming and outgoing data connections. This enables monitoring of important

    75 data connections. This enables monitoring of important data and prevents it

    81 data and prevents it from being sent out of the device. Firewall and antivirus

    76 from being sent out of the device. Firewall and antivirus software can also

    82 software can also be part of an <i>intrusion detection system</i> that notifies

    77 be part of an <i>intrusion detection system</i> that notifies the user whenever

    83 the user whenever a malicious attempt is detected.</p> <p>Furthermore, there

    78 a malicious attempt is detected.</p>

    84 are applications you can use to encrypt existing files, manage passwords,

    79 <p>Furthermore, there are applications you can use to encrypt existing

    85 and store information and data securely (in vaults). You can even cipher information

    80 files, manage passwords, and store information and data securely (in vaults).

    86 in applications and connection methods which do not initially support ciphering

    81 You can even cipher information in applications and connection methods which

    87 (for example, short message service [SMS]).</p> </section>

    82 do not initially support ciphering (for example, short message service [SMS]).</p>

    88 </conbody>

    83 </section>

    89 </concept>

    84 </conbody></concept>

    90 <?Pub *0000006870?>