EX-4.J 9 exhibit4j.htm EXHIBIT 4.J

Exhibit 4(j)

SERVICE AGREEMENT No. 75963 – SEVEN SOLUTION

By this instrument, on the one side, TELEMIG CELULAR S/A, a private company registered in the Corporate Taxpayer’s ID (CNPJ) 02.320.739/0001-06, with headquarters in the city of Belo Horizonte, Minas Gerais, at Rua Levindo Lopes, 258, Bairro Funcionários, herein represented pursuant to its Bylaws, hereinafter referred to as CONTRACTING PARTY; and on the other side, ERICSSON SERVIÇOS DE TELECOMUNICAÇÕES LTDA, registered in the Corporate Taxpayer’s ID (CNPJ) 03.619.317/0001-07, with headquarters located at Rua Maria Prestes Maia, 300, 4^th floor, Bairro Vila Guilherme, in the city of São Paulo, State of São Paulo, herein represented pursuant its Articles of Association, hereinafter referred to as CONTRACTED PARTY, have mutually executed this SERVICE AGREEMENT – SEVEN SOLUTION, hereinafter simply referred to as AGREEMENT, which shall be governed by the following clauses and conditions:

CLAUSE 1 – DEFINITIONS

The following expressions (whether in the plural or singular form) shall have the meanings established therefor in the Agreement and its Attachments.

1.1. - SEVEN Solution (or SEVEN) shall mean the solution enabling the Client to interact with e-mail applications and personal or corporate computer data by using cellular phone.

1.2. – Platform shall mean the environment composed of hardware and software pertaining to CONTRACTED PARTY or, in the event of Software licensed to the latter, intended for SEVEN’s hosting.

1.3. – User’s Interface shall mean any software, tool or access enabling the user to interact with SEVEN Solution.

1.4. – Client shall mean all clients pertaining to CONTRACTING PARTY’s client base, as well as potential clients thereof.

1.5. - User shall mean every Client subscribing to SEVEN Solution.

1.6. – Active User shall mean every User not suspended or excluded from CONTRACTING PARTY’s client base.

1.7. – Marketing Start-up shall mean the beginning of marketing of any edition of SEVEN Solution.

1.8. – Requirement Book shall mean the compilation of all requirements necessary for implementing SEVEN.

1.9. – Acceptance of SEVEN’s delivery shall mean CONTRACTING PARTY’s acknowledgment that SEVEN is ready and fulfilled all requirements necessary for its implementation.

1.10. – Operating System shall mean platform running internally in a handset.

1.11. – Certification Proceeding shall mean a set of measures to be adopted by CONTRACTED PARTY for proper operation of handset (appointed by CONTRACTING PARTY) in accordance with all SEVEN Solution’s functionalities, within CONTRACTING PARTY’s network.

CLAUSE 2 – SUBJECT MATTER

2.1. - The subject matter hereof is the rendering of services, by CONTRACTED PARTY to CONTRACTING PARTY, related to the use of SEVEN solution, pursuant to the terms and conditions of this Agreement and its Attachments, which are an integral part hereof, namely:

a) Service Level Agreement (“SLA”) – Attachment I;
b) SEVEN Implementation Schedule – Attachment II;
c) Scope and Technical Services Description – Attachment III;
d) Reply to RFP ENG-ML-002/05 Rev. E – Attachment IV; and
e) Business Proposal G5022 Rev. F – Attachment V.

2.1.1. – In the event of conflict between the AGREEMENT and its Attachments, the AGREEMENT shall prevail and, in the event of conflict between the Attachments, whichever it is, the order established in the list above shall prevail.

2.2. - CONTRACTED PARTY shall render to CONTRACTING PARTY the following services related to SEVEN:

a) Implementation and integration of SEVEN Solution;
b) Customization of SEVEN Solution;
c) Hosting of SEVEN Solution;
d) SEVEN Solution’s Management;
e) Software Upgrades and Corrections;
f) Support and maintenance of Platform and Software;
g) Training.

2.2.2. – The services listed in items “a”, “b”, “c”, “d”, “e” and “f” shall be remotely provided, that is, no service shall be rendered in CONTRACTING PARTY’s facilities.

2.2.3. – CONTRACTING PARTY’s personnel training shall be provided by CONTRACTED PARTY in the city of Belo Horizonte, Minas Gerais, and the content and number of persons thereof shall be established in clause 8.1.8.

2.3. - CONTRACTING PARTY may, at its sole discretion, contract SEVEN Sever edition, pursuant to the business conditions set forth in item 8.1.11 below.

CLAUSE 3 – PARTIES’ OBLIGATIONS

In addition to the obligations provided for herein, CONTRACTED PARTY shall:

a) Provide services, pursuant to this Agreement and its Attachments, mainly as to Attachment I (Service Level Agreement) and Attachment III (Scope and Services Technical Description);

b) Maintain the platform physical and logical integrity available for operation of SEVEN, thus being responsible for all items related to the platform security, mainly those related to privacy (confidentiality) of the information content (e-mails) owned by Users;

c) Inform CONTRACTING PARTY, in writing, within at least five (05) business days in advance, of the interruptions in the platform for preventive maintenances;

d) Inform CONTRACTING PARTY, in writing, of any fault or defects that may affect the performance of the platform or services provided after the identification thereof;

e) Use, on a correct and careful basis, the equipment owned by CONTRACTING PARTY and/or Clients available, as applicable;

f) Hold meetings, from time to time, for evaluation of the services provided, together with CONTRACTING PARTY’s representative;

g) Act as service provider duly incorporated vis-à-vis third parties, mainly the National Institute of Social Security (INSS) and the Ministry of Labor, upon performance of inspection activities by the latter, thus bearing all penalties imposed to CONTRACTING PARTY arising from rendering of the services subject matter hereof;

h) Upon performance of any activity inside CONTRACTING PARTY’s facilities, fully comply with and ensure compliance with, by its employees, CONTRACTING PARTY’s internal regulations and Federal, State and Municipal Laws related thereto and in effect, including those regarding Work Security, Environment, CONTRACTING PARTY’s Environment Policy and the Security Procedure for Contracting Service Providers, to be available in CONTRACTING PARTY’s website at
www.telemigcelular.com.br/AEmpresa/Fornecedores/Default.aspx;

i) Disclose the project subject matter hereof to the media, only upon written authorization of CONTRACTING PARTY and such disclosure shall not occur before the Marketing Start-up of SEVEN;

j) Mention CONTRACTING PARTY’s logo and trademark, as well as the nature of the services rendered in business proposals, agreements and portfolios, in an indicative manner, and prepare advertising material, the content and image of which shall be previously approved by CONTRACTING PARTY.

3.1.1. - All record data/alterations, as well as the inclusion of tax documents issued to CONTRACTING PARTY shall be incumbent upon CONTRACTED PARTY, mainly through Supplier’s Homepage and, in such event, such information shall be commercially/legally valid after CONTRACTED PARTY’s approval. CONTRACTED PARTY shall be fully and solely liable for the data provided by it. CONTRACTED PARTY shall inform CONTRACTING PARTY of the data required (name, identity card, individual taxpayer’s ID (CPF) registration number, birth date, e-mail address) for enrollment of users that may access the website. CONTRACTED PARTY undertakes to inform CONTRACTING PARTY of any requirement for exclusion/alteration/inclusion of Website’s users.

3.1.2. – CONTRACTED PARTY may alter its interface for supplying in order to better adapt this proceeding. In such event, CONTRACTING PARTY shall inform CONTRACTED PARTY, and the latter shall issue, as applicable, an additional business proposal for adapting SEVEN Solution to such alterations.

3.2. - In addition to the obligations established herein, CONTRACTING PARTY shall:

a) Carry out and be liable for the transport of data provided by or to the User in its Network;

b) Provide all information required for SEVEN implementation;

c) Report all defect in SEVEN Solution so that CONTRACTED PARTY may take all measures necessary to recover the regular and full operation of said solution;

d) Inform CONTRACTED PARTY, in writing, within five (05) business days in advance, of any alteration in its GPRS network that may affect the SEVEN operation;

e) Hold meetings, from time to time, for evaluating the services performed, with CONTRACTED PARTY’s representatives; and

f) Make payments to CONTRACTED PARTY, pursuant to this Agreement.

CLAUSE 4 – INTELLECTUAL PROPERTY AND LICENSE

4.1. – All Intellectual Property Rights related to SEVEN are and shall be solely held by CONTRACTED PARTY, its suppliers, sub-licensors, controlling companies, controlled

companies or associated company, as applicable. All Intellectual Property Rights arising from any works performed by CONTRACTED PARTY (solely or jointly with third parties) pursuant this Agreement, as well as regarding any copy, enhancement, translation, alteration, new edition or work arising from software materials shall be promptly and solely attributed to CONTRATED PARTY, its suppliers and/or sub-licensers, controlling companies, controlled companies or associated companies (as applicable).

4.2. - CONTRACTED PARTY hereby grants CONTRACTING PARTY all licenses required to govern the operation of SEVEN Solution, on an individual, non-transferable and non-exclusive basis.

4.2.1 – All software, including enhancements, revisions and upgrades provided by CONTRACTED PARTY for the services related to SEVEN Solution shall be provided to CONTRACTING PARTY so that the latter may provide said solution to its Users and, for such purpose, it is hereby authorized to assign to said Users the right to use software licenses required for the User to access the services, pursuant to the provisions hereof.

4.2.2. – Should CONTRACTED PART perform any enhancement in SEVEN Solution (that is, any inclusion or modification in the platform, software or proceedings) that may increase the efficiency and/or efficacy of Solution, CONTRACTED PARTY shall incorporate such enhancements into the solution provided by CONTRACTING PARTY, provided that such modification or addition does not change the basic operation features of Solution, as well as does not affect the compatibility of devices certified by CONTRACTING PARTY, for using SEVEN Solution. Any alteration in the Software shall not be deemed as CONTRACTING PARTY’s property.

4.2.3. – The enhancements mentioned in item 4.2.2 above shall not entail any additional costs to the services contracted hereunder and shall be part of the upgrade of the solution provided by CONTRACTED PARTY.

4.2.4. – Said enhancements provided for in item 4.2.2. shall be previously tested in the test environment to be provided to CONTRACTING PARTY by CONTRACTED PARTY so as to secure that such enhancements do not adversely affect the functionality of the Solution for CONTRACTING PARTY’s Users. Said enhancements shall be only incorporated into to the solution, upon approval of said test by CONTRACTING PARTY.

4.2.5. – CONTRACTED PARTY shall inform, within sixty (60) days in advance, of any enhancement to be performed and shall provide CONTRACTING PARTY with a detailed description of the functionalities to be incorporated into the solution.

4.3. The software License and the authorization for assignment of right to use it, pursuant to item 4.2.1., shall be valid during the effectiveness hereof.

4.4. CONTRACTED PARTY hereby expressly authorizes CONTRACTING PARTY to use its brand/logo to market its services subject matter hereof to its Clients, thus customizing the software corresponding to the use of CONTRACTING PARTY’s logotype and symbol in the latter.

4.5. Except for any provision otherwise, it is hereby agreed that CONTRACTING PARTY shall not receive any ownership or property rights over the software or documentation and that such rights shall continue to be held by CONTRACTED PARTY, its suppliers or licensors.

4.6. CONTRACTING PARTY hereby agrees that the software or the documentation provided to it hereunder or any renewals, extensions or amendments hereto shall be deemed as exclusive and trade secrecy of CONTRACTED PARTY or its suppliers.

4.7. In view of the above, unless for the provisions set forth in item 4.8. below, CONTRACTING PARTY shall:

a) with due regard for the right to use provided for in item 4.2.1 above, not to provide software or documentation or any part or aspects thereof (including any methods or concepts used or expressed therein) to any third party, except for employees or service providers, as required.

b) not obtain any unauthorized copies of software or documentation or parts thereof, except for those backup copies;

c) in the event of authorized copies, as mentioned above, include any warning of copyright or another warning containing in the software or documentation;

d) not modify, decompile, translate (except for internal use), adapt, arrange or correct any mistake or shall carry out other alteration in the software or documentation, without previous approval, in writing, on the part of CONTRACTED PARTY.

e) not use software or documentation for any other purpose, other than that permitted herein; and

f) not transfer the software license and/or documentation to abroad, without the previous consent, in writing, of CONTRACTED PARTY.

4.8. - CONTRACTING PARTY hereby authorizes the preparation and disclosure of manual (User’s guide) to its Clients, containing information, based on software documentation, for giving instructions about the use of the solution by Clients.

4.9. - Pursuant to this clause, the PARTIES’ obligations shall remain valid upon termination or expiration hereof, for any reason whatsoever.

CLAUSE 5 – LIABILITIES

5.1. The PARTIES shall be liable, for its employees, representatives, officers and professionals assigned for rendering of services, for the damages caused to the other PARTY, during performance hereof.

5.2. If either PARTY, during administrative or legal proceeding in which it filed any applicable defense, bears any administrative sanction, indemnification, fine, attorneys’ fee and/or reimbursement to third parties, in view of any action or omission of the other PARTY and/or its employees, representatives, officers, professionals assigned for rendering of the services, the breaching PARTY shall indemnify the non-breaching PARTY, ratably to the amount of the loss suffered by it.

5.3. If either PARTY is obligated to present defense in any action filed by third party, in view of action or omission applicable to the other PARTY and/or its employees, representatives, officers, professionals assigned for rendering of the services, the breaching PARTY shall be impleaded and appear in court to accept the accusation and hold the non-breaching party harmless from any liability, in any way.

5.4. The PARTIES’ liabilities for any indirect damages, loss of production, loss of use, loss of business or incomes, loss of profit or any other special damages, whether incidental or consequential, to be or not reasonably estimated, is limited to the amount equivalent to ten percent (10%) of the amount earned hereunder on the date of the damage.

CLAUSE 6 – GUARANTEES

6.1. – CONTRACTED PARTY, by itself, its suppliers and/or controlling companies, controlled companies or associated company hereby represents that it held a license to use SEVEN Solution, which it is free and clear of any burden and that it is authorized to provide said solution, pursuant to the terms and conditions hereof.

6.2. - The software shall substantially operate pursuant to the technical specifications set forth in Attachment II during the effectiveness hereof.

6.3. - The maintenance and support services shall be guaranteed during the effectiveness hereof.

6.4. - The services shall be provided by personnel with adequate qualification and skill.

6.5. - CONTRACTED PARTY shall not guarantee that the Software provided is fully free of faults, nor that it is fully compatible with the specific specifications of CONTRACTED PARTY or of Clients, which are not provided for in this Agreement and in its Attachments;

6.6. - The guarantees established in Clause 6 above shall not be applied:

i) If the software is used or maintained outside the normal conditions and is not in accordance with the documentation, information, guideline or training provided by CONTRACTED PARTY;

ii) If the defect, non-conformity or deviation, after the implementation of solution, is caused by upgrade or implementation of other product or software not directly or indirectly provided by CONTRACTED PARTY;

iii) If CONTRACTING PARTY prevents CONTRACTED PARTY from inspecting and correcting the defect, non-conformity or deviation;

iv) If CONTRACTING PARTY fails to inform the Users of the required Software upgrades conducted by CONTRACTED PARTY, from time to time, being aware that the User interface enables such upgrades to be remotely made.

6.7. - The guarantees provided for above shall not be applied if such defect is caused by accident, abuse, misuse or modification in the software, without the written consent of CONTRACTED PARTY.

6.8. - The guarantees above shall be the only guarantees provided by CONTRACTED PARTY in connection with the software and shall be provided instead of any other express or implied guarantee, included, but not limited to, those implied guarantee of product resale and adaptation thereof for a specific purpose.

6.9. - CONTRACTED PARTY shall provide maintenance and support services, without any additional charge, pursuant to clause 8.1.6 below. CONTRACTING PARTY shall be liable for providing support to the User regarding the Personal and Server editions.

CLAUSE 7 – ACTION FILED BY THIRD PARTIES

7.1. CONTRACTED PARTY shall defend CONTRACTING PARTY, at its expenses, or shall try to reach to an amicable agreement relating to any action filed by third parties against CONTRACTING PARTY, to the extent that such action is grounded on the allegation that SEVEN Solution directly violated any copyright or patent held by third parties in Brazil, as well as refund costs, losses and adverse judgments to be imposed by final decision in any actions to CONTRACTING PARTY, provided that:

a) CONTRACTING PARTY informs CONTRACTED PARTY, within 48 hours, in writing, of any allegation or claim of violation that it may become aware;

b) CONTRACTING PARTY does not make any confession or statement and fails to take any measure, without the previous consent of CONTRACTED PARTY, and does not acknowledge any liability or otherwise reaches agreement, negotiate or try to negotiate or affect the conclusion of any of said actions, unless for written instruction of CONTRACTED PARTY;

c) CONTRACTED PARTY impleads CONTRACTED PARTY, pursuant to article 70, item III, of the Code of Civil Procedure, thus obligating CONTRACTED PARTY to accept the accusation under article 75, item I, of said law, in order to file an appeal as impleaded party; and

d) CONTRACTING PARTY cooperates with CONTRACTED PARTY in such defense and transaction; and

e) Alleged violation is not arisen from any modification on the part of CONTRACTING PARTY, not approved by the CONTRACTED PARTY.

7.1.1. CONTRACTED PARTY shall take all measures necessary and sufficient for CONTRACTING PARTY to keep using SEVEN solution, provided that such measures do not entail modification in its basic operational features or that adversely affect the performance of the solution.

7.1.2. If the measures provided for in item 7.1.1. above are not sufficient for CONTRACTING PARTY to continue using SEVEN solution, CONTRACTED PARTY shall reimburse the amounts paid by CONTRACTING PARTY hereunder until the occurrence of the fact, except for the costs arising from the marketing and advertising of the products.

CLAUSE 8 – PRICE AND PAYMENT CONDITIONS

8.1. - As compensation for the services subject matter hereof, CONTRACTED PARTY shall receive the following gross amounts, including the expenses required for rendering services related to SEVEN solution contracted hereunder, to wit:

HOSTING SERVICES:

8.1.1. - Hosting: the following price refers to the hosting including licensing, management, support and maintenance of SEVEN on the part of CONTRACTED PARTY as from the Marketing Start-up of platform. Such amounts include the hosting of SEVEN in CONTRACTED PARTY’s platform.

• Monthly price per user: eighteen reais and ten centavos (R$ 18.10)

8.1.2. – Number of subscribers to be charged on a monthly basis shall be the number of useful subscriptions, established as follows:

a) Number of useful subscriptions – (number of subscribers to be charged) / 30, where:

b) Number of subscribers to be charged = (Number of Active Users x use days in the month) – (Trial Users x number of trial days in the month) – (officers and employees of CONTRACTING PARTY x number of use days in the month).

8.1.2.1 - The minimum amount of subscriptions to be charged, on a monthly basis, in the platform shall observe the progression in the table below and the month 1 shall be the month of Marketing Start-up of platform.

	Month 1 – 3	Month 4 – 6	Month 7 – 9	Month 10 – 12	As of Month 13
Subscriptions	0	1000	1000	2000	2000

If the number of useful subscription does not exceed the minimum volume of subscriptions estimated in the table above, it shall prevail for collection purposes.

8.1.3. - CONTRACTED PARTY hereby assigns, free of charge, three hundred (300) subscriptions to CONTRACTING PARTY, for the sole purpose of being used by Officers and employees of CONTRACTING PARTY.

8.1.4. – Until the Marketing Start-up of any SEVEN solution’s edition, any subscription fee shall not be charged.

8.1.5. – The trial period of each User shall not be considered for charging subscriptions. Trial period shall mean a fifteen (15) period as from the beginning of SEVEN for each User, that is, the Users shall be considered only for charging subscription fees as from the sixteenth day (16^th) day as of the use of SEVEN.

8.1.6. – Maintenance and support: The price related to support and maintenance of the platform involving technological upgrades and corrections are included in the price of the Hosting, pursuant to item 8.1.1. above.

SERVICES:

8.1.7. – Implementation, Integration, Customizing and certification proceeding for four (04) handset models specified in Attachment II: four hundred and ninety-nine thousand reais (R$499,000.00). Such price includes management and coordination of implementing project of SEVEN, as well as the customizations required for Solution to fulfill specific CONTRACTED PARTY’s needs.

8.1.8. – Trainings: The prices for training the teams below include the lodging and transport fees incurred by instructor, are:

a) Team of technicians for System Operation and Maintenance: this training shall focus on a deeper detailing in the installation, use, monitoring and troubleshooting of the three editions of SEVEN. The integration of SEVEN with other editions of corporate systems and topics regarding monitoring of SEVEN within a production environment; such team shall be responsible for opening “trouble tickets” to be dealt by CONTRACTED PARTY;

b) Sales team: this training shall focus on the main functionalities of SEVEN, the benefits expected from the adoption thereof and the information about the stand in connection with the competition and the structured business argumentation. The matters related to the platform architecture and security shall be further addressed as to the sales arguments.

c) Team responsible for disclosing information to Callcenter: this training shall focus on the service features such as, installation, use of each interface and compatible interfaces, in connection with the competition, argumentation and counterarguments of each technology and handsets, competition stressing the main benefits of the service for each type.

d) CONTRACTED PARTY shall prepare and provide the party under training with material required for the training, as well as the due multiplication of training courses.

• Training of Team of technicians for operation and maintenance of the system (group composed of 8 participants): twenty-five thousand nine hundred and ninety-six reais (R$25,996.00) per group;

• Training of sales team (group of 8 participants): twenty-five thousand nine hundred and ninety-six reais (R$ 25,996.00) per group;

• Training of Call Center Support Team (group of 8 participants): twenty-five thousand nine hundred and ninety-six reais (R$25,996.00) per group.

e) The non-attendance of participants shall not entitle CONTRACTED PARTY to credit.

8.1.9. - If CONTRACTING PARTY wishes to certify other handsets not certified by CONTRACTED PARTY to CONTRACTING PARTY, except as established in item 8.1.7. above, the amount mentioned in table below shall be considered. This price shall be charged for the new handsets that were not certified by CONTRACTED PARTY and/or its suppliers of non-telecommunications provider services and to which SEVEN has not been adapted to.

Description	Total Expenses -R$
Certification and preparation of new equipment (ceiling)	35,450.00

8.1.10 - The certification shall be conducted within forty-five (45) subsequent days as from said proceeding, to be agreed by the PARTIES.

8.1.11 - The follow-up and implementation of SEVEN Product in the Server edition (optional for the client): the prices related to such activity are provided below, less the expenses incurred with transport and lodging, if required, which shall be subject matter of another contract.

INSTALLATION

• For the city of Belo Horizonte: four thousand and eight hundred reais (R$ 4,800.00) per installation;

• For other cities of Minas Gerais: five thousand and three hundred reais (R$ 5,300.00) per installation;

• For other capitals/cities: six thousand reais (R$6,000.00) per installation.

REMOTE SUPPORT

• For up to 20 calls/month: seventeen thousand reais (R$ 17,000.00) per month.

ON-SITE SUPPORT

• One hundred twenty reais (R$120.00) / worked hour.

8.1.12.- Monthly prices charged pursuant to item 8.1.1 above shall be adjusted as follows:

As to one hundred percent (100%) of the prices of items, the frequency term for adjustment shall be one (01) year as from the Marketing Start-up of solution. They shall be adjusted according to the General Market Price Index (IGP-M) column 7 disclosed by Conjuntura Econômica Magazine published by Getulio Vargas Foundation (FGV) and the following formula:

AP = BP x I / Io, where:

AP Adjusted Price;
BP = Base price in Reais (R$);
Io – IGP-M index, column 7, related to month before the Marketing Start-up of solution;
I = IGP-M index, column 7, related to month before each period of twelve (12) months, as from the beginning of the Marketing Start-up of solution.

8.1.13 - If during the effectiveness of the AGREEMENT, new taxes, charges and social insurance contributions are created, those levied herein are extinguished, or their rates are modified, and as long as such fact has directly effect on prices contracted herein, such prices shall be reviewed upwards or downwards, so that to reflect such modifications, offsetting any differences arising from these modifications.

8.2. Payment conditions:

8.2.1. – The amount for implementing, customization and integration of SEVEN Solution, provided for in item 8.1.7. shall be paid as follows:

a) 50% of the total amount of such activities, upon delivery of phase 1, as established in implantation schedule – Attachment II;

b) 30% of the total amount of such activities, upon Marketing Start-up of phase 2, as established in implementation schedule – Attachment II;

c) 20% of the total amount of such activities, upon Marketing Start-up of phase 3, as established in implementation schedule – Attachment II;

8.2.2. The amount relating to the monthly Hosting service of SEVEN shall be paid by monthly invoices to be sent until the fifth (5^th) day of the month subsequently to the rendering of services.

8.2.3. The payments to CONTRACTED PARTY shall be made within thirty (30) days as of the receipt of collection documents by CONTRACTING PARTY. The payment shall be made on Mondays, Wednesdays and Fridays. Accordingly, if the due date falls in another day, the payment shall be made on Mondays, Wednesdays or Fridays (business days). Accordingly, if the payment date falls on another day, the payment shall be made on the Monday, Wednesday and Friday (business day) subsequent to said day, with imposition of fine or late-payment fine.

8.2.4. If the payment is delayed, the prices shall be adjusted at one hundred and three percent (103%) of the Inter-banking Deposit Certificate (CDI), on a pro rata basis, as from the due date until the actual payment thereof.

8.2.5. In order to make the payments pursuant to clause 8.2., the collection documents shall be sent directly to TELEMIG CELULAR, at Rua Levindo Lopes, 286, 5^th floor, c/o Mr. Daniel Sant’Anna.

8.2.6. The collection document shall be issued containing the following information: Bank’s name, Branch, Bank Account and installment to be paid so that CONTRACTING PARTY may issue a payment order for the services rendered.

8.2.7. In order to make the payments as agreed, CONTRACTED PARTY undertakes to present CONTRACTING PARTY, every day 15 of each month, a copy of the INSS and FGTS payment forms (GFIP and the respective list of employees containing in the SEFIP) of employees that provided training services to CONTRACTING PARTY in the previous month, duly paid, as per item II of article 161 and article 165 of SRP Normative Ruling No. 3/2005. If 15^th day of the month is a holiday or is not a business day, the payment shall be postponed for the first subsequent business day.

8.2.8. The last payment set forth herein shall be made after submission, by CONTRACTED PARTY to CONTRACTING PARTY, of all pending copies of INSS and FGTS payment forms (GFIP and the respective list of employees containing in the SEFIP), as applicable, duly paid, regarding the period of rendering of services.

8.2.9. CONTRACTING PARTY, as to the Tax on Services of any nature (ISSON), shall comply with the provision set forth in the law of the Municipality where the services were actually provided. CONTRACTED PARTY shall inform the content of the Invoice(s) issued, the place where the services were provided, under penalty of not paying and returning it, being liable for such information and, consequently, for any tax notices issued to CONTRACTING PARTY should the Municipality, rather than that mentioned in the Invoice(s), require the payment of the ISSQN.

8.2.10. CONTRACTING PARTY, as to the INSS, shall comply with the provision set forth in Law 9.711/98 and Normative Ruling No. 03/2005. CONTRACTING PARTY shall

send CONTRACTED PARTY a copy of the respective payment forms (GPS) by mail to CONTRACTING PARTY’s address mentioned in the Agreement.

8.2.11. The payment of the INSS contribution shall be mentioned in the Invoice, Bill or receipt of RENDERING OF TRAINING SERVICES, under responsibility of CONTRACTED PARTY.

8.2.12. Except for the payment conditions agreed hereunder, every tax document relating to services provided by CONTRACTED PARTY shall be issued and delivered to CONTRACTING PARTY’s facilities until the 20^th of each month of the respective issuance of invoice, bill or receipt, so that CONTRACTING PARTY may pay the taxes within the term provided by law.

8.2.13. CONTRACTING PARTY, as taxpayer, shall pay the taxes assessed pursuant to the law in effect and it is hereby authorized to discount such amount from any amounts due to CONTRACTED PARTY hereunder.

CLAUSE 9 – EFFECTIVENESS

9.1. This AGREEMENT shall come into effect as of the execution hereof and shall remain in effect for thirty-six (36) months as from the execution date. It shall be automatically renewed for twelve (12) months, except if either PARTY, within sixty(60) days in advance to the end of any additional periods of twelve(12) months, notifies the other PARTY and informs it of its intention to discontinue the contract relationship and, in such event, the AGREEMENT shall be extinguished.

9.2. - Notwithstanding, the provisions hereof shall continue to govern the obligations and responsibilities arising herefrom until the actual extinguishment hereof.

9.3. - Regardless of the term provided for in clause 9.1., CONTRACTING PARTY, at its discretion, on an unjustified and unilateral basis, and provided that it is not in default or delay as to its contract obligations, may terminate this AGREEMENT, upon written notice sent within at least sixty(60) days. In such event, CONTRACTING PARTY shall pay CONTRACTED PARTY, as compensation for the investment made, the amount ascertained as follows:

	Compensation (R$)		Compensation (R$)		Compensation (R$)
Month 1	350,000.00	Month 13	284,347.83	Month 25	205,565.22
Month 2	350,000.00	Month 14	277,782.61	Month 26	199,000.00
Month 3	350,000.00	Month 15	271,217.39	Month 27	179,100.00
Month 4	343,434.78	Month 16	264,652.17	Month 28	159,200.00
Month 5	336,869.57	Month 17	258,086.96	Month 29	139,300.00
Month 6	330,304,35	Month 18	251,521.74	Month 30	119,400.00
Month 7	323,739.13	Month 19	244,956.52	Month 31	99,500.00
Month 8	317,173.91	Month 20	238,391.30	Month 32	79,600.00
Month 9	310,608,70	Month 21	231,826.09	Month 33	59,700.00
Month 10	304,043,26	Month 22	225,260.87	Month 34	39,800.00
Month 11	297,478.26	Month 23	218,695.65	Month 35	19,900.00
Month 12	290,913,04	Month 24	212,130.43	Month 36	0,00

9.4.- The amounts above shall be paid within 30 days as of the end of the term established for issuance of written notice about the contract termination.

9.5. - In the event set forth in clause 9.3, the monthly amounts regarding subscription of platform SEVEN shall be owed by CONTRATING PARTY until the termination hereof, as well as the other amounts regarding the services provided, and no further amount shall thenceforth be owed.

CLAUSE 10 – CONFIDENTIALITY

10.1. The PARTIES hereby agree to keep confidentiality of all information and documents, contacts and technical, business, financial and legal knowledge, to which they may have access hereunder.

10.2. With due regard for the conditions established herein, the PARTIES undertake to hold each other harmless from any liability for any losses, damages, liabilities, loss of profits, incidental damages, burdens, lawsuits, administrative proceedings, charges, legal and/or administrative final decisions, unappealable decisions, costs and expenses, including interest, contract fees, attorneys’ fees, monetary adjustment, court expenses and costs arising from claims filed by third parties, governmental bodies and independent agencies arising from the performance hereof, as well as the content of e-mails of Clients.

10.3. The obligations provided for herein shall remain in force and effect even after the expiration hereof, for any reason whatsoever, for five (05) years.

10.4. The violation of the confidentiality clause shall subject the Breaching PARTY to pay a legal fine, of punitive and compensatory nature, in an amount equivalent to ten percent (10%) of AGREEMENT’s worth, considering, to that effect, all amounts contracted and the monthly amounts shall be invoiced plus the amounts falling due during the remaining term of effectiveness hereof, the amounts of which (falling due) shall be calculated by considering the minimum volume of subscriptions mentioned in item 8.1.2.1., duly adjusted according to the IGPM disclosed by Getulio Vargas Foundation until the payment of fine, without prejudice to the other legal and contractual sanctions.

CLAUSE 11 – TERMINATION

11.1.- This AGREEMENT shall be legally terminated, regardless of any notices, notifications or motions for summon, in the event of bankruptcy, debt rehabilitation or winding-up of either PARTY.

11.2.- This AGREEMENT shall be legally terminated, regardless of any notices, notifications or motions for summons, in connection with the events of termination provided for in Attachment I.

11.3.- This AGREEMENT may be terminated by either party for violation of any obligation, whether legal or conventional, which is not remedied within sixty(60) days as of receipt of a written notice of such violation, default and/or inaccuracy by aggrieved PARTY.

11.3.1- After the term of sixty (60) days provided for in item 11.3. above and if the contract violation is not remedied, CONTRACTED PARTY shall provide services for thirty (30) days as from the end of the term established in item 11.3. above and the Agreement shall be deemed extinguished at the end of the term established in item 11.3.1.

11.4.- Upon evidence of use of infantile-juvenile workforce by CONTRACTED PART, not in accordance with provision set forth in item 12.9. below, CONTRACTING PARTY may terminate this AGREEMENT for cause, without imposition of any penalty fine or indemnification of any nature.

11.5. - In the event of non-compliance with Attachment II by CONTRACTED PARTY, CONTRACTING PARTY may terminate this AGREEMENT for cause, regardless of any prior notice or notification, without prejudice to the application of penalties provided for in Attachment II.

11.6. – Upon extinguishment hereof through CONTRACTED PARTY’s fault, the latter shall not be entitled to receive any compensation for non-performed services, as well as the compensation set forth in item 9.3. and CONTRACTING PARTY may withhold the amounts due

for services rendered and not paid in order to cover charges/expenses arising from termination hereof. CONTRACTING PARTY shall further be entitled to receive indemnification for the losses exceeding the withholding amount and the fines imposed to CONTRACTED PARTY.

11.7. - Upon termination hereof through fault of either PARTY, the Breaching PARTY shall pay a legal and punitive fine, not compensatory, equivalent to ten percent (10%) of AGREEMENT’s worth, considering, to that effect, all amounts contracted and, in connection with the monthly amounts, the amounts invoiced shall be considered plus the amounts falling due during the remaining effectiveness term hereof, to be calculated by using table of item 8.1.2.1, duly adjusted according to the IGPM disclosed by Getulio Vargas Foundation up to the due date of fine, without prejudice to the ascertainment of any losses and damages suffered by non-breaching PARTY. The termination fine established herein shall not be applied in the event of termination hereof as a result of event to which a specific penalty established herein shall be applied, for any reason whatsoever.

CLAUSE 12 – GENERAL PROVISIONS

12.1.- The failure to exercise, by either PARTY, any right or option entitled to it hereunder or any forbearance in connection with violation of the other PARTY shall not affect, nor be construed as waive, novation or forgiveness.

12.2.- No PARTY hereto may assign or transfer to third parties, on any account, whether in whole or in part, the rights and/or obligations hereunder, without the prior consent, in writing, of the other PARTY.

12.3.- All charges relating to employees, agents and/or representatives of either PARTY shall be borne by Employer PARTY, pursuant to labor and social security law, without right to any refund or compensation

12.4.- If CONTRACTED PARTY’s employees are required to remain inside CONTRACTING PARTY’s facilities for development of the subject matter hereof, in order to have access to its equipment, such event shall not entail the acknowledgment of personal rendering of service, nor direct subordination between CONTRACTED PARTY’s employees and CONTRACTING PARTY and such fact shall not be entail any employment relationship.

12.5.- Except as otherwise expressly provided for herein, the use, including the manner of use, of any brand, trademark, domain name, patent or any intellectual property of the other PARTY shall be previously approved, in writing, by the respective PARTY.

12.6.- CONTRACTED PARTY, upon express consent of CONTRACTING PARTY, shall allow that SEVEN solution be used by AMAZÔNIA CELULAR S/A (AMAZÔNIA), a private company registered in the CNPJ/MF under No. 02.340.278/0001-33, with headquarters at Travessa Rui Barbosa, 931, Bairro Reduto, in the city of Belém, PA, including in connection with the customization of brand and logo of AMAZÔNIA CELULAR in the software, provided that: (i) the terms and conditions hereof are observed; and (ii) such use is previously informed, in writing, to CONTRACTED PARTY;

12.6.1- AMAZÔNIA’s adhesion to this agreement shall be carried out upon issuance of PURCHASE ORDER to CONTRACTED PARTY in the amount of fifty-nine thousand nine hundred and ninety reais (R$ 59,990.00) relating to the SEVEN customization, including the certifying of handset models to be exclusively required by CONTRACTING PARTY. No other amount shall or may be deemed due by AMAZÔNIA to CONTRACTED PARTY.

12.7.- CONTRACTED PARTY, in the event of security violation of SEVEN solution that may entail any risk to the integrity of information (e-mails) owned by Users, shall evaluate, together with CONTRACTING PARTY, the options to identify and correct any security fault.

12.8.- This AGREEMENT shall establish obligations for both parties, within the limits of the provisions set forth herein. No other obligation or right between the PARTIES, however, shall be deemed as necessary or existing, in addition to those specifically established herein.

12.9.- CONTRACTED PARTY hereby guarantees, by itself and its suppliers, that it complies with the provisions set forth in article 7, item XXXIII, of the Federal Constitution, which prohibits minor individual under eighteen (18) years old to work at night, performing dangerous and unhealthy activities and minor under sixteen (16) years old to perform any work, except as trainees, as from fourteen (14) years old, pursuant to commitment reached between CONTRACTING PARTY and Abrinq Foundation for Children and Adolescent Rights.

12.10.- All notifications or communications of any kind to be sent to either PARTY to the other PARTY hereunder shall be made in writing and (i) sent by facsimile or e-mail, provided that the written receipt evidence is provided by addressee by facsimile and; (ii) sent by the Registry of Deeds and Documents; or (iii) personally delivered, against written receipt by addressee, to the following addresses:

a) If to CONTRACTING PARTY:
Attn.: Daniel Sant’Anna
Phone: (31) 9978-3610
E-mail: daniel.pereira@telemigcelular.com.br

b) If to CONTRACTED PARTY:
Attn.: Paulo da Costa Ferreira
Phone: 11-8259-7522
E-mail: paulo.ferreira@ericsson.com.br

12.11.- The commitments and obligations assumed herein by PARTIES shall be subject to specific enforcement proceedings, pursuant to articles 461, 632 and 639 et seq of Code of Civil Procedure, and this instrument shall be deemed an extrajudicial enforcement instrument, pursuant to article 585, item II, of the Code of Civil Procedure.

12.12- This Agreement shall represent the entire agreement between the Parties in connection with the matters dealt with herein and shall supersede all discussions and documents related to the same matters.

CLAUSE 13 – JURISDICTION

13.1.- The PARTIES hereby elect the Judicial District of Belo Horizonte, Minas Gerais, to settle any matters arising out of this AGREEMENT, to the exclusion of any other courts, however privileged they may be.

IN WITNESS WHEREOF, the PARTIES have executed this instrument in two (02) counterparts of equal form and content in the presence of the following witnesses.

Belo Horizonte, October 11, 2005.

CONTRACTING PARTY
TELEMIG CELULAR S/A

(signed)
Erik Fernandes
Marketing Director

CONTRACTED PARTY
ERICSSON SERVIÇOS DE TELECOMUNICAÇÕES LTDA.

(signed)
Name: Sergio Quiroga da Cunha

Position: Vice Business Officer

(signed)
Name: André Machado Fonseca
Position: Business Officer

Witnesses:
(signed)
Name: Luiz Antonio Tavares da Silva
Individual Taxpayer’s ID: 177.977.638-10

(signed)
Name: Daniel Sant’Anna
Individual Taxpayer’s ID: 035.695.596-61

ATTACHMENT I

SERVICE LEVEL AGREEMENT

SEVEN Solution

CLAUSE 1 – SCOPE OF SERVICES

1.1.- The services subject matter of the AGREEMENT shall be classified as follows:

1.1.1.- SERVICE AVAILABILITY: management services of SEVEN platform in order to guarantee the availability levels contracted.

1.1.2.- CORRECTIVE MAINTENANCES: services performed to correct faults in SEVEN Solution (hardware and software).

1.1.3.- SCHEDULED INTERRUPTIONS: services of preventive maintenance of platform.

1.1.4.- OPERATIONAL SUPPORT: services provided for follow up on the use of SEVEN solution’s functionalities, such as, analysis of the problems identified and giving support to CONTRACTING PARTY in fulfilling the needs of users (Clients) of services.

1.1.5.- TRAINING: CONTRACTED PARTY shall provide training and documentation describing the support and maintenance required, including detailed key lines of reports and questions to be posed or clarified, before opening of request (open ticket) by CONTRACTING PARTY in order to identify and correct a fault, as well as provide details on the operation; identify and solve the problems of SEVEN solution in each certified/ratified handset.

CLAUSE 2 – SERVICE AVAILABILITY

2.1. The services subject matter hereof shall be provided as follows:

2.1.1.- Service Availability: service availability, including web interface, for supplying, which shall be combined with CONTRACTING PARTY’s website, availability and integrity of download files required, availability of web services required for use of SEVEN solution and any other physical or logical component of SEVEN platform for continuous maintenance of the service provided, shall be available at least 99.5%.

2.1.2.- Parameters for availability ascertainment: the availability shall be ascertained by CONTRACTING PARTY, pursuant to parameters established with CONTRACTED PARTY during the implementation phase. During the agreement effectiveness, on a quarterly basis, CONTRACTING PARTY may include new parameters to be ascertained and that shall be agreed so as to reduce the effects caused by the unavailability of specific functionalities of platform that are not being ascertained.

2.1.3.- Calculation of availability level:

The availability level related to the previous month shall be calculated as follows:

A = [(720 – X) / 720] * 100

Where:

A – Availability
X – Sum of periods of interruption or faults identified by CONTRACTING PARTY in hours during the month.

2.1.4.- For purposes of calculating the Service Availability, the following unavailability shall not be considered:

a) Periods in which SEVEN Solution is in preventive maintenance or scheduled interruptions, provided that it does not exceed 06 subsequent hours of interruption within the period in which the service is less used. (Example: weekends or from 0:00 to 6 A.M. during the week).

b) Periods of service unavailability resulting from problems in the network or other corporate systems of CONTRACTING PARTY.

CLAUSE 3 – HANDLING OF EVENTS

3.1. - Corrective Maintenances: a ticket shall be opened by CONTRACTING PARTY, mentioning the information and describing the problem in details.

a) The period for solving the problems shall be computed as of the opening of the ticket until the closing thereof, as established in item 6 of Attachment III of Agreement;

b) CONTRACTED PARTY shall issue a monthly report on trouble tickets classified as scheduled interruptions (preventive maintenance) and non-scheduled interruptions (corrective maintenance).

3.2.- The defects shall be classified pursuant to the following seriousness criteria:

a) Seriousness level 1 – problems or faults entailing full or partial loss (whether intermittent or not) of functionalities of SEVEN Solution, thus adversely affecting all users or substantial group of users;

b) Seriousness level 2 – problems or faults entailing partial loss of operation of specific functionalities of software. The following fall under such classification, among others:

(i) Total or substantial loss of one of the service functionalities;
(ii) Cyclical or frequent restart (once a week) of one of the service functionalities; and
(iii) Reduction of performance level of service.

c) Seriousness level 3 – problem deemed by CONTRACTING PARTY as non-critical and that requires an immediate solution, involving one or few users in which there is a possibility of offering a contingency solution; and

d) Seriousness level 4 – low critical level or performance problems caused by one or no user.

3.3.- CONTRACTED PARTY shall attend the requests, during twenty-four (24) hours, seven (07) days a week (24x7 support)

3.4.- Reply time per seriousness level:

In the event of any problem in the SEVEN solution, regardless of the seriousness level, CONTRACTED PARTY shall take all measures to solve it, as soon as possible, by taking all emergency measures or within the smallest term in order to reduce the effects or partially reestablish the service until the solution thereof, with due regard for the maximum reply time provided below:

Problem level	Initial Reply	Frequency of updating the problem status	Maximum Reply time for solving the problem
Seriousness level 1	30 minutes	4 hours	48 hours
Seriousness level 2	60 minutes	24 hours	72 hours
Seriousness level 3	1 business day	5 business days	45 business days
Seriousness level 4	7 business days	21 business days	90 business days

3.4.1.- If the Reply Time may not or is expected not to be reached, CONTRACTED PARTY, as soon as possible, shall provide CONTRACTING PARTY with information on the reasons for non-fulfillment of the Reply Time, as well as the plan to be applied to solve it. The parties may mutually agree to extend the Reply Time for a particular problem, in

view of the circumstances of the event, as well as the efforts to solve the problem on the part of CONTRACTED PARTY.

3.5. The delay terms resulting from CONTRACTING PARTY’s fault shall not be considered to apply the penalties provided for herein.

3.6. Scheduled Interruptions: CONTRACTED PARTY shall schedule it, within at least seventy-two (72) business hours in advance. The scheduled maintenance shall be informed by e-mail describing the reason, effects and the term estimated for regularizing the services.

3.7. Operational Support: CONTRACTED PARTY shall provide a team to attend these requests as per demand planned by CONTRACTING PARTY. The professionals allocated to this team shall have, in addition to specific technical know-how for SEVEN solution, knowledge about operational details of CONTRACTING PARTY. Such activity shall be performed out-site, from 7 a.m to 7 p.m. (Brazil time – GMT – 3:00) from Monday to Friday, except for holidays.

3.8. Training: CONTRACTED PARTY shall provide a team of experienced professional able to train CONTRACTING PARTY’s professionals.

CLAUSE 4 – PENALTIES

4.1.- Fines may be applied during the rendering of the services hereunder in the event of non-compliance with the availability level established in item 2.1.1. above, according to the following detailed criteria. The availability level shall be ascertained on a monthly basis, during the month, for application of penalties. The penalty shall be applied as a discount of the amount due in the respective month, corresponding to the number of subscriptions invoiced in such month (clause 8.1.1. of Agreement), as per table below.

4.1.1.- Penalties shall not be applied during the period of evaluation and adjustment of SLA (clause 5 below).

4.1.2.- At the end of the evaluation and adjustment of SLA, it is hereby agreed that in the event of non-compliance with the minimum availability level (99.5%), the fine set forth in item 4.1. above shall be applied, at the fixed percentage of ten percent (10%).

4.1.3.- If the annual average level does not exceed 98.1%, CONTRACTING PARTY may terminate the service agreement, pursuant to clause 11.2 of the Agreement.

4.2.- During the rendering of the services contracted hereunder, late-payment fines may be applied in the event of delay in complying with the reply time and solving the problems (clause 3 above) for the corrective maintenance services based on the following detailed criteria.

4.2.1.- At the end of each month, the number of open tickets shall be ascertained by CONTRACTING PARTY, plus the quantity of delays in the reply time and solving the problems so as to establish, on a percentage basis, the quantity of problems (faults) replied/corrected in delay in connection with the total number of tickets opened during the month.

4.2.2.- The penalty to be applied as discount of the amount to be paid during the month is corresponding to the number of subscriptions invoiced in said month (clause 8.1.1 of the Agreement):

Tickets in delay during the month (%)	Fine (%)
2% to 10%	1%
11% to 20%	2%
21% to 30%	3%

31% to 40%	4%
41% to 50%	5%
51 to 60%	6%
61% to 70%	7%
71% to 80%	8%
81% to 90%	9%
91% to 100%	10%

4.3.- Delay percentage smaller than 1% shall not be considered for applying late-payment fines.

4.4.- In the event of repeated delays (2 subsequent months), the percentage of which exceeds 50%, CONTRACTING PARTY may opt for terminating the agreement pursuant to clause 11.2. above, instead of applying the late-payment fine established in item 4.2.2. above.

4.5.- The fines provided for herein are cumulative, however, under no circumstances, they may exceed 10% of the amount corresponding to the number of subscription invoiced during the month.

CLAUSE 5 – PERIOD OF EVALUATION AND ADJUSTMENT OF SLA

5.1.- During the three (03) first months of the AGREEMENT, the measurement of SLA (level of availability and reply time) shall be ascertained by CONTRACTING PARTY so as to make the adjustment required and the availability percentage and reply time may be altered so as to fulfill the rendering of services. Accordingly, it is hereby understood that the parameters established in such SLA shall be validated and altered after the testing and evaluation period agreed herein.

ATTACHMENT II

IMPLEMENTATION SCHEDULE

SEVEN Solution

CLAUSE 1 – IMPLEMENTATION SCHEDULE

1.1.- The implementation of SEVEN Solution shall be conducted in accordance with the phases and terms established in the following schedule.

CLAUSE 2 – PENALTIES

2.1.- In the event of any delay in complying with the terms established in the implementation schedule of SEVEN Solution, which may delays the marketing start-up thereof, CONTRACTED PARTY shall be subject to payment of a late-payment fine, non-compensatory, up to ten percent (10%) of the total amount of all activities provided for in the implementation schedule (S), to be calculated as follows:

F = (0.0033 X D) X S

Where:

F = amount of fee
D = delay expressed in days
S = sum of amounts of all activities set forth in implementation schedule, the amounts of which are established in Clause 8 of Agreement, item 8.1.7, SERVICES item.

2.1.1.- If the marketing start-up delays more than thirty (30) days as of the day initially established in the implementation schedule, CONTRACTING PARTY may, at its discretion, opt for terminating the agreement pursuant to item 11.5. of Agreement.

2.1.2.- Any delay in the implementation schedule, for which CONTRACTING PARTY is solely liable, shall not entail the right to terminate provided for in item 2.1.1. above, as well as the application of fine set forth in clause 2, item 2.1. In such event, the term for marketing start-up shall be extended ratably to the delay time caused exclusively by CONTRACTING PARTY.

2.1.3.- In any event provided for herein, phase 1 of the implementation schedule shall not be smaller than thirty(30) days.

2.2.- If CONTRACTED PARTY, until the end of phase 3 of the implementation schedule, does not deliver the functionalities and/or services, as established in Attachment III and in the implementation schedule, CONTRACTING PARTY may withhold 50% of the payment of the last installment related to the implementation service of SEVEN Solution until the delivery of the total SEVEN Solution on the part of CONTRACTED PARTY, with all functionalities, even if it does not adversely affect the marketing start-up of Solution.

2.3.- During the implementation, CONTRACTED PARTY shall send a weekly report and, if required, a daily communication/meeting by phone, regarding the development of the project and the activities performed, in addition to secure the follow-up on the schedule required.

Requirements	Phase 0	Phase 1	Phase 2	Phase 3
Development Term	5 subsequent days (as of the execution of the agreement)	40 subsequent days (as of the delivery of phase 0)	45 subsequent days (as of the delivery of phase 1)	35 subsequent days (as of the delivery of phase 2)
Editions	Definition of requirements for offering editions in the three phases	Personal and Server shall be offered as trial, free of charge	Marketing start-up of Personal edition and continuance of use of Server trial edition	Marketing start-up of SERVER edition
Branding	Definition of requirements pursuant to Attachment III	Telemig’s logo	Customization of PERSONAL edition	Customization of SERVER edition
Language		Language available (English) for PERSONAL and SERVER editions	Portuguese (Brazil) edition of PERSONAL and Nokia 6230 and Motorola v636 handset customers	Portuguese (Brazil) SERVER edition for Treo 600/650 terminals
Integration SMSC and WAP Gateway		Integration to SMSC shall not be provided in such phase	Integrated System using VPN and SMSC of Telemig for notifications by SMS and WAP Gateway for supplying user via WAP PUSH	Integrated – phase 2
Supplying of Users		Users registered in Telemig’s homepage shall be addressed to the native Supplier’s homepage, where the user shall be registered in the platform	Users registered in Telemig’s homepage shall be addressed to Supplier’s homepage (upon connection validation), where the platform user shall be registered	Users registered in Telemig’s homepage shall be addressed to Supplier’s homepage (upon connection validation), where the user shall be registered in the platform
Management of Users		The management of users shall be conducted by management application of Native Solution platform	The users management shall be conducted by the management application of platform of Native Solution	The users management shall be conducted through batch proceeding executed each 12 hours
Push and certifications		IP-Push available (only TREO) and Nokia 6230 (SMS-push only in phase 2)	SMS and IP-Push provided, including Nokia 6230 and Motorola v635 terminals (if technically approved), TREO 600 and Treo 650	SMS and IP-Push provided, including Nokia 6230, Motorola v635, TREO 600 and Treo 650 terminals
Training		Developed by TC based on material provided by supplier	The following training courses shall be given:Call center trainingOperation/Maintenance trainingSales training	Training already conducted in phase 2
Payment of licenses to Ericsson		TC shall not paid any fee to Ericsson/SEVEN for the licenses granted	Request for valid licenses by Ericsson only for PERSONAL edition	Request for valid licenses by Ericsson only for SERVER edition

ATTACHMENT III – Scope and Technical Description of the Services

TABLE OF CONTENTS

1.	PRODUCT/SERVICE SCOPE
	1.1.	General Information
		1.1.1	Solution Architecture
		1.1.2	Push Channels (new in 6.5)
		1.1.3	Transport Security
		1.1.4	Connectivity
		1.1.5	Authentication
		1.1.6	Highlighted Features
		1.1.7	Platforms ratified by SEVEN
		1.1.8	Handset certified by SEVEN
	1.2	User Interfaces included in the proposal
		1.2.1	WEB Interface for supplying and configuration (PERSONAL and SERVER Edition)
		1.2.2	WEB Interface for access to solution functionalities
		1.2.3	WAP/xHTML Interfaces for access to solution functionalities
		1.2.4	Client Software for Desktop
		1.2.5	Solution for Management of SERVER Edition by User
		1.2.6	Handset Clients
		1.2.7	Interfaces for Solution Management
2.	IMPLEMENTATION
	2.1	Terms
	2.2	Definition of Requirements
	2.3	Trial Period
	2.4	Customization of user interfaces
		2.4.1	Translation into Portuguese (Brazil)
		2.4.2	Alteration of brands and colors
	2.5	Integration to SMS-C and Wap Gateway platforms
	2.6	Parameters for PUSH signaling
		2.6.1.	Signaling Options
	2.7	Supplying Integration
	2.8	Activities to be performed during transition of each phase
	2.9	Trainings
	2.10	Billing
	2.11	Marketing Start-up of PERSONAL edition
	2.12	Marketing Start-up of SERVER edition
	2.13	Installation and configuration
3.	HOSTING
4.	CERTIFICATION OF HANDSETS
	4.1	Nokia 6230
	4.2	Motorola V635
	4.3	Palm Treo 600
	4.4	Palm Treo 650
	4.5	Certification of Handsets
		4.5.1. Branding
		4.5.2. Translation
		4.5.3. Documentation
		4.5.4. Tests
		4.5.5. Test by CONTRACTING PARTY
5.	OPERATION AND MANAGEMENT OF PLATFORM
	5.1.	Operation
		5.1.1. Delivery Manager
		5.1.2. Management and Contacts Model
		5.1.3. Management Committee
		5.1.4. Project Manager
		5.1.5. Telemig’s Contacts
		5.1.6. Ericsson’s Contacts
	5.2.	Maintenance
		5.2.1. Upgrades and Correction of Software
		5.2.2. Preventive Actions
6.	SUPPORT
	6.1.	Working Level Agreement (WLA)
7.	REPORTS
8.	ATTACHMENTS

1.PRODUCT/SERVICE SCOPE

The scope of the services to be rendered by CONTRACTED PARTY hereunder encompasses the following activities:

a) Implementation of SEVEN Solution in technical accordance with this document;
b) Hosting of SEVEN Platform;
c) Certification of handsets established by CONTRACTING PARTY;
d) Operation and management of the platform;
e) Support to SEVEN Solution during the effectiveness of the Agreement;
f) Providing reports, on a regular basis, on indicators and information required for follow up on and management of solution.

SEVEN solution’s editions subject matter hereof contracted by CONTRACTING PARTY are:

• Seven Personal Edition 6.5;
• Seven Server Edition 6.5;

The list containing all functionalities supported by Personal and Server Editions are provided for in Attachment 3.1 hereof (“detailed feature list..”)

1.1. General Information

1.1.1. Solution Architecture

SEVEN Server Edition is a behind-the-firewall mobile email solution that is network integrated for optimal security and manageability. Available as a service via the world’s leading mobile operators, and compatible with the broadest variety of mobile devices, SEVEN Server Edition is quick and easy to deploy enterprise-wide. The average deployment takes less than one hour, and provisioning end user users is done effortlessly over-the-air.

SEVEN Server Edition enables secure, real-time mobile access to the following applications across a diverse range of devices:

• Email – View and respond to email, with messages pushed to the device and changes instantly updated on the enterprise application

• Calendar – View appointments pushed to the device; schedule and receive reminders for appointments from a mobile device

• Personal Contacts – interact with personal contacts; initiate calls and emails

• Corporate Contacts – Seamlessly interact with extensive corporate directories from the mobile device without having to store the entire directory on the device itself

• Documents – Browse, view, email an fax documents from a mobile device

SEVEN has four different solutions (called as Editions), depending on the target corporate (SMB or Large Enterprises) or consumer users:

• Server Edition: behind the firewall solution
• Seven Enterprise Edition: Managed solution
• Seven Personal Edition: Self-provisioned solution
• Seven Consumer Edition: Consumer market segment

SEVEN Offers Three Deployment Options

Target Architecture depending on selected Seven Edition:

SEVEN provides a managed solution designed for the enterprise IT organization, which benefits from a minimal enterprise footprint. Server edition also provides secure connection between a dedicated server in the enterprise network that is running the SEVEN software and the Server Edition server.

The Server Edition server registers the corporate messaging server.

• The Server Edition server establishes and encrypted communication channel with SEVEN, which handles mobile device access.
• SEVEN negotiates key exchange with the SEVEN mobile client, enabling encrypted “control channel” communications.
• For smart device access, the SEVEN smart device clients communicate over end-to-end encrypted channels with Server Edition.

Architecture for Seven Server Edition:

Detailed information on the infrastructure is included in Attachments 3.2. and 3.3. hereof. Although the documents attached hereto refer to edition 6.3., there are no alterations as to the architecture and security and, therefore, such documents remain valid for release 6.5.

Files:
- Personal Edition Security Whitepaper
- Server Edition Security Whitepaper>

1.1.2. Push Channels (new in 6.5)

System SEVEN v6.5 is capable of utilizing multiple channels to deliver new messages to SEVEN clients. In addition to SMS push, System SEVEN now supports a TCP/IP channel to notify devices when new messages arrive to the subscriber's mailbox.

This new functionality provides operators with greater flexibility and allows them to offer the solution that fits their network infrastructure and market needs. For example, if an operator has unutilized and robust SMS infrastructure, it may choose to rely on SMS as the sole push mechanism.

SMS Channel
This option utilizes the operator's SMS infrastructure to notify the SEVEN Client that new mail has arrived, similar to System SEVEN v6.3.x.

IP Channel
In this model, the client initiates and maintains an IP connection to System SEVEN. Client responds to IP triggers, SMS is never used to initiate a sync event. The client maintains a connection by periodically pinging the server.

Hybrid
An operator may choose to utilize both channels to optimize network resources and the user experience. As with the IP Channel mode, the client maintains a connection and responds to IP triggers. If the user is inactive (i.e. does not receive new messages for 30 minutes), the client will disconnect from the network.

When a message arrives, System SEVEN will send an SMS to wake up the device which then persists the connection based on the above mentioned rule. The hybrid approach reduces the burden on the network and optimizes the user experience.

There are several push related variables that operators can configure:

	SMS Only	IP Only	Hybrid
Keep Alive interval Value determines how often the client pings the server to maintain the IP connection. The value should be set based on operator APN network timeouts.	Not applicable	Yes,Set by operator Configured via System SEVEN	Yes,Set by operator Configured via System SEVEN
Inactivity period for Disconnect Value determines the period of inactivity before the client disconnects and goes into hibernation mode, awaits a wake-up SMS	Not applicable	Not applicable	Configured via System SEVEN
SMS Suppression Value determines the number of unanswered push or wake-up SMS messages sent to device before disabling push. Suppression is reset with a client sync (manual push).	Yes, Set by operator Configured via System SEVEN	Not applicable	Yes, Set by operator Configured via System SEVEN

The availability of the push options are based on a server-side setting that an operator may elect to implement and/or change as the operator sees fit. From the user perspective, the user may elect to enable or disable push as a single variable, regardless of the option chosen by the Operator:

• Username/password policy – Administrators can choose how often users are required to log in to the SEVEN application.
• Enable/disable browse mode – Administrators can choose to disable browse-mode access so that users can only access data via an end-to-end encrypted channel using the SEVEN Mobile Client.
• Enable/Disable Internet Accounts Access- Administrators can choose to disable access to Internet accounts from devices that support multiple inboxes.
• Device Registration Code – Administrators can choose a registration code that users will be required to enter upon registration.
• Extend Windows authentication policy to mobile devices- When using SEVEN Server Edition, the enterprise security policy set for that username and password (e.g. expire every X days) is seamlessly extended to the mobile device rather than requiring the administrator to manage a separate policy specifically for mobile devices.
• Remote date removal- System SEVEN provides administrators with the ability to ensure the security of enterprise data even when the user has misplaced his/her mobile device.

The enterprise administrator simply initiates a data removal request and a command is sent to the SEVEN Mobile Client to remove all data. The data on the enterprise server is not affected.

1.1.3. Transport Security

128-bit AES encryption is used to safeguard all communications between System SEVEN components. More importantly, AES is scalable to 192-bit and 256-bit key lengths, and System SEVEN is designed to accommodate transparent upgrades to its security subsystems over time. This compares very favorably to products using Triple DES encryption, which has a limited future. In fact, the U.S. Federal Government selected the AES standard as the replacement for Triple DES, and expects to phase out the use of Triple DES over time in favor of AES.

AES security is employed in conjunction with digital signature algorithms (e.g. SHA-1) to secure data transported between System SEVEN components. The use of digital signatures provides protection against modification of data as it passes across the network, even when it is encrypted. System SEVEN employs AES and digital signatures within a patent-pending, multi-channel encryption protocol. This innovation enables a single block of data to contain multiple separately encrypted sections, each destined for a different endpoint.

A block of data originating with a SEVEN Enterprise Server might contain a header section, which need to be accessed by System SEVEN for routing purposes, and a body section, which contains several email messages destined for the SEVEN Mobile Client. Each section is encrypted with a separate key, enabling System SEVEN to decrypt the routing information without gaining access to the email message data.

128-bit SSL encryption is used to protect data when System SEVEN directly accesses, or is accessed by, industry-standard applications. For example, SSL is used to secure all data connections when using an Internet Browser.

1.1.4. Connectivity

The SEVEN Enterprise Server establishes and maintains a pool of durable network connections outbound from the enterprise to System SEVEN at the mobile operator’s data center is protected using both encryption (128-bit AES) and digital signature algorithms to satisfy the requirements of the most demanding enterprise. The SEVEN Enterprise Server requires no network topology or firewall rule set changes.

1.1.5. Authentication

SEVEN Server Edition requires that users submit their enterprise credentials upon registration, which are encrypted using a key shared between the SEVEN Mobile Client and the SEVEN Enterprise Server residing within the corporate firewall. These credentials are used to authenticate the user and provide access to the appropriate enterprise resources. The credentials are securely stored on the SEVEN Enterprise Server and are never stored outside of the enterprise premises. Upon registration, a unique, encrypted authentication token is exchanged with the mobile device enabling the user to access enterprise resources via System SEVEN without requiring users to submit credentials upon each login. Use of pre-existing enterprise credentials enables the IT administrator to automatically extend the security policy on those credentials out to the mobile device.

1.1.6. Highlighted Features

• Behind-the-firewall Server: Lightweight server installs quickly and requires no firewall changes; enterprise data and applications remain securely stores behind the corporate firewall

• End-to-end Encryption: Best-of-breed security technologies including AES designed to meet rigid enterprise security standards

• Web-based Server Provisioning: Fast and easy deployment via the world’s leading mobile operators; register; download and install the behind-the-firewall server and be up and running in an average of 45 minutes

• Snap-in Management Tools: Microsoft Management Console snap-in application provides the most familiar interface for system administration; ongoing end user provisioning and account management is easy and seamless with your mail server

• Over-the-Air End User Provisioning and Upgrades: End user provisioning and upgrades happen over-the-air (OTA) for immediate deployment and comprehensive upgrades; no need for end user desktop cradle syncs or connector software

• Push Delivery: Immediate delivery of email and calendar data to mobile device; no need to keep checking for updates by manual syncing.

• Real-time Synchronization: Real-time synchronization with corporate applications; no desktop cradle hassles or store-and-forward approach security risks; no need to manage multiple inboxes

• On-Demand Data Obliteration: Instantly erase data from misplaced or no longer supported devices to reduce security risks

• Integrated Billing: Purchased as a service from the world’s leading mobile operators, billing is integrated with your other voice and data services – making it simple and predictable; easily add and remove end users on a monthly basis

• Remote Access to Email, Calendar, Contacts and Documents: Real-time remote access to the high-value communications and corporate information makes being Out of the Office less stressful and more productive for your end users

• Intuitive Mobile Device Clients: Easy-to-use mobile device clients provide a desktop-like user interface for remote access to corporate and personal data on the widest variety of mobile devices

• Optional End User Webmail Interface (in English): Selectable anywhere, anytime secure remote access via an Internet-connected PC Web Browser; implement as a replacement or addition to your existing remote access solution for a quick and easy alternative RAS

1.1.7. Platforms ratified by SEVEN:

Seven 6.5 edition (SEVEN default solution – in English, Seven’s logo) supports the following platforms:

• Palm OS3.5 and up
• Pocket PC 2002, 2003
• Motorola A630
• SmartPhone 2003
• Symbian 7.0 (UIQ)
• Symbian S60
• Symbian S80
• xHTML devices
• J2ME

1.1.8. Handsets certified by SEVEN:

Attachment 3.4 contains the list of terminals supported by Seven Solution, in the English language, with SEVEN’s logo.

The clients mentioned in ATTACHMENT 3.4. and ratified by Seven (in English and containing Seven’s logo) may be provided, free of charge, to CONTRACTING PARTY for running trial or demo files for CONTRACTING PARTY’s clients or operator’s employees. Accordingly, clients shall not be available in operator’s website for download by clients. Client’s distribution of trial and demo files may be conducted, on a case-by-case basis, by CONTRACTING PARTY, upon knowledge and consent of Ericsson. If CONTRACTING PARTY is interested in distributing them to such clients, on a commercial basis, they shall be certified. Clients certified for CONTRACTING PARTY are mentioned in item 4 hereof.

1.2. User Interfaces included in the proposal

The scope of SEVEN solution includes all interfaces below and encompasses all functionalities of solution mentioned in Attachment 3.1. hereof.

1.2.1. WEB Interface for supplying and configuration (PERSONAL and SERVER editions).

This interface encompasses all proceedings required for rendering services to the client, in a self-explanatory manner, and includes welcome e-mail, newsletters, terms, manuals and support to use the service in each device and user interface available.

Such interface includes all functionalities for the service configuration by the User, as well as alteration of handsets, prompt answer, information about user’s e-mail, SMS alerts, sharing of connections, among other functionalities.

1.2.2. WEB Interface for access to solution’s functionalities

All functionalities of SEVEN solution shall be further accessed by a WEB interface, thus allowing access to e-mails, documents, calendars, personal or corporative contacts, among other issues.

1.2.3. WAP/xHTML Interfaces for access to solution functionalities

WAP/xHTML functionalities enable the User to access the SEVEN solution’s functionalities, including documents, what it is not possible in some client editions in view of device’s limitations. Such interfaces may be accessed by handsets without client’s certification, but they have a WAP or xHTML browser.

1.2.4. Software Client for Desktop

Client may download connector, including the software installation procedure – Wizard, readme.txt file, Help online, icons, menu, terms, configuration tabs, indicators, error messages or alerts in Portuguese (Brazil), except for WEB interface to access solution’s functionalities, available in English. CONTRACTING PARTY’s colors and brands shall be included as included by CONTRACTING PARTY’s requirements. This software is required for connecting the database of User computer to SEVEN platform, which is responsible for providing such information to the user interfaces.

1.2.5. Software for management of SERVER edition by User.

SERVER edition includes the software required for management and supplying of Users that the final client shall use to become the service available.

1.2.6. Handset clients

They are included in proposal 4 of client software with the functionality of single client, that is, a sole client for two editions contracted as PERSONAL and SERVER, pursuant to item 1.68 of Attachment 3.1 hereto, for 4 models specified by CONTRACTING PARTY, included in the proposal, as described in item 3.1. hereof.

1.2.7. Interfaces for solution management

Interfaces for solution management shall be provided for CONTRACTING PARTY to identify client’s status, authorize licenses required for SERVER editions and for any activity directly depending on SEVEN platform.

2. IMPLEMENTATION

2.1. Terms

The product shall be implemented pursuant to the delivery of all items below by CONTRACTED PARTY as per term and definitions established in implementation schedule (Attachment II of Agreement);

2.2. Definition of Requirements

The details and definitions of the requirements for implementation, hosting, certification of handsets, operation and management of platform, support and specific report for CONTRACTING PARTY shall occur in Phase 0, as established in Attachment II of Agreement. A document containing premises and requirements to be used by CONTRACTING PARTY to validate/test the conclusion of each activity and phase shall be compiled. Such document shall be mutually agreed by the parties so as to fulfill CONTRACTING PARTY’s needs.

2.3. Trial period

Activities performed to offer the product during the trial period;

2.4. Customization of user interfaces

2.4.1. Translation into Portuguese (Brazil)

As agreed by the parties, the following user interfaces shall be translated into Portuguese (Brazil):

• WEB Interface for supplying and configuration of 2 editions contracted (Personal and Server), including all proceedings required for availability and alteration of service configuration by User, welcome e-mail, newsletter, terms, manuals and support for using the service of each handset provided;

• 4 clients for the handset models included in the proposal, as described in item 3.1. hereof (it shall include the registration per user, error messages, alerts, terms, menus, logos);

• Client desktop connector (includes installation of software – Wizard, readmetxt file, Help online, icons, terms, configuration tabs, indicators, error messages and alerts), except for WEB interface to access solution functionalities in English;

• As described above, WEB interface to access solution functionalities shall be provided in English. If the translation thereof into Portuguese is feasible, CONTRACTING PARTY shall arrange for such translation;

• The proposal includes the use of any model certified by SEVEN (in English and branding SEVEN) for download, without any addition cost for trials and demo versions. Such clients in English and Branding Seven shall not be available for download in CONTRACTING PARTY’s homepage, but they shall be obtained, on a case-by-case basis, from CONTRACTED PARTY.

2.4.2. Alteration of brands and colors

The implementation includes User interface personalization with colors and logo of CONTRACTING PARTY. The requirements of phase 0 shall be defined and concluded upon approval of CONTRACTING PARTY or marketing start-up of solution.

2.5. Integration to SMS-C and Wap Gateway platforms

If shall be defined in phase 0 of requirement for integration. CONTRACTED PARTY shall be incumbent upon activities requiring any intervention in SEVEN platform.

2.6. Parameters for PUSH signaling

CONTRACTED PARTY shall provide support required for definition of parameters for PUSH signaling. Any intervention in SEVEN platform required for securing the correct operation of SEVEN solution shall be incumbent upon CONTRACTED PARTY.

SEVEN Push Options

Support for IP-Based Signaling

• Operators have the option to provide a “push” experience without relying on SMS
• End-user benefit from a “push” solution that works across networks
• Enterprises can buy the solution from one operator but provide a push experience to all users, regardless of their provider

2.6.1 Signaling Options

1) SMS only: similar to System SEVEN 6.3.x, SMS is used to wake up devices when new mail arrives in the mailbox

2) IP only: client initiates and maintains an IP connection to System SEVEN; client responds to IP triggers, SMS is never used to initiate a sync event.

3) Hybrid (IP & SMS): client maintains a connection and responds to IP triggers; client shuts the network connection down is user is inactive; when new mail arrives, System SEVEN uses SMS to wake up the device which then persists the connection based on the aforementioned rule.

Supported on Palm (Treo 600/650 only) Pocket PC and Smartphone 2003 based devices:

In order to make IP only push functional, all that is necessary is a device client with push enabled and availability of a data network.

In order for Hybrid or SMS-only push to work, the user must first have the carrier correctly identified upon provisioning. The, the instance must be integrated with the one or more SMSC Centers for delivery of the MS messages, or an SMS aggregator: SMS roaming is also necessary between operators to allow SMS Push mechanism.

Based on the above options, there are different implementation options and considerations that must be accomplished to enable the functionality. Since SEVEN will take the information for the carrier for the devise upon provisioning the user, the carrier and phone number information is stored in the user’s profile, so it is possible to implement the Hybrid approach at a later date in a seamless fashion (on the server-side).

2.7. Supply integration

The maintenance of the integrity of the active Users’ database is estimated upon the delivery of phase 3, during the integration activity, as described below.

CONTRACTED PARTY shall provide the support required for solving any problem in Seven platform.

As to the Personal edition, the subscriber validation shall be carried out by a query that, upon self-supplying, shall activate the WEB database of CONTRACTING PARTY’s subscribers to validate users. CONTRACTING PARTY shall give access to an updated subscriber’s database

to validate the user. The management and update of such database shall be incumbent upon CONTRACTING PARTY. The implementation of a proceeding, mainly in real time or periodical alternative, is expected so as to guarantee an accurate database registered in SEVEN platform.

In SEVEN edition, the authorization for use shall be released by interface of SEVEN solution, as such request shall be made by the client system administrator directly to CONTRACTING PARTY and, thenceforth, to Ericsson.

2.8. Activities to be performed during the transition of each phase

Details on the activities required in the beginning and end of each phase shall be established in phase 0. For instance, Users not incumbent upon payment in which the manager did not authorize the use thereof shall not be maintained from phase 1 to phase 2. Such activity shall be incumbent upon CONTRACTING PARTY, but it shall be conducted with the support of CONTRACTED PARTY in connection with the interventions required in SEVEN platform.

2.9. Training

The training requirements shall be established in phase 0 and may occur inclusions/alterations during the trial phase of the service, in which may be identified critical questions to be dealt during such activity.

2.10. Billing

For Billing and charging of the GPRS, the data package offered by operator shall be used and CONTRACTED PARTY shall not perform any activity relating to such billing.

The performance of activities of integration to the mediation and billing systems are not foreseen as it refers to a monthly billing, although the platform provide information enabling the differentiation in the billing proceeding, which may be further used by CONTRACTING PARTY that shall be incumbent upon such integration upon provision of such information by CONTRACTED PARTY.

Periodical report for follow-up may be accessed in the platform, thus enabling CONTRACTING PARTY to follow up on the most used manners so as to evaluate the need to conduct a differentiated billing.

This report contains the following fields:

Session ID		Tasks Viewed
Enterprise ID	Meeting Requests Accepted	Tasks Added
Start Date	Meeting Requests Declined	Tasks Edited
End Date	Messages Deleted	Tasks Deleted
Duration	Pers Contacts Viewed	Tasks Marked Completed
Username	Pers Contacts Added	WebMail Attachments Viewed
MIN	Pers Contacts Edited	Attachments Faxed
Device	Pers Contacts Deleted	WebMail Documents Viewed
Company ID	Corporate Contacts Viewed	Documents Faxed
Mail Folder Views	Calendar Items Viewed	Mobile Device Attachments Viewed
Messages Delivered	Calendar Items Added	Viewed
Messages Sent	Calendar Items Edited	Mobile Device Documents Viewed
Messages Sent with Attachment	Calendar Items Deleted	Meeting Requests Tentative

2.11. Marketing Start-up of PERSONAL edition

This activity shall be completed upon approval of tests or marketing of service by CONTRACTING PARTY. The tests shall be detailed in phase 0 of schedule and CONTRACTING PARTY shall be incumbent on starting marketing of the product.

2.12. Marketing Start-up of SERVER edition

2.13. Installation and configuration

The platform (hardware and software) shall be prepared in an environment specific for CONTRACTING PARTY and URL’s shall be provided for the SERVER and PERSONAL editions of solution.

3. HOSTING

The hosting in an environment handled by Ericsson shall encompass activities required for maintenance of the SEVEN solution available as per the service levels agreed in Attachment I of Agreement. CONTRACTED PARTY shall manage and maintain:

• Hardware and Software of SEVEN system and third parties’ software required for operation of SEVEN system;
• Scheduling and compliance with the standards established by manufacturer of solution;
• Performance of processing, access, throughput, establishment of sessions, maintenance of simultaneous sessions, etc.;
• Activities required to maintain the integrity of Users’ information such as, backup, data redundancy and other fault tolerance systems;
• Physical and logical security of platform so as to secure confidentiality of information containing in the User database and information transited in it;
• Activities required for re-establishment of service in the event of unexpected events and disasters;
• Maintenance of contingency plans required for avoiding the occurrence of problem again.

4. CERTIFICATION OF HANDSETS

The following handset models shall be certified hereunder:

4.1. Nokia 6230
Nokia 5230 shall be certified so that client SEVEN may operate in accordance with Attachment 3.1. hereof within CONTRACTING PARTY’s environment.

4.2. Motorola V635
Motorola v635 shall be certified so that client SEVEN may operate in accordance with Attachment 3.1. hereof within CONTRACTING PARTY’s environment.

4.3. Palm Treo 600
Palm TREO 600 shall be certified so that client SEVEN may operate in accordance with Attachment 3.1. hereof within CONTRACTING PARTY’s environment.

4.4. Palm Treo 650
Palm Treo shall be certified so that client SEVEN may operate in accordance with Attachment 3.1. hereof within CONTRACTING PARTY’s environment.

4.5. Certification of handsets
Handsets included in the agreement, as well as those which CONTRACTING PARTY may opt for, include:

4.5.1. Branding

CONTRACTING PARTY’s brands and colors shall be used in order to personalize the client of SEVEN solution in handsets in accordance with requirements and approval of CONTRACTING PARTY.

4.5.2. Translation

All client shall be in Portuguese (Brazil), as well as the registration thereof by users, error messages, indicators, alerts, terms, menu, information for solving problems such as, to use functionalities, among another information to be required from User.

4.5.3. Documentation

Providing of full documentation in Portuguese (Brazil), regarding the operation of each feature of solution in different platforms provided to the final client to that effect

4.5.4. Tests

All operation tests shall be conducted in CONTRACTING PARTY’s network as per the requirements established in phase 0. The tests shall be defined in phase 0 as agreed by the parties. Attachment 3.5. hereof is an instance of document to be used for registration, establishment of priorities and follow up on tests.

4.5.5. Test on the part of CONTRACTING PARTY

The parties shall establish the functionalities and scenarios to be ascertained as to the operation. The priority degree for each activity and functionality required for marketing start-up of the service shall be established by CONTRACTING PARTY.

5. OPERATION AND MANAGEMENT OF PLATFORM

5.1. Operation

5.1.1. Delivery Manager

There shall be a Service Delivery Manager (SDM) incumbent on securing the quality level of the services to be provided by Ericsson. This manager shall be the interface between Ericsson and Telemig during the effectiveness of the Agreement.

The management and operation of the service by Ericsson shall be conducted under the 24x7 system and in order to avoid further problems.

The operation of Ericsson and CONTRACTING PARTY shall observe the following model:

5.1.2. Management and Contacts

In order to secure the proper rendering of services established in the agreement, it is advisable to create a management committee and a team of project managers as described below.

5.1.3. Management Committee

The Management Committee shall be incumbent on the quality and strategic decision regarding the services. This committee shall dealt any and all dispute, as well as analyze and approve any deviation deemed required. The committee may participate of meetings through conference calls or, when requested, a project manager. The members of the management committee shall be direct representatives that guarantee the success and good development of the service inside the companies.

The members of the committee shall be listed below:

Table 1. Members of Management Committee

5.1.4. Project Managers

The project managers are the only contacts between Ericsson and Telemig Celular respectively. They are incumbent on the full delivery of the services and the agreement management.

The project management team shall be listed in table 2.

Table 2. Project Managers.

The project manager shall hold monthly meetings for reviewing the report on performance, pending problems, improvements, etc.

The manager projects shall further keep the respective companies informed about the current project’s status.

5.1.5. Telemig’s Contacts

Table 3 contains the Telemig’s contacts which shall be the interface between working areas

Table 3. Telemig’s contacts – Interfaces and scheduling

5.1.6. Ericsson’s Contacts

Table 4 contains Ericsson’s contacts that shall be the interface between the working areas and shall be used during the scheduling.

Table 4. Ericsson’s Contacts – Interfaces and Scheduling

For further details on the service levels see Attachment I of the Agreement - Service Level Agreement.

5.2. Maintenance

The maintenance of SEVEN Platform established herein includes:

• Functionalities of SEVEN solution, pursuant to item 3.1. hereof, shall be provided in accordance with the service level agreement (Attached to the Agreement).

5.2.1. Software Upgrades and Corrections

The software client editions or the platform shall be upgraded, from time to time, so as to include, repair, improve, patches, etc. CONTRACTED PARTY shall provide editions for testing and inform the effects arising therefrom and the functionalities altered. A proceeding for performance of such activity shall be established by the parties.

5.2.2. Preventive Actions

Preventive and corrective actions to secure the operation of solution, including problems caused by errors in the software’s source code, issuance of monthly reports on follow up on service level indicators and classification (corrective and preventive). CONTRACTED PARTY shall notify, within the minimum term established therefor, as agreed in Attachment I of the Agreement, of the performance of such activities.

6. SUPPORT

The SEVEN solution’s support includes:

• 24x7 support in Portuguese for handling the problems faced by CONTRACTING PARTY;

• Solution of problems, pursuant to the term established in Attachment I of the Agreement;

• Providing of procedural manuals in Portuguese, containing all support and O&M procedures between Ericsson and CONTRACTING PARTY;

• CONTRACTED PARTY shall inform CONTRACTING PARTY, within at least 60 days, of any alterations or new editions to be implemented by SEVEN, thus providing means for simulating the operation and performance of tests, before the new edition;

• Submission of solution roadmap, every two months, including new functionalities and development underway by SEVEN.

6.1. Working Level Agreement (WLA)

The Working Level Agreement (WLA) standard used by Ericsson for support services is included in Attachment 3.6. hereof, which encompasses other proceedings and activities related to such activity. Such document shall be updated before the production start-up of solution so as to fulfill CONTRACTING PARTY’s needs, as established in phase 0 of the schedule and the trial service phase.

7. REPORTS

• In order to correctly manage the product and marketing actions, the reported detailed in item 6.18. of Attachment 3.1. hereof shall be provided by CONTRACTED PARTY, from time to time;

• Reports containing service levels indicators, history record (backlog) of trouble tickets and availability of platform shall be provided and updated by CONTRACTED PARTY, on a daily basis, for access by CONTRACTING PARTY.

• Audit report may be requested by CONTRACTING PARTY to CONTRACTED PARTY in the event of problems not solved within the term or related to the activities that directly affect the service quality of the final client.

8. ATTACHMENTS

3.1. Detailed Feature List
3.2. Personal Edition Security White Paper
3.3. Server Edition Security White Paper
3.4. Seven Handsets
3.5. Test Object List
3.6. Work Level Agreement

System SEVEN
Detailed Feature List
Version 6.5

Published June 15^th, 2005

Note: this document outlines the functionality included in System SEVEN v6.5

© 2000-2004 Seven Networks. All rights reserved. The information contained in this document represents the current view of Seven Networks.
Seven is a registered trademark or trademarks of Severn in the United States and/or other countries. Other product or company names mentioned herein may be^, the trademarks of their respective owners.
Seven Networks^. 901 Marshall • Redwood City, CA USA

TABLE OF CONTENTS

1 SEVEN CLIENTS FUNCTIONALITY	44

1.1 SEVEN Clients	44
1.2 SEVEN Integrated Clients	44
Mail Functionality	44
1.3 Internet Email Access	44
1.4 OTA synchronization of meeting requests	44
1.5 Expand/Contract header	44
1.6 Folder Support	44
1.7 Viewing Messages in a Folder	45
1.8 Sorting Messages in a Folder	45
1.9 Preview Option	45
1.10 Reading a message	45
1.11 Read more of a message	46
1.12 View Attached File Information	46
1.13 Attachment Viewing	46
1.14 Deleting Messages from Mailbox	47
1.15 Moving Deleted Messages back to the Inbox	47
1.16 Mark Messages as Read/Unread	47
1.17 Save Messages	47
1.18 Ability to call the sender of an e-mail	47
1.19 Ability to call/email from an e-mail body	48
1.20 Ability to open a web page from an e-mail body	48
1.21 Sending Messages	48
1.22 Sending Options	48
1.23 Add recipients from Local Address Book	48
1.24 Add recipients from Personal/ISP Contacts	48
1.25 Add recipients from Corporate Contacts	48
1.26 Attaching documents to messages	48
1.27 Compose with Quick Responses	49
1.28 Mail Filters	49
Calendar Functionality	49
1.29 Adding appointments/meetings (New in 6.5)	49
1.30 appointments/meetings (New in 6.5)	50

2 CONSUMER EDITION FEATURES (NEW IN 6.5)	60

2.1 Push Support	60
2.2 OTA Retrieval of Brandable Elements	60

3 PERSONAL EDITION FEATURES	61

3.1 Operating System Requirements	61
3.2 Messaging Systems and Clients Requirements	61
3.3 Hardware and Software Requirements (Minimum)	61
3.4 Hardware and Software Requirements for Hosting Connections (Minimum)	61
3.5 Streamlined Installation and Provisioning Process	62
Proxy Support	62
3.6 Proxy connection methods	62
3.7 Proxy Setting detection and configuration	62
3.8 Proxy Authentication	62

3.9 Auto-update of the desktop client	62
Connection Sharing	63
3.10 Service-based Connection Sharing	63
3.11 Delegate-based Connection Sharing	63
3.12 Application-based Connection Sharing	63
3.13 Number of Connections Supported	63
End User Administration	64
3.14 Alert Preferences	64

4 ENTERPRISE EDITION FEATURES	64

Enterprise Applications	64
Enterprise Administration	64
4.1 Manage Internal Administration	64
4.2 Subscribers Provisioning and Management	64
4.3 Enterprise Service Configuration Wizard	65
4.4 Application Testing and Monitoring	65
4.5 On going Connection monitoring	65
4.6 Manage Mobile Links	65
4.7 Data obliteration	66
End User Administration	66
4.8 Alert Preferences	66

5 SEVEN SERVER EDITION FEATURES	66

Enterprise Applications	66
5.1 Windows Servers Supported	66
5.2 Outbound initiated connection	66
5.3 Proxy/firewall support	67
5.4 Secure Connectivity	67
Enterprise Administration	67
5.5 Server and User Statistics	67
5.6 Disable Welcome email	68
5.7 Self Provisioning	68
5.8 Web Management	68
5.9 Disable/Enable Internet email	68
5.10 User Session Caching	68
5.11 Windows-based administration application	68
5.12 SEVEN Enterprise Server process administration	69
5.13 Service configuration	69
5.14 User management	69
5.15 Windows Event Log for SEVEN Enterprise Server	69
5.16 System alerts for SEVEN Enterprise Server	69
5.17 Device access policy	69
5.18 Data obliteration	69

6 SYSTEM SEVEN FEATURES	70

Operator Administration	70
6.1 Role based administration	70
6.2 Delegated Administration	70
6.3 Manage Mobile Links	70
6.4 Web-based Provisioning and Management	70
6.5 License Enforcement	70
6.6 Enterprise Provisioning and Management	70
6.7 Enterprise Provisioning (Server Edition)	71
6.8 Enterprise Service Provisioning (Enterprise Edition)	71
6.9 Viewing enterprise service configuration (Enterprise Edition )	71
6.10 Connection monitoring (Enterprise Edition)	71
6.11 Subscribers Provisioning and Management (Personal Edition)	72
6.12 Custom Email Tagline (Personal Edition)	72
Mobile Services Environment	72
6.13 Push Channels (new in 6.5)	27
6.14 SMS Protocols Supported	73
6.15 Download Page Redesign (new in 6.5)	73
6.16 Billing APIs	73
6.17 File Transformation Servers	73
6.18 Reporting	74
Deployment	75
6.19 Streamlined Client Package Deployment (new in 6.5)	75
6.20 Internationalization	75

1 SEVEN CLIENTS FUNCTIONALITY

System SEVEN provides a comprehensive device strategy to deliver its best in class user experience with mass-market reach. System SEVEN includes support for the following:

1.1 SEVEN Clients
SEVEN provides a number of out-of-box applications for a complete, end-to-end experience. These clients showcase the full capabilities of System SEVEN and provide operators with complete branding options for the service. In this model SEVEN has complete control over User Interface and features. Today, SEVEN clients are available on J2ME and Palm OS.

1.2 SEVEN Integrated Clients
For devices with an existing email application, SEVEN provides an integrated client model that enables interoperability of existing clients with the System SEVEN gateway. In this model, all client functionality, navigation, and branding is controlled by the OEM platform client. SEVEN integrated client platforms include Microsoft Smartphone, Pocket PC, Pocket PC 2003 and Symbian UIO.

Note: 6.5 SEVEN Integrated clients use a SEVEN calendar to enable advanced functionality (e.g. meetings creation) which is not available on OEMs native calendar applications. This will change in the future as OEMs add features to their calendar application.

Mail Functionality

1.3 Internet Email Access
In addition to their corporate account, subscribers can access up to two of their Internet Email accounts (e.g. Yahoo) using the SEVEN client (number of accounts varies by platform).

NOTE: subscribers willonly be able to configure and access their Internet email accounts using the SEVEN client. This functionality is no longer available via the Web Interface.

1.4 OTA synchronization of meeting requests
Subscribers can accept, decline or tentatively accept meeting requests using the SEVEN client. A response is sent to the meeting organizer and the user can edit the response prior to sending it.

1.5 Expand/Contract header
Subscribers can expand/contract the message header to view/hide recipients in the "To:" and "CC:" fields (user interface may vary between platforms).

1.6 Folder Support
The SEVEN Client include a number of standard local folders that are created by default and cannot be deleted. These folders will include:

1. Inbox - default folder for storing messages received from the Inbox folder in the corporate mailbox.

2. Drafts - default folder for storing messages the user has begun composing on the SEVEN Application but has not completed (i.e. User has not selected Send).
3. Sent Items - default folder for storing messages sent using the SEVEN client.
4. Outbox - default folder for storing messages that: user has sent using the SEVEN Application but that have not yet been sent to System SEVEN (probably due to the device being offline).
5. Saved Items - default folder for storing copies of messages that the user selects to store permanently.
6. Deleted Items - default folder for storing message that the user deletes from any folder in the SEVEN Application.

Note: Number of folders varies between platforms. SEVEN does not control the folders on platforms with an integrated client.

1.7 Viewing Messages in a Folder
Subscribers can view the messages that have been synchronized to each of their available folders.
At the top level (e.g. Inbox View) the following information will be available for each message:

• Date/Time Received
• From
• Subject
• Size

In addition, the following indicators will be available for each message:
• Read/Unread – unread messages should be marked in bold
• High Priority
• Attachment
• Meeting Request

1.8 Sorting Messages in a Folder
Subscribers can change the order in which messages are presented by sorting them in ascending or descending based on the following attributes:
• Date/Time Received
• From
• Subject
• Priority
• Size

1.9 Preview Option
Subscribers may preview a message body from the folder view. To do this_, the subscriber taps and holds the stylus over the desired message in the folder view and a pop window will appear with a preview of the message body. The user can then lift the stylus to open and read the message. Alternatively, the user may drag the stylus away From the preview pane before lifting the stylus to remain in the folder view.

1.10 Reading a message
Subscribers can read mail messages using the SEVEN Application. Read messages will be marked as read in their mailbox folders at the next sync. The following

information should be available when viewing a specific message:
• From
• TO
• CC
• Size
• Priority Indicator
• Attachments Indicator
• Subject
• Date/Time Received
• Body

1.11 Read more of a message
If filters were used to truncate the message, subscribers may select to retrieve additional message content in real-tune when connected to the wireless network.

1.12 View Attached File Information
Subscribers can get information about the files attached to an e-mail message. The following information will be displayed for each attachment:
• Name
• Size

1.13 Attachment Viewing
Native Attachment Viewing
The SEVEN client can open various types of attachments using a compatible application already installed on the device and registered with the Operating System.
After the user has downloaded the file, the SEVEN client hands it to the registered application to open, and render the file.

The following document types are typically supported (*):
• Word (.doc)
• Excel (.xls)
• PowerPoint (.ppt)
• Plain Text (.txt)
• Rich Text Format documents (.rtf)
• Images (BMP, JPEG)

* Depends on 3rd party viewers installed on the device

Attachment Viewing using File Transformation Engine
The files are processed using System SEVEN and rendered to the client in plain text format depending on the browser used.

File Types
Subscribers can view attachments using the SEVEN SEVEN client. The following document types are typically supported (*):
• Word (.doc)
• Excel (.xls)
• PowerPoint (.ppt)
• Plain Text (.txt)

• Adobe Acrobat (.pdf)
• Rich Text Format documents (.rtf)

(*) Note: the document types supported may vary based on the File Transformation Engine vendor selected by the Operator. A list of supported vendors is included in the General Section of this document.

File Pagination and Storage
When a user selects to view an attachment, the SEVEN client retrieves the first page (approximately 10kb) of the document. If the document is larger than 10kb, the user can select to download additional pages as necessary.

Once a page in a document has been downloaded for viewing, the page is cached locally in the SEVEN client database for future viewing. The client will store up to 250kb of attachments. As the cache is exceeded, locally stored attachments will be deleted based on a most recently used priority (documents not viewed recently are deleted first). The user can still choose to download these documents again if they wish to read them.

Subscribers also have the option to "Flush" attachments stored locally to free up memory. If selected, the user will be prompted to confirm the deletion of all attachments currently stored on the SEVEN client. If confirmed, all attachments are deleted from the local store.

NOTE: this requires the deployment of a 3^rdparty File Transformation Engine (described in a later section)

1.14 Deleting Messages from Mailbox
Subscribers can delete mail messages in their SEVEN Application. Deleted messages will also be deleted from the mail server.

1.15 Moving Deleted Messages back to the Inbox
Subscribers can move a message from the Deleted Items folder on the client back to the Inbox folder to prevent the message from being deleted during the next synchronization.

1.16 Mark Messages as Read/Unread
Subscribers can mark messages as read/unread. If marked as read/unread, messages is marked read/unread in the mail server at the next synchronization.

NOTE: This functionality is not available for POP3 based accounts.

1.17 Save Messages
Subscribers can choose to save messages permanently to keep them from getting deleted as new messages arrive from the mail server. When saved, a copy of the message is added to the Saved items folder.

1.18 Ability to call the sender of an e-mail
Subscribers are able to call the sender of an e-mail directly from the message without

having to switch to contacts applications first. The e-mail address of the sender is matched to the list of contacts in the recently used list.

1.19 Ability to call/email from an e-mail body
Subscribers are able to email or call from directly from the message body. Phone numbers and email addresses are colored in blue.

1.20 Ability to open a web page from an e-mail body
Subscribers are able go to a web page directly from the message body. Phone numbers and email addresses are colored in blue.

1.21 Sending Messages
Subscribers can compose new messages and can reply or forward existing messages via their SEVEN client.

1.22 Sending Options
Subscribers can select to send the message right away or place it in the Outbox. If the user selects to send the message immediately, the client will perform a delta sync. If the message is placed in the Outbox, it will be sent during the next sync.

1.23 Add recipients from Local Address Book
Subscribers can add recipients to messages from their personal contacts stored locally on the Local Address Book (not a SEVEN application). When selecting TO, CC, or BCC, the user can look up from the personal contacts.

1.24 Add recipients from Personal/ISP Contacts
Subscribers can add recipients to messages from their personal contacts stored in the corporate server. When selecting TO, CC, or BCC, the user can look up from the personal contacts. The user is presented with an alphabetical list of the personal contacts stored locally on the device. This list consists of the Most Recently Used Personal Contacts. The user can also select to look up names on the server by connecting to the network and searching for a contact.

1.25 Add recipients from Corporate Contacts
Subscribers can add recipients to messages from their corporate contacts directory. When selecting TO, CC, or BCC, the user can look up from the corporate contacts. The user is presented with an alphabetical list of the corporate contacts stored locally on the device. This list consists of the Most Recently Used Corporate Contacts. The user can also select to look up names in the corporate directory by connecting to the network and searching for a contact.

1.26 Attaching documents to messages
Subscribers can attach documents to outgoing messages. When a subscriber selects to attach a file, the application will connect to the network and presents a browsing interface with the user's (enterprise) document. The subscriber can navigate the

relevant folders and select a file to attach. There are no restrictions on file formats that can be attached.

1.27 Compose with Quick Responses
Subscribers can select to respond/send e-mails using a set of canned responses previously configured by the user. For example, these responses might include: "In a meeting", “Will call you later”, "Call me".

1.28 Mail Filters
The following filters are available for subscribers to determine which messages to download from the mail server.

Filter	Default	Default Field Value
1. Fetch x most recent messages	Enabled	25 messages
2. Only retrieve messages sent directly to me	Not enabled

The following filters are available for subscribers to determine what content to download for the messages that meet the filter criteria described above.

Filter	Default
1. Retrieve headers only	Not Enabled
2. Retrieve headers plus 1KB	Not Enabled
3. Retrieve headers plus 2KB	Not Enabled
4. Retrieve headers plus 3KB	Enabled

Calendar Functionality
Subscribers can access calendar data using their SEVEN client. The calendar data is retrieved OTA any time the client synchronizes (Manual or Automated).

1.29 Adding appointments/meetings (New in 6.5)
Subscribers can create the following types of events:
• Single day/time appointments or meetings (e.g. create a meeting from 10am to 11am on September 14^th)
• Multi day appointments or meetings (e.g. create a 2-day meeting from 8am until 5pm, September 14^th through September 15th)
• All day appointments or meetings (e.g. create an all day meeting on September 14th)

Note: Subscribers will not be able to create recurring appointments/meetings from the device.

The following fields will be available when creating new appointments/meetings:
• Subject
• Start Date
• Start Time
• End Date

• End Time
• Description
• Show as (free, busy, out of office)
• Location
• Attendees
• Reminders
• All day

1.30 appointments/meetings (New in 6.5)
Subscribers will be able to edit the following events:
• A single appointment
• A single meeting
• A single instance of a recurring appointment/meeting

As the meeting organizer, the user can edit all fields that are listed above. "Truncated field(s) (for example a very long subject) within an appointment/meeting will not be editable. The ability to edit the all day event attribute will vary based on groupware conventions (i.e. possible for outlook but not for notes).

Editing meetings
For meetings of which the user is the organizer, (s)he can add remove attendees and send a meeting update.
For meetings of which the user is a participant, (s)he can change the status (i.e. accept, tentative, decline), but not other fields.

Editing recurring appointments
Subscribers can edit a single instance of a recurring series but not the recurrence rules. When the user edits an instance of recurring appointment/meeting, the user is notified that only the specific recurrence of the meeting will be edited. If the series is then modified, the changes to the modified instance will be lost.

1.31 Deleting appointments/meetings (New in 6.5)
Subscribers will be able to delete the following events:
• A single appointment
• A single meeting
• A single instance of a recurring appointment/meeting

Deleting a meeting
When a user deletes a meeting of which he or she is the organizer, a cancellation notice will be sent to the meeting attendees. If the user is not the organizer, the meeting is treated as a standard appointment (no messages are sent to the organizer).

Deleting a recurring appointment/meeting
Subscribers can delete only a single Instance of a recurring appointment/ meeting. When the user deletes a recurring appointment/meeting, the user is notified that only the specific instance of the meeting will be deleted.

1.32 Reminders (Newt in 6.5)
Subscribers are presented with a visual indication before meetings similarly to the native calendar functionality. The user can dismiss/snooze the reminder based on platform support.

1.33 Weekly View (New in 6.5)
Subscribers can view their appointments for the week using their SEVEN calendar. When a user selects an appointment, tool tips are presented showing additional information about the appointment.

1.34 Daily View
Subscribers can view their daily appointments using their SEVEN calendar. For each appointment the following information is available:
• Start time
• Subject
• Location

1.35 Appointment View
Subscribers can view their individual appointments using their SEVEN calendar. For each appointment the following information is available:
• Subject
• Date
• Time
• Recurrence
• Location
• Notes
• Organizer*
• Attendees*

*Only displayed for meetings

1.36 Calendar Sync window
Subscriber can sync their appointments for the following periods of time:

Past appointments: 1 day, 2 days, 3 days, 5 days, 1 week, 2 weeks
Future appointments: 1 week, a. weeks 4 weeks, a weeks, 12 weeks

1.37 Go to Date/Week (new in 6.5)
Subscribers will be able to go to a specific date/week using the SEVEN calendar.

1.38 Change Status Meeting Status (new in 6.5)
Subscribers can change the meeting status after they have responded to the meeting request from their SEVEN calendar.

1.39 View Conflict Status
When viewing meeting requests, subscribers can view if the meeting conflicts with any other appointments in their calendar (browse only).

1.40 Calendar preferences (new in 6.5)
The SEVEN Client includes additional calendar preferences:
• Start Day - allows subscribers to set the first date of the week (Sunday or Monday)
• Number of days - allows the user to define the calendar work week (5,6,7)
• Date Start/End Time - defines the start and end of a work day
• Default reminder - the default value used when creating a new appointment
• Alarms - Sound played when the reminder pops up

Corporate Contact Functionality

1.41 Search for Corporate Contacts
Subscribers can search their corporate contacts using the SEVEN Application. The recently viewed/used list would scroll appropriately based on the entered string. The user can also select to connect and search the corporate contact directory in real time.

1.42 Most Recently Viewed/Used Corporate Contacts
The SEVEN client maintains a local copy of the X (vary based on device capabilities) most recently Viewed or used corporate contacts, If the limit is reached, as new corporate contacts are retrieved from the corporate server, the local corporate contacts with the oldest "last viewed/used date" are purged from the local database. The following actions will update the last viewed/used date for a locally stored contact preventing it from rolling off the local database:
• Call a contact
• Email a contact
• Add a contact to a recipient list

1.43 Call a Corporate Contact
Subscribers can choose to initiate a voice call to a corporate contact directly from SEVEN Application.

1.44 Email a Corporate Contact
Subscribers can choose to initiate an email to a corporate contact directly from SEVEN Application.

Personal/ISP Contact Functionality

1.45 Search for Personal/ISP Contacts
Subscribers can search their personal/ISP contacts using the SEVEN Application. The recently viewed/used list would scroll appropriately based on the entered string. The user can also select to connect and search the personal contact database in real time.

1.46 Most Recently Viewed/Used ISP/Personal Contacts
The SEVEN client maintains a local copy of the most recently viewed or used personal contacts. If the limit is reached, as new personal contacts are retrieved from the corporate server, the local contacts with the oldest "last viewed/used dater” are purged from the local database. The following actions will update the last viewed/used date for a locally stored contact preventing it from rolling off the local database:
• Call a contact
• Email a contact
• Add a contact to a recipient list

1.47 Call a Personal/ISP Contact
Subscribers can choose to initiate a voice call to a personal/ISP contact directly from SEVEN client.

1.48 Email a Personal/ESP Contact
Subscribers can choose to initiate an email to a personal/ISP contact directly from SEVEN client.

1.49 Add Personal Contacts (Browse only)
Subscribers can add a contact to their personal contacts. The Following are the fields that can be entered for each contact: First name, Last name, Work phone,

Home phone, Mobile phone, Email, Email 2, Organization, Home and Business Addresses, Home and Business Fax Numbers, and Custom Comments Fields.

1.50 Delete Personal Contacts (Browse only)
Subscribers can delete existing contacts from their personal contacts. 1.51 Edit Personal Contacts (Browse only)Subscribers can edit the information for personal contacts. Subscribers may edit the following fields associated with a contact: First name, Last name, Work phone, Home phone, Mobile phone, Email, Email 2, Organization, Home and Business Addresses, Home and Business Fax Numbers, and Custom Comments Fields.

Address Book Integration

1.52 Search Local Address Book (LAB)
Subscribers can browse and search personal contacts stored locally on the device.

1.53 Call a Contact in LAB
Subscribers can choose to initiate a voice call to a personal contact directly from SEVEN Application

1.54 Email a Contact in LAB
Subscribers can choose to initiate an email to a personal contact directly from SEVEN Application.

Documents Functionality

1.55 Browse Documents
Subscribers can browse documents stored on the corporate network or desktop when using the SEVEN client. The user must first connect to the wireless network. The SEVEN Application then displays the top-level folder selected on the SEVEN client. The user can choose to navigate up or down the folder hierarchy. The user can also choose to select files for specific actions.

Note: for server edition subscribers this feature is available only if the enterprise administrator enables it.

1.56 Email a Document
Subscribers can choose to email a document using SEVEN client.

1.57 Faxing Attachments
Subscribers can opt to fax a copy of files attached to their e-mail messages. This Functionality requires integration with a customer supplied 3rd party fax gateway.

1.58 Attaching Local Documents to EmaiIs
Subscribers can attach local documents to outgoing emails when using mobile devices with file storage capabilities.

1.59 Attaching Remote Documents to Emails
Subscribers can attach remote documents from a shared drive or their desktop pc when the SEVEN Enterprise Server/Desktop Client has been set up for

Document Access. Subscribers must have the right privileges for accessing the shared folder.

Synchronization

1.60 Synchronization Types
This section described the different types of synchronization that may take place between the SEVEN client and any respective mail servers. System SEVEN can perform two types of synchronization:
1. Delta synchronization: Delta sync is the common synchronization type on an ongoing basis.
• Delta sync compares and applies only relevant changes and thus is fast and efficient.
• Synchronization is two–way between the SEVEN Application and the server.

2. Full synchronization: Full synchronization performs a comprehensive synchronization between the device and the server by comparing all items in the stores. It will generally take longer to synchronize. This synchronization occurs:
• When the device first registers with the system. In this case, the synchronization is one-way with the device over-writing the SEVEN Application (see application initialization features).
• When the user on the device changes. If the user changes the account information for the SEVEN Application, then the application will go through the initialization process again. In this case, the synchronization is one-way with the device over-writing the SEVEN Application (see application initialization features).
• At user request. The user can request this from the settings menu and choose to perform a one-way sync where the server over-writes the device or a two-way sync (see user preferences and options).

1.61 Triggers for Synchronization

The following events can generate a synchronization process:

Filter	Default
Any time mail arrives on the server that meets the user’s filter criteria	Requires a push notification to be received from SEVEN. This functionality is not available across all devices as it requires specific device integration
Scheduled sync	Configured by the use (see user preferences)
Manual sync	User selects the send/receive button

1.62 Background Synchronization
With background synchronization, subscribers can access other applications (e.g. browser) while synchronization takes place. During synchronization, subscribers cannot use the SEVEN client to read, delete, or compose messages.

Application Provisioning and Initialization

1.63 Downloading the SEVEN Client Installer
Subscribers download the SEVEN Client via SEVEN Manage. The client is available:
• Via an SMS sent from the downloads page (New in 6.5)
• Via an Installer downloaded from the Downloads page

1.64 Simplified Registration (new in 6.5)
When subscribers sign up for PE, EE or SE, System SEVEN will create a staged account based on the subscriber's mobile number. The staged account stores the subscriber's username and enterprise ID in the case of Enterprise/Server Edition.

When subscribers launch the SEVEN client for the first time, they enter their mobile number (if the platform can't detect it automatically). The client then connects to System SEVEN and retrieves the user profile.As a result, username and Enterprise ID will be pre-filled by the client and subscribers will have to enter only their mobile number and password (Reg code will be required for Server Edition subscribers).

1.65 Device based ISP Registration (new in 6.5)
Subscribers can register ISP accounts such as Yahoo! and Earthlink directly from their device. This action creates an "ISP Authenticated" account in System SEVEN.
ISP Authenticated Accounts are used as part of a deeper integration with partner or certified ISPs to simplify the user experience. ISP Authenticated Accounts are created using a subscriber's existing ISP credentials (e.g. Yahoo user name and password). For ISP Authenticated Accounts, System SEVEN delegates authentication of user and device requests to the relevant ISP (or may use tokens derived from prior authentication by the ISP).

1.66 Upsell to Work (new in 6.5)
Subscribers who have registered an ISP account, can now add a work email account fro m their device. After clicking on the "Work” option, subscribers will be asked to enter their work email address. A welcome email is sent to this address pointing the subscriber to the Personal Edition Sign Up page. After the subscriber has downloaded and installed the desktop client, the subscriber needs to complete the registration from the device.

1.67 Advanced Branding
Clients present additional logo and customized text per account to reinforce operator and ISP hands.

1.68 Single Client (new in 6.5)
6.5 SEVEN device clients support all SEVEN products using a single binary. If an operator deploys 2 System SEVEN instances (for example one for PE and the other for EE), the same 6.5 client can connect to both instances.

When the subscriber registers for the first time, the client receives a list of all deployed products that are supported by the operator and can dynamically present the appropriate registration screens based on user selection.

1.69 Auto-update
The SEVEN client detects when a new version is available for download and automatically install the new application over-the-air.

When making a new version available, Operators can define one of three types of auto-updates:
• Optional: It is the subscribers discretion to update
• Forced: the user must update in order to continue using SEVEN
• Silent: existing subscribers are not notified of the new update, they can get it by independently getting the new version.

User Preferences and Device Settings

1.70 Account Information
Subscribers can view/update their account information using the SEVEN Application. The user should be able to view the following:
• Enterprise ID (view only)
• User Name (view only)
• Mobile Number (view and update)

When subscribers change their password, the SEVEN client will prompt subscribers to enter their new one.

1.71 Filter Settings
Subscribers can configure their filter settings as described in previous sections.

1.72 Signed Schedule
Subscribers can configure the settings for synchronizations between SEVEN clients and System SEVEN.

Subscribers can configure the following settings for synchronization
1. Sync Manually only or
2. Sync Automatically – In this case the user has the following options:
a. Sync using Smart Power Management (see below) or
b. Sync using the following rules:
• On weekdays, sync every 30 minutes
• On weekdays, sync every 2 hours

In addition to the above settings, subscribers can choose to Sync every time new mail has arrived on their corporate server.

1.73 Smart Power Management

Smart Power Management dynamically changes the sync schedule based on the amount of power left on the device.

Smart Power Management changes based on the power level as outlined by the table below:

Setting/Rule	Low	Medium	High
Power remaining	<20%	20-50%	>50%
Weekday Sync	Every 2 hours	Every 30 minutes	Every 15 minutes
Weekend Sync	Never	Every 2 hours	Every 1 hour

1.74 Notification of new mail
Subscribers can choose to be notified when new mail arrives to the SEVEN client after synchronization.

Subscribers can set the following options:
1. Silent Notification by Vibrating Device AND/OR
2. Notify me with an Audible Notification:
a) Select sound <drop down list of sounds>
b) Select volume

1.75 Refresh All Data Option
The user can choose to perform reset synchronization on their device. If selected, the user is presented with the following options:

• Synchronize client and server
• Server over-writes SEVEN Application - a one-way sync where the server over-writes the device. If this option is selected, a warning message is displayed.

1.76 Data Obliteration
For instances when a device is misplaced, Subscribers or Enterprise Administrators can issue commands to erase all mail and account data stored on a device.

Erase commands will be executed by sending encrypted message with the data obliteration command. Also, anytime the device attempts to synchronize and receives an erase command from the System SEVEN server (for cases where the message was not received).

1.77 Synchronization Log Viewer
Subscribers are able to view time and status of past synchronization actions. This feature is primarily used for support purposes.

Device Features Matrix

Supported Products
PE/EE/SE	v	v	v	v	v	v
CE	x	x	x	v	x	x
Client Architecture
SEVEN Client	v	x	x	v	x	v
SEVEN Integrated (Plugin) Client	x	v	v	x	v	x
Registration
Simplified Registration	v	v	v	v	x
Upsell from ISP to work	x	x	x	v	x
Download Client via PC Installer	v	v	v		v
Download Client via link or SMS	v	v	v	v	v
EMAIL
Multi inbox (Corporate and Internet)	v	x	x	v	x	x
Offline Folder	v	v	v	v	v
Unread Mail Count	x	v	v	v	x	x
Compose Mail	v	v	v	v	v	v

Call sender	v	x	x	x	x	v
Save/Move Messages	v	v	v	v	x	x
Mark Messages As Read/Unread	v	v	v	v	v	v
Preview Message	v	x	x	x	x	x
High Priority Indicator	v	x	x	v	x	v
Go to Top/Bottom	v	x	x	x	x	x
Multi Select	v	v	x	x	v	v
Sorting (Sender, Subject, Date)	v	v	v	x	v	x
View Attached File Information	v	v	v	v	v	v
Reply, Forward, Delete Message	v	v	v	v	v	v
Delete All Messages	v	x	x	v	x	x
Undelete/Move	v	v	v	v	x	x
Expand/Contract Header ⁰	v	v	v	v	v	x
Hyperlinks in Message Body ((Phones, emails, weblinks)²	v	x	v	v	v	x
Read more	v	v	v	v	v
Accept, Decline, Tentative Meetings Requests²	v	v	v	x	v	v
Next/Previous Message	v	v	v	v	x	v
Native File Viewing (i.e. Pocket Word)	v	v	v	x	v	v
File Viewing using a v^rdParty Transformation Engine	v	x	x	x	x	x
Save Sender to Contacts¹	v	x	v	v	x	x
6.5 CLIENT FEATURES	Palm	PPC	Smart Phone 2003	JxME	Symbian UIQ	Browse
Add Recipients From Device Address Book¹	v	v	v	v	v	x
Add Recipients From Internet Accounts	v	x	x	v	x	x
Smart Addressing	v	v	x	x	x	v
Quick Responses	x	v	v	x	x	v
Attach Files From Network	v	x	x	x	x	v
Attach File From the Device	x	v	x	x	v	v
Sending Options (Immediate vs. Outbox)	v	x	x	v	x
CALENDAR
View Appointments²	v	v	v	x	v	v
Appointments Tool tips	v	v	v	x	x	x
Daily / Agenda Views ²	v	v	v	x	v	v
Weekly View ²	v	v	v	x	v	v
Add Appointments/Meetings	v	v	v	x	x	v
Delete Appointments/Meetings	v	v	v	x	x	v
Send Updates/Cancellation Notices to Attendees	v	v	v	x	x	x
Edit Appointments/Meetings	v	v	v	x	x	v
Reminders³	v	v	v	x	x	x
Zoom in/out	v	v	v	x	x	x
Go to Date	v	v	v	x	x	v
Calendar Preview From Home screen	x	v	v	x	x
Change Accept/Decline Status	v	v	v	x	x	v
View Conflict Status	x	x	x	x	x	v
PERSONAL CORPORATE CONTACTS
Search for Personal Contacts	v	v	x	v	v	v
Search for Corporate Contacts	v	v	x	v	v	v
Search for Local Contacts ¹	v	v	x	v	v	x

Call Contacts	v	v	x	v	x	v
Email Contacts	v	v	x	v	x	v
Store Most Recently Used Contacts	v	x	x	v	x	x
Add to Local Address book	x	v	x	v	x	x
View Contact	x	v	x	v	x	v
Add Personal Contact	x	x	x	x	x	v
Edit Personal Contact	x	x	x	x	x	v
Delete Personal Contact	x	x	x	x	x	v
ATTACHMENTS/DOCUMENTS
File Viewing using a 3^rd Party Transformation Engine	v	x	v	x	x	x
Native File Viewing (I.e. Documents to Go, Pocket Word)⁴	v	v	v	x	v	v
View Documents Stored Remotely	v	x	x	x	x	v
Attach Documents Stored Remotely	v	x	x	x	x	v
Attach Documents Stored on the Device	x	v	x	x	v	v
Fax Documents	x	x	x	x	x	v
TASKS
Task Summary	x	x	x	x	x	v
View Task	x	x	x	x	x	v
Mark task as Complete	x	x	x	x	x	v
Edit Task	x	x	x	x	x	v
Add Task	x	x	x	x	x	v
SETTINGS
SMS Push ⁵	v	v	v	v	v
IP Based Push ⁶	v	v	v	x	x
Smart Power management	v	v	v	x	x
Scheduled Sync	v	v	v	v	v
Background Synchronization	v	v	v	x	v
Data Obliteration	v	v	v	v	v	v
Mail Filters (Mailbox Size, Body Size)	v	v	v	x	v
Calendar Filters	v	v	v	x	v
Signatures	v	v	v	x	x	x
Email notification	v	v	v	v	v	x
Calendar Alarms ²	v	v	v	x	v	x
OTA Client Update	v	v	v	v	v
Sign in as a New User	v	v	v	v	v
Refresh All Data	v	v	v	v	v
View Account Information	v	v	v	v	v	v
Event Viewer	x	v	v	x	x

⁰ Implementation Varies Between Platforms	LEGEND
¹ Not Supported on all J2ME phones	Supported	v
² One-Way Calendar is Supported on A1000	New	v
³ For Palm Devices Require OS 4.0 or Higher	Not Supported	x
⁴ Actual File Types Depends on 3rd Party	Not Applicable
⁵ PPC 2003 or Higher
⁶ PPC 2003 or Higher, Palm 600/650 only

2 CONSUMER EDITION FEATURES (NEW IN 6.5)

System SEVEN Consumer Edition includes support for access to email and PIM information for selected Internet Service Providers (ISP). Feature availability and implementation may vary depending on the ISP being accessed and integration level (tier) between the ISP and SEVEN. The following table outlines general feature availability by ISP:

	IMAP4	POP3	REMOTE CONTACTS	PUSH	TIER
AOL	*			*	2
ATT
Worldnet		*		*	2
Bellsouth		*		*	2
Comcast		*		*	2
Earthlink		*		*	2
NetZero		*		*	2
Yahoo!
(POP)		*		*	2
Yahoo!	*		*	*	1
SBC
Yahoo!	*		*	*	1

Note: Availability of tier 1 ISPs is subject to commercial agreement between the ISP and the operator.

2.1 Push Support
Tier ISPs notify SEVEN in real-time (via custom integration) of new email events for its subscribers. System SEVEN then initiates a push request to the appropriate mobile device(s) to initiate message synchronization.

For Tier 2 ISPs, push is provided via server polling. The SEVEN server pails the ISP server every X minutes where x is configurable by the operator.

2.2 OTA Retrieval of Brandable Elements
For clients with memory size limitations (such as J2ME) System SEVEN supports on demand retrieval of brandable elements (such as logos and text) for optimized user experience and mess market reach.

3 PERSONAL EDITION FEATURES

System SEVEN Personal Edition includes support for access to email, PIM information, and Documents. Feature availability and implementation may vary depending on the enterprise application being accessed. The following table outlines general feature availability by enterprise application:

	Exchange 5.5	Exchange 2000	Exchange 2003	Domino R5	Domino R6/R6.5	POP3	IMAP4 Servers
Mail	*	*	*	*	*	*	*
Corporate Contacts	*	*	*	*	*
Personal Contacts	*	*	*	*	*
Calendar	*	*	*	*	*
Desktop Documents	*	*	*	*	*	*	*

System Requirements

3.1 Operating System Requirements
• Windows 2000 Professional
• Windows XP Professional

3.2 Messaging Systems and Clients Requirements
• Microsoft Exchange 5.5 with Outlook 2000 or XP or 2003
• Microsoft Exchange 2000 with 2000 or XP or 2003
• Microsoft Exchange 2003 with 2000 or XP or 2003
• Lotus Domino R5 with Lotus Notes R5 or R6/R6.5
• Lotus Domino R.& and Lotus Motes RS or R6/R6.5
• Lotus Domino R&.5 and Lotus Notes RS or RE/R6.5
• IMAP4 servers
• Corporate POP3 Servers

3.3 Hardware and Software Requirements (Minimum)
• Processor: 166 MHz Pentium II
• Memory: 64 MB of RAM
• 16 MB of available hard disk space

3.4 Hardware and Software Requirements for Hosting Connections (Minimum)
• Processor: 300 MHz Pentium III
• Memory: 128 NIB of RAM
• 16 MB of available hard disk space

3.5 Streamlined Installation and Provisioning Process
Subscribers can choose default values (such as install directory and start menu folder) during the desktop client installation. The desktop client also automatically detects and authenticates exchange users. If a user selects a user-defined installation, they will have the option of customizing these options.

Proxy Support

3.6 Proxy connection methods
Desktop clients installed by Subscribers can connect to System SEVEN Personal Edition via the following standard enterprise proxy connection methods:
1. DIRECT connection via port 443
2. PROXY (HTTP tunneling)
3. SOCKS (version 4)

3.7 Proxy Setting detection and configuration
If the enterprise requires connection via proxy, the desktop client detects the proxy settings using the following methods:
1. The desktop client auto-detects proxy settings from Internet Explorer browsers including protocol, hostname, arid port or a URL to a proxy auto-configuration script to retrieve the protocol, hostname, and port.
2. The desktop client provides a simple UI for the user to manually configure proxy settings for cases where direct connection and auto-detection methods cannot determine the proxy server settings.

3.8 Proxy Authentication
The desktop client includes support for proxies that require authentication. The desktop client supports NTLM authentication and Basic authentication. It supports entry of a domain, username, and password for Basic authentication.

3.9 Auto-update of the desktop client
System SEVEN Personal Edition includes auto-update support for upgrading the client component. The desktop client includes support for the following types of update notifications when new client versions are provided:

1. Silent: The new client is made available for all future downloads. However, existing clients are not notified or required to download the new client.
2. Optional: The new client is made available for all future downloads. Existing clients are notified of the availability of a new client along with its core features and are given the option to Update or Remind Later.
3. Required: The new client is made available for all future downloads. Existing clients are required to update to the new version before they can connect to System SEVEN.

Connection Sharing
System SEVEN Personal Edition allows Subscribers to access their corporate information when their computer is disconnected from the network by using another co-worker's network connection.

Connection sharing requires that the co-worker pre-approve a connection-sharing request from the subscriber. The co-worker must also have a System SEVEN Personal Edition Account. Connection sharing requires that the co-worker's computer is connected on the same domain as the subscriber and that his or her Slingshot client is running and connected.

Depending on the platform and sharing method used, certain mobile functions may be unavailable to a subscriber when using a co-worker's connection.NOTE: Access to corporate data when using the SEVEN SEVEN Application is only available when using a primary connection – not when using a shared connection.

3.10 Service-based Connection Sharing
For Microsoft Exchange subscribers, System SEVEN includes support for service-based connection sharing for other co-workers. To support service-based connection sharing, host machines must have the following (in addition to the minimum system requirements outlined under Slingshot Requirements):
I.) Outlook 2000 or higher
II.) Windows 2000/XP or higher
III.) Administrator privileges on their computers

3.11 Delegate-based Connection Sharing
For Microsoft Exchange subscribers that do not support service-based connection sharing, System SEVEN includes support for delegate-based connection sharing. Delegate sharing requires that co-workers grant delegate access in Exchange to the co-worker hosting their connection. Users with delegate status have permissions to access folders and send email on behalf of other users.

To support delegate-based connection sharing, host machines must have the following (in addition to the minimum system requirements outlined under Slingshot Requirements):
I.) Outlook 2000 or higher
II.) Windows 2000/XP without administrator privileges on their computers

3.12 Application-based Connection Sharing
Lotus Domino R5/R6/R6.5 Subscribers with Windows 2000 or XP can support application-based connection sharing for other co-workers.

3.13 Number of Connections Supported
For computers meeting the minimum Hardware and Software Requirements for Hosting (see PE Requirements), System SEVEN Personal Edition supports a maximum of 3-shared connections in addition to the primary user connection.

End User Administration

System SEVEN Personal Edition provides subscribers with a convenient web interface for the management and personalization of their mobile experience.

3.14 Alert Preferences
Subscribers can set a number of notifications rules for being notified of events in their mail and PIM applications. Subscribers can set filters based on a number of criteria including:

• Notifications based on new messages received, including filters for messages from specific senders or based on message priority,
• Notifications based on the receipt of updates to existing meetings.

4 ENTERPRISE EDITION FEATURES

Enterprise Applications
System SEVEN Enterprise Edition includes support for access to email and PIM information. Feature availability and implementation may vary depending on the enterprise application being accessed. The following table outlines general feature availability by enterprise application:

	Exchange 5.5	Exchange 2000	Exchange 2003	IMAP4 Servers	POP3
Mail	*	*	*	*	*
Corporate Contacts	*	*	*
Personal Contacts		*	*
Calendar		*	*
Tasks		*	*

Enterprise Administration

4.1 Manage Internal Administration
Enterprise administrators can create an internal administration for System SEVEN by adding administrative accounts. Administrators can then edit, delete, suspend, and administer passwords for these accounts.

4.2 Subscribers Provisioning and Management
Enterprises can manage which employees have access to SEVEN services by performing the following functions:
• Add subscriber accounts. Accounts can be added individually or through a

batch import process.
• Edit, delete subscriber accounts
• Suspend/activate subscriber accounts
• Reset subscriber passwords

4.3 Enterprise Service Configuration Wizard
System SEVEN provides an intuitive wizard interface that allows enterprise administrators to configure services enabled by the mobile operator. At a minimum, individual service configurations require that the administrator provide the hostname and ports for accessing the desired enterprise applications (i.e. Exchange 2000 server).

Once connections are established, the enterprise administrator can determine which enterprise subscribers have access to specific services.

4.4 Application Testing and Monitoring
After adding a new service, enterprise administrators have the option of verifying connectivity to their enterprise applications and to establish on-going monitoring of their applications.

To perform this function, the enterprise administrator must create a test account on each of tie relevant servers and provide the account information. System SEVEN will then test connectivity to each server and perform a series of application tests using the test accounts provided including:
• Count number of message in inbox (total and unread)
• Send emails
• Count number of appointments in current: day
• Count number of personal contacts available
• Count number of corporate contacts avail able
• Count number of existing tasks

4.5 On going Connection monitoring
Enterprise administrators can test the connection of a particular enterprise service to System SEVEN. In addition, the enterprise administrator can choose to enable on-going connection monitoring. If enabled, System SEVEN will periodically (approximately every 4 hours) verify that a connection to the respective mail servers is available.

If a connectivity problem is detected, System SEVEN will send a notification to an email address specified by the enterprise as well as to an email address specified by the operator.

4.6 Manage Mobile Links
Enterprise administrators can customize the set of links available to enterprise subscribers.
Administrators can:
• Add links to mobile sites or internal applications
• Lock down these links to prevent end subscribers from editing these links

4.7 Data obliteration
Enterprise administrators can issue commands to erase data from a misplaced device for Enterprise Edition subscribers.

End User Administration

System SEVEN Enterprise Edition provides enterprise subscribers with a convenient web interface for the management and personalization of their mobile experience.

4.8 Alert Preferences
Subscribers can set a number of notifications rules for being notified of events in their mail and PIM applications. Subscribers can set filters based on a number of criteria including:
• Notifications based on new messages received, including filters for messages from specific senders or based on message priority,
• Notifications based on the receipt of updates to existing meetings.

5 SEVEN SERVER EDITION FEATURES

Enterprise Applications

System SEVEN Server Edition includes support for access to email and PIM information. Feature availability and implementation may vary depending on the enterprise application being accessed. The following table outlines general feature availability by enterprise application:

	Exchange 5.5	Exchange 2000	Exchange 2003	Domino R5	Domino R6/R6.5	IMAP4 Servers
Mail	*	*	*	*	*	*
Corporate Contacts	*	*	*	*	*
Personal Contacts	*	*	*	*	*
Calendar	*	*	*	*	*
Documents Access	*	*	*	*	*	*

5.1 Windows Servers Supported
The SEVEN Enterprise Server runs on Windows 2000 SP3 or Windows 2003 servers.

5.2 Outbound initiated connection
The SEVEN Enterprise Server establishes an outbound connection to the System SEVEN Infrastructure deployed at the operator network. The outbound nature of the connection will ensure maximum security because mobile access will only be possible

from subscribers authenticated into System SEVEN. Deployment will also be simplified because enterprise firewall security policy will not necessarily have to be altered in order to provide mobile access to enterprise applications.

5.3 Proxy/firewall support
The SEVEN Enterprise Server enables secure connectivity to enterprise applications when the enterprise has deployed a proxy server. The following standard enterprise proxy methods are supported, as well as NTLM and basic proxy authentication:
• DIRECT connection via port 443
• PROXY (HTTP tunneling)
• SOCKS (version 4)

The Windows administrative application also provides a mechanism for administrators to manually configure settings.

5.4 Secure Connectivity
System SEVEN Server Edition provides secure connectivity to enterprise resources:
1. End-to-end encryption using Advanced Encryption Standard (AES) between the SEVEN Enterprise Server and the SEVEN smart device client.
2. Point: to point encryption using Advanced Encryption Standard (AES) between the SEVEN Enterprise Server and System SEVEN when using a browser. System SEVEN then uses SSL for secure connectivity between browsers and System SEVEN.

Enterprise Administration

5.5 Server and User Statistics
Server Edition provides a set of server and user statistics for the enterprise administrator. The administrator has access to statistics on % of the server as well as the number and type of requests. The following statistics are available:
• Uptime
• Time of Last Request
• Type of Last Request
• % Device Requests
• % Web Requests
• % Mail Requests
• % Calendar Requests
• % Personal Contacts Requests
• % Corporate Contacts Requests
• % Documents Requests
• % File View Request
• Total Requests

The administrator also has access to individual user statistics for provisioned users.

5.6 Disable Welcome email
Enterprise administrators that would like to provision end users can choose disable the welcome email option.

5.7 Self Provisioning
SEVEN enable a web based provisioning system to allow enterprises to automatically sign up for a Server Edition account. The enterprise begins by creating a new enterprise account at the Operator website. Then the enterprise Admin creates an Enterprise administrator account that will be used to manage the enterprise.

5.8 Web Management
Enterprises that self provision have the option of managing their enterprise deployment via a web interface. Note: If the operator provisions the enterprise, this functionality is not available.

Enterprises can execute the following:
• Edit the Enterprise Profile
• Edit the Enterprise Billing Contact
• Edit the Enterprise IT Admin Contact
• Create A Site • Delete A Site
• Reset a Site password

5.9 Disable/Enable Internet email
The enterprise administrator can enable/disable Internet Email (for Palm/J2ME devices) for the site on a global basis.

5.10 User Session Caching
The enterprise administrator can enable or disable the "Remember Me" check box, which the user can select on the log in page of Webmail.
Options are:
• Disabled
• 1 day
• 1 week
• 2 weeks
• 1 month
• 1 year

The default value is disabled.

5.11 Windows-based administration application
Enterprise administrators can manage subscribers and configure the SEVEN Enterprise Server via a Microsoft Management Console Snap-in application. This provides enterprise administrators with a familiar and flexible management interface.

5.12 SEVEN Enterprise Server process administration
The SEVEN Enterprise Server runs as a Windows service, which allows it to be controllable in an integrated fashion from the Windows Service Control Manager.

5.13 Service configuration
Enterprise administrators can manage services through the Windows-based administration application. Users can be provisioned for different services.

5.14 User management
Enterprise administrators can manage users via the Windows-based administrative application.

Enterprises can manage which users have access to various services by performing the following functions:
• Add subscriber accounts. Can be added individually or with a batch import process
• Edit, delete subscriber accounts
• Suspend/activate subscriber accounts
• Reset subscriber passwords

5.15 Windows Event Log for SEVEN Enterprise Server
Enterprise administrators can access all production level information messages, warning messages, error messages, and critical messages via the Windows Event Log so that they can be viewed via the Windows Event Viewer.

5.16 System alerts for SEVEN Enterprise Server
Enterprise administrators can be alerted via email upon error or critical events in the SEVEN Enterprise Server or connection to System SEVEN.

5.17 Device access policy
Enterprise administrators can enable/disable mobile access via browsers or smart devices.

5.18 Data obliteration
Enterprise administrators can issue commands to erase data from a misplaced device for Server Edition users.

6 SYSTEM SEVEN FEATURES

Operator Administration

6.1 Role based administration
Mobile operators can manage internal administration by adding administrative accounts under different roles with varying degrees of permissions including:
• Operator Administrators (super users)
• Customer Supervisors
• Customer Care and Operations
• Marketing - Marketing accounts can only view reports and download session log data.

Operators can then edit, delete, suspend, and administer passwords for these accounts.

6.2 Delegated Administration
Mobile operators can delegate administrative tasks to enterprise administrators, who can then add and manage services and subscribers. This helps reduce the costs of customer care for the operator.

6.3 Manage Mobile Links
Mobile operators can design and manage the links available subscribers on an enterprise by enterprise basis:
• Operators can add/delete links to other wireless sites
• Operators can customize the order in which links are presented
• Operators can 'lock" links and folders to restrict subscribers from editing
• Operators can allow enterprise administrators and subscribers to add custom links

6.4 Web-based Provisioning and Management
Operators have the option of providing a web-based, self-provisioning model for enterprises to sign up and deploy Server Edition. This is an optional provisioning model for operators. Operators may choose to only use the traditional model where the Operator provisions the account for an enterprise.

6.5 License Enforcement
System SEVEN will now have the ability to enforce a maximum number of Server Edition licenses per site as configured by the Operator during initial site creation. The enterprise will be unable to add subscribers beyond this maximum number of licenses.

Note: it is not possible to reduce the number of licenses to a lower value than the current number of provisioned subscribers at the enterprise.

6.6 Enterprise Provisioning and Management
Mobile operators can manage enterprises by performing the following functions:
• Add, edit, delete enterprise accounts
• Suspend/activate enterprise accounts
• Reset administrator passwords

6.7 Enterprise Provisioning (Server Edition)
Mobile operators can provision enterprises for access for the following services:
• Exchange 5.5
• Exchange 2000/2003
• Domino R5
• Domino R6/R6.5
• IMAP4
• POP3

In addition, the operator can specify the maximum number of subscribers per service. Operators can also choose to add the following add on features for all services:
• Access to file viewing

6.8 Enterprise Service Provisioning (Enterprise Edition)
Mobile operators can provision the services available to enterprises, including the maximum number of subscribers per service. System SEVEN provides the following services for Enterprises:
• Exchange 5.5
• Exchange 2000
• Exchange 2003
• IMAP
• POP

In addition, the operator can choose to add the following add on features for all services:
• Access to corporate contacts (root available for IMAP or POP services)
• Notifications

6.9 Viewing enterprise service configuration (Enterprise Edition )
Mobile operators can view the settings that an enterprise administrator has configured for a particular service. This allows the operator reduce customer care costs by quickly diagnosing service configuration issues. This capability is only available if the enterprise administrator chooses to give the operator service configuration viewing permissions.

6.10 Connection monitoring (Enterprise Edition)
Mobile operators can test the connection of a particular enterprise service to System SEVEN. The operator receives real-time feedback about the status of the connection, which helps reduce customer care costs by quickly diagnosing service configuration Issues.

6.11 Subscribers Provisioning and Management (Personal Edition)
Mobile operators can manage subscribers by performing the following functions:
• Search for subscriber accounts using usernames, first and last names, and mobile numbers
• Edit subscriber profiles
• Delete subscriber accounts
• Suspend/reactivate subscriber accounts
• Reset subscriber passwords

6.12 Custom Email Tagline (Personal Edition)
Operators can specify a tagline to be added at the end of each message sent using System SEVEN Personal Edition.

Mobile Services Environment

6.13 Push Channels (new in 6.5)
System SEVEN v6.5 is capable of utilizing multiple channels to deliver new messages to SEVEN clients. In addition to SMS push, System SEVEN now supports a TCP/IP channel to notify devices when new messages arrive to the subscriber's mailbox.

SMS Channel
This option utilizes the operator's SMS infrastructure to notify the SEVEN Client that new mail has arrived, similar to System SEVEN v6.3.x.

There are several push related variables that operators can configure:

	SMS Only	IP Only	Hybrid
Keep Alive interval Value determines how often the client pings the server to maintain the IP connection. The value should be set based on operator APN network timeouts.	Not applicable	Yes, Set by operator Configured via System SEVEN	Yes, Set by operator Configured via System SEVEN
Inactivity period for Disconnect Value determines the period of inactivity before the client disconnects and goes into hibernation mode, awaits a wake-up SMS	Not applicable	Not applicable	Configured via System SEVEN
SMS Suppression Value determines the number of unanswered push or wake-up SMS messages sent to device before disabling push. Suppression is reset with a client sync (manual push).	Yes, Set by operator Configured via System SEVEN	Not applicable	Yes, Set by operator Configured via System SEVEN

6.14 SMS Protocols Supported
System SEVEN supports the following protocols for integration with Operators SMS Gateways for notification delivery:
• SMTP
• SMPP

6.15 Download Page Redesign (new in 6.5)
The new Downloads page displays supported devices by make and model instead of by platforms (e.g. Palm, PPC). When subscribers choose their device make (e.g. Nokia) a list of all Nokia supported devices is presented. Each device has an image to help subscribers easily identify their devices.

Subscribers will also be provided with customized download instructions based on the device they choose. These instructions could be one or few of the following options:
1. Instructions on how to launch the client if pre-installed
2. Instructions on how to download the client from the device if stub app is pre-installed
3. Send an SMS to the device with a link to download the client
4. Download the client via the PC and hotsync it to the device

6.16 Billing APIs
System SEVEN supports Billing APIs for service and user level billing.

6.17 File Transformation Servers
System SEVEN enables integration with 3^rd party file transformation vendors. The following vendors are supported:
• Stellent – the following Stellent products are supported:
• Outside In Wireless Export 7.5.1 for Sun Solaris on SPARC
• Outside In Wireless Export 7.6.1 for Windows on Intel

Note: the File Transformation Servers are not included as part of standard SEVEN licensing.

6.18 Reporting

System SEVEN provides Operators with a web-based interface for accessing a number of pre-defined reports in graphical or table forms. System SEVEN includes the following set of reports:

• Total Requests – Operators can analyze trends in usage of the service by monitoring the total number of requests made by subscribers over time. This report also helps Operators guarantee service quality by monitoring the overall load on their systems. This report can be viewed by various time intervals and by access method*.
• User Sessions and Duration – Operator can understand the impacts of data services on their network by monitoring the number of user sessions and average duration of these sessions over time. This report can be viewed by various time intervals and by access method.
• Requests by Service Feature – Operators can gain insights into the critical features of their services by measuring the subscriber usage of individual features including send and receive e-mail, view calendar requests, view contacts, and download files. This report can be viewed by various time intervals and by access method.
• Provisioned and Active Subscribers – Operators can evaluate the success of their marketing efforts by monitoring the number of provisioned Subscribers of the service over time. In addition, Operators can also gain insight into how many provisioned Subscribers actively use the service. This report can be viewed by various time intervals.
• Subscriber by Company – Operators can view the number of data subscribers by e-mail domain. This report provides an invaluable tool for Operators that be leveraged when selling to IT enterprise administrators to demonstrate the demand for their services.

*Access methods include PC, PDA, or Smart Devices.

Deployment

6.19 Streamlined Client Package Deployment (new in 6.5)
New clients of platforms that are added to System SEVEN would be rolled out without requiring the Operator to upgrade Manage. This simplifies the process and reduces the impact of new certification for operators.

6.20 Internationalization
The Mobile Services environment is fully internationalized. Device client platforms may be subject to additional development based on customer requirements.

SEVEN PERSONAL EDITION
SECURITY WHITE PAPER

TABLE OF CONTENTS

3 Overview

4 Architecture Overview

5 Connectivity, Authentication and Administration

7 Transport Security

8 Mobile Access Methods
Scenario 1: End-to-end encryption using a SEVEN Mobile Client (Over-the-air synchronization with offline capabilities)
Scenario 2: Point-to-point encryption using PDA and PC Browsers

14 Appendix AES Overview Glossary

16 About SEVEN

17 Notices

OVERVIEW

SEVEN Personal Edition is a mobile email solution that enables individual users to securely access their corporate data from a wide variety of mobile devices. Users can get up and running instantly by self-provisioning a secure connection to the operator network through the installation of the SEVEN Desktop Connector. Once this connection has been set up, information is pushed to the user’s mobile client in real time.

SEVEN Personal Edition enables secure, real-time access to the following applications across a diverse range of devices:
• Email – View and respond to email, with messages pushed to the device and changes instantly updated on the enterprise application.
• Calendar- View appointments pushed to the device; schedule and receive reminders for appointments from a mobile device.
• Personal Contacts – Interact with personal contacts; initiate calls and emails.
• Corporate Contacts – Seamlessly interact with extensive corporate directories without having to store the entire directory on the device itself.
• Documents- Browse, view, email and fax documents from a mobile device.

SEVEN Personal Edition provides secure, real-time mobile access to the following enterprise applications:

• Microsoft Exchange 5.5, 2000, 2003
• Lotus Domino R5, R6, R6.5
• IMAP/POP enterprise servers
• Internet email accounts (e.g. Yahoo!, Earthlink)
• Documents stored on user’s PC

ARCHITECTURE OVERVIEW

SEVEN Personal Edition enables individual subscribers to access corporate and personal data by creating a secure connection to the operator’s network through the installation of the SEVEN Desktop Connection.

The core components of SEVEN Personal Edition hosted in the mobile operator’s data center (referred to as “System SEVEN”), while enterprise data and applications remain securely stored behind the corporate firewall. This allows individual subscribers to retain control over their data while offloading the complexity of mobile device and network compatibility to the operator, and benefiting from integration with network services such as SMS that are used to enhance the application experience.

Unlike store-and-forward solutions, which provide loosely coupled replication of data to mobile devices, SEVEN Personal Edition enables up-to-date, real-time access to email, personal and corporate contacts as well as calendar. When an email message is read or deleted by a mobile user, that state change is reflected automatically in the user’s inbox. When a mobile user sends and email message, a copy is automatically deposited in the user’s inbox. When a mobile user sends an email message, a copy is automatically deposited in their sent-items folder, just as if the message had been sent from their desktop PC.

CONNECTIVITY, AUTHENTICATION AND ADMINISTRATION

Connectivity

In the diagram on page 4, the mobile user installs the Desktop Connector on a desktop PC. The Desktop Connector establishes and maintains a durable network connection from the PC to System SEVEN at the operator’s data center. This connection, which is automatically re-established by the Desktop Connector if disrupted, is the two-way communications channel used to route requests for enterprise data to the Desktop Connector, as well as transmit the requested data to System SEVEN.

All communications between the Desktop Connector and System SEVEN are encrypted using 128-bit AES, and digitally signed to guarantee their integrity. In addition, the SEVEN Mobile Client automatically negotiates end-to-end AES encryption when used in conjunction with the Desktop Connector, guaranteeing that data is encrypted before leaving the enterprise premises and decrypted only after delivery to a specific SEVEN Mobile Client.

Authentication

Users sign up for SEVEN Personal Edition accounts using a secure, web-based interface. During this setup process, they are required to select a unique username, as well as a password meeting minimum requirements for length and complexity. The credentials created during this process are referred to as the user’s ‘mobile credentials’ and are separate and distinct from any account information used to access enterprise resources.

The user must then successfully install and authenticate the Desktop Connector. This step confirms that the user is, in fact, an authorized user of the corporate security domain in which their PC resides.

Each user’s System password is irreversibly encrypted during account setup using an AES-compatible hash function, before being stored for future login verification. It is not computationally feasible to recover a password encrypted using a hash function. When a user attempts to log in at a later date using the mobile credentials previously established, System SEVEN validates the password input during the login sequence by encrypting the presented password and comparing the result to the encrypted password stored in System SEVEN’s database. If the encrypted passwords are identical, the user is authorized to access.

In keeping with System SEVEN’s ‘zero trust’ security principle, user passwords are stored as outlined above: in a form that allows validation of presented credentials, without the possibility of accidental disclosure of a user’s password. The only possible response to a lost password is a password reset, which can be initiated by the user or by the mobile operator’s customer service department. The re-establishment of account access is accomplished by use of a one-time password sent as an e-mail message to the user’s registered account (or, optionally, via an SMS message sent to an Internet-enabled wireless device). Once the single-use password is presented to System SEVEN, the user is then immediately required to register a permanent password before being permitted to use any feature of the service.

Each individual desktop connection is registered to a primary user. During the installation of the Desktop Connector software, the user is required to input his mobile credentials. Using these mobile credentials, the Desktop Connector then authenticates

to System SEVEN and receives a cryptographic authorization taken if the presented mobile credentials are valid. This token is then stored by the Desktop Connector and used for all subsequent connections, eliminating the need to store the mobile credentials on the host PC. The decision to store this token persistently is driven by user selection of the ‘remember my password’ option in the Desktop Connector configuration. Users may employ SEVEN Personal Edition’s Connection Sharing feature to enable Connection Sharing feature to enable uninterrupted access to corporate resources. A user may initiate a request to a co-worker to enable Connection Sharing, which is delivered to the co-worker’s email inbox. If the co-worker chooses to host the user’s connection as a result of this request, several things happen:

• The requesting user must submit their enterprise messaging credentials to System SEVEN to enable access to messaging services via Connection Sharing.
• The co-worker’s Desktop Connector is invisibly reconfigured to provide connectivity for both the co-worker and the user requesting Connection Sharing. This results in the creation of an additional authorization token on the co-worker’s PC for the hosted user.
• Each time the co-worker’s Desktop Connector connects and registers with System SEVEN, it retrieves the hosted user’s enterprise messaging credentials and stores them in memory. These credentials are never stored on disk, even in encrypted form, effectively preventing any possibility of recovery or accidental disclosure.

Any enterprise messaging credential is required to enable Connection Sharing stored within System SEVEN and protected using 128-bit AES encryption. Recovery of these credentials is only possible when a cryptographic authorization token is presented by a Desktop Connector client containing the correct key, in conjunction with other authorization information transmitted by the Desktop Connector. The net result is that the stored credentials are not accessible by users, and can only be recovered by an authorized Desktop Connector by means of a fully authenticated session.

TRANSPORT SECURITY

AES security is employed in conjunction with digital signature algorithms (e.g. SHA 1) to secure data transported between System SEVEN components. The use of digital signatures provides protection against modification of data as it passes across the network, even when it is encrypted. System SEVEN employs AES and digital signatures within a patent-pending, multi-channel encryption protocol. This innovation enables a single block of data to contain multiple separately encrypted sections, each destined for a different endpoint.

MOBILE ACCESS METHODS

SEVEN Personal Edition provides end-users with maximum flexibility in deciding which mobile devices they want to use.

Scenario 1: SEVEN Mobile Client connected to Personal Edition

The advent of “smart devices”, PDAs and phones with integrated wireless network connectivity and local processing capability has opened up exciting new possibilities for mobile productivity. SEVEN Personal Edition bridges the gap between these networked devices and the firewalled sanctity of the corporate network by offering a complete solution, including purpose-built client technology with support for remote management and end-to-end security.

The SEVEN Mobile Client is compatible with BREW, J2ME, Microsoft Pocket PC, Microsoft Smart-phone 2003, Palm OS and Symbian-based phones, and is tightly integrated with the System SEVEN components running in the operator and enterprise networks.

Over-the-air synchronization with offline capabilities

The SEVEN Mobile Client enables users to be productive on and off-line, through the use of intelligent synchronization of data to the smart device. Users may elect to have the network automatically trigger synchronization with their inbox on the mail server whenever new messages arrive. Conversely, users may elect to transmit outgoing email message immediately, or defer them until it is convenient to send all queued messages simultaneously.

The SEVEN Mobile Client communicates with the System SEVEN server complex hosted in the mobile operator’s data center using an AES-encrypted TCP/IP connection. The System SEVEN server complex routes each transaction request as it arrives. Sync requests by users belonging to enterprises with managed connections are processed internally by System SEVEN, and the required data is retrieved on the fly from the servers at the enterprise.

This scenario delivers the maximum security possible for safeguarding enterprise data. Each mode in the diagram shown on page 9 has security association on with each of its neighbors, called the point-to-point security association, consisting of a shared secret AES key, associated encryption parameters and session-specific data. The point-to-point security association enables secure communications over a single ‘hop’ within System SEVEN. For example, the SEVEN Mobile Client might use the point-to-point security association enables secure communications over a single ‘hop’ within System SEVEN. For example, the SEVEN Mobile Client might use the point-to-point security association it shares with the System SEVEN service hosted by the mobile operator to send a request for delivery of any new email messages, which would then be re-encrypted and relayed to the Desktop Connection.

The true power of System SEVEN is manifested when the Desktop Connector uses the end-to-end security association to encrypt new email messages for delivery to the SEVEN Mobile Client in one channel of the reply, and uses the point-to-point security association to encrypt the routing information in a second channel. When this reply is received by the System SEVEN service, only the second channel can be decrypted, as the System SEVEN service is not a member of the security association used to protect the messages encoded in the first channel.

The AES keys used are unique and known only to the members of that security association. Key negotiation is handled within System SEVEN using an Elliptic Curve Cryptography enhanced variant of the Diffie-Hellman protocol. This technology enables the negotiation of a secure shared secret key over insecure communications channels, such as the Internet. It is also employed in an innovative fashion to negotiate the end-to-end security association between the SEVEN Mobile Client and the enterprise data connector, using the System SEVEN service as a blind relay. The nature of the exchange is such that despite handing all packets involved, the System SEVEN service has no knowledge of the actual secret key negotiated by the two endpoints.

In this scenario, the Desktop Connector is responsible for determining when new messages are present for the user. By default, the SEVEN Mobile Client is configured for push-type delivery of new email messages, which is handled as follows:

1. The presence of one or more messages matching the user’s individual filter criteria causes a notification to be sent to System SEVEN using the point-to-point security association.
2. System SEVEN then processes this notification and generates an encrypted SMS message for delivery to the device running the SEVEN Mobile Client.
3. The encrypted SMS message is delivered to the device with the SEVEN Mobile Client installed, where it is decrypted and processed.
4. The SEVEN Mobile Client initiates a mailbox sync operation immediately upon validation of the encrypted notification, uploading any changes (e.g. messages marked read or deleted) and downloading any new messages.

This level of device and integration enables the mobile user to experience the benefits of on-demand delivery of email to their device.

Scenario 2: Self-contained PDA and PC browsers

Web browser access on PCs

Accessing SEVEN Personal Edition with a PC-class browser unlocks a full-featured virtual desktop, which includes access to multiple independent email inboxes, schedule management, personal and corporate directory services, documents and more. Browser-based access uses a point-to-point security model to protect data in transit between System SEVEN at the mobile operator’s data center and the browser.

In many cases, a PC-class browser accessing SEVEN Personal Edition is a suitable replacement for a remote-access VPN connection to the enterprise. Unlike a VPN-based remote access solution, a mobile user can make use of any SSL-enabled web browser to be immediately productive, with no need to load software.

As shown below, SEVEN Webmail sessions using desktop browsers require that data be handled in the clear at only one point between the enterprise premises and the device itself: within the memory space of a single physical server within System SEVEN at the mobile operator’s data center. The following security associations are established to protect data in transit:

1. Data moving between the Desktop Connector and System SEVEN at the mobile operator’s data center is protected using 128-bit AES encryption.
2. Data moving between System SEVEN and the desktop browser running on the PC or PDA is protected using 128-bit SSL encryption.

When a desktop browser is used as a SEVEN Webmail client, enterprise data is never stored within System SEVEN, nor is it ever transmitted in the clear over a network connection. In addition, safeguards are written into the web application to ensure that data is not cached locally by the browser; sensitive corporate data is never left behind in the cache of an internet kiosk or borrowed PC.

APPENDIX

AES Overview

On December 6, 2001, the United States federal government announced the approval of RPS-197, the standards document for the new Advanced Encryption Standard (AES). This marked the culmination of a multi-year selection process during which the world’s leading cryptography teams presented competing proposals for the crypto technology that was to become the AES.

The competition was fierce, and the peer review process was merciless. In the end, several candidates survived the final round of analysis. The winning Rijndael algorithm, submitted by a pair of cryptographers from Belgium, was selected for its combination of resistance to attack, ease of implementation, efficiency and scalable design allowing several encryption key sizes.

AES was selected for use throughout System SEVEN for all of these reasons, in accordance with SEVEN’s policy of using proven, tested security standards. In the short term, using AES encryption on a per-transaction basis (encrypting each payload individually) allows radically more efficient use of server resources than SSL-based client connections, which are extremely CPU-intensive. System SEVEN’s implementation of AES encryption at the application layer requires much less CPU time per new session startup, which translates directly to fewer connection servers needed for any given size user population.

Computational power per dollar continues to grow according to Moore’s Law, doubling roughly every 18 months. Cryptography technologies must be able to compensate for this by allowing for the use of increasingly strong encryption keys over time. In the longer term, the use of the AES allows System SEVEN a growth path to increasingly larger key sizes without disruption to the basic security strategy. This is in contrast to end-of-life standards, such as DES (reincarnated as Triple-DES, or 3DES), used in certain competing products despite the lack of a future growth path; AES is intended to replace DES and 3DES altogether in the next few years.

To illustrate the strength of the AES cipher, consider this: if one were to build a specialized computer to attempt decryption of 56-bit DES encrypted data, and that computer were capable of trying all possible DES keys in 1 second, that same computer would take 149 trillion (1000 x 149 billion) years to try all the possible 128-bit AES keys. For comparison, the universe is believed to be less than 20 billion years old.

Glossary

AES: Advanced Encryption Standard; the cipher suite chosen by the United States federal government to replace Triple DES. Specifications exist for keys of 128, 192 and 256 bits, allowing migration to longer keys as available computational power grows over time

DES: Data Encryption Standard, later extended via the Triple DES specification. The original 56-bit-key form of DES, established as a Federal Information Processing Standard (FIPS) in 1977, has been retired and is known to be vulnerable to several forms of cryptanalysis attack

ECC-DH: Diffie-Hellman secret-key negotiation using Elliptic Curve Cryptography HMAC-MD5: Keyed-Hash Message Authentication Code using Message Digest version 5

SSL: Secure Sockets Layer

Triple DES: A cyclic version of DES using three 56-bit keys in sequence, yielding an effective key length of 168 bits. Triple DES (sometimes referred to as 3DES) has been replaced by the AES as the encryption standard of choice for the United States federal government

VPN: Virtual Private Network

ABOUT SEVEN

SEVEN is a leading global provider of software that enables mobile operators to offer their subscribers secure, low-cost, real-time access to critical information including business and personal email and applications. SEVEN is available as Personal Edition for individuals, and Server Edition and Enterprise Edition for businesses. Our software supports a wide variety of device platforms, including BREW, J2ME, Microsoft Pocket PC, Microsoft Smartphone 2003, Palm-OS and Symbian-based phones, and is currently compatible with handheld devices manufactured by Hitachi, HTC, Motorola, palmOne, Sanyo, Samsung, Sony Ericsson and Toshiba. SEVEN is available today across major international network standards, and is sold by Cingular Wireless, KDDI Corp., NTT DoCoMo, O2, Orange, The Singtel Group and Sprint.SEVEN is a global company headquarted in Redwood City, CA.

Contact Information
901 Marshall Street
Redwood City, CA 94063
650.381.2500 P
650.216.6422 F
info@seven.com
www.seven.com

NOTICES

This document is provided for informational purposes only and SEVEN makes no warranties, either express or implied, in this document. Information in this document is subject to change without notice.

SEVEN may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from SEVEN, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

SEVEN and System SEVEN are either registered trademarks or trademarks of SEVEN Networks in the U.S.A. and/or other countries.

June 2004

SEVEN SERVER EDITION
SECURITY WHITE PAPER

TABLE OF CONTENTS

3 Overview

4 Architecture Overview

5 Connectivity, Authentication and Administration

6 Enterprise Security Policy

7 Transport Security

8 Mobile Access Methods
   Scenario 1: End-to-end encryption using a SEVEN Mobile Client
         (Over-the-air synchronization with offline capabilities)
   Scenario 2: Point-to-point encryption using PDA and PC Browsers

14 Appendix AES Overview Glossary

16 About SEVEN

17 Notices

OVERVIEW

SEVEN Server Edition enables secure, real-time mobile access to the following applications across a diverse range of devices:

Email – View and respond to email, with messages pushed to the device and changes instantly updated on the enterprise application
Calendar – View appointments pushed to the device; schedule and receive reminders for appointments from a mobile device
Personal Contacts – interact with personal contacts; initiate calls and emails
Corporate Contacts – Seamlessly interact with extensive corporate directories from the mobile device without having to store the entire directory on the device itself
Documents – Browse, view, email an fax documents from a mobile device

SEVEN Server Edition provides secure, real-time mobile access to the following enterprise applications:

Microsoft Exchange 5.5, 2000, 2003
Lotus Domino R5, R6, R6.5
IMAP enterprise servers
Internet email accounts (e.g. Yahoo!, Earthlink)
Documents stored on enterprise file share

ARCHITECTURE OVERVIEW

SEVEN Server Edition employs a behind-the-firewall approach to the delivery of information to mobile devices. The SEVEN Enterprise Server deployment consists of a lightweight server, while the core components of solution (referred to as “System SEVEN”) are hosted in the mobile operator’s data center. This permits the enterprise to retain control over its data and applications while offloading the complexity of mobile device and network compatibility to the operator, and benefiting from integration with network services such as SMS that are used to enhance the application experience.

Unlike store-and-forward solutions, which provide loosely coupled replication of data to mobile devices, SEVEN Server Edition enables up-to-date, real-time access to email, personal and corporate contacts as well as calendar. When an email message is read or deleted by a mobile user, that state change is reflected automatically in the user’s inbox. When a mobile user sends and email message, a copy is automatically deposited in their sent items folder, just as if the message had been sent from their desktop PC.

CONNECTIVITY, AUTHENTICATION AND ADMISTRATION

Connectivity

The SEVEN Enterprise Server establishes and maintains a pool of durable network connections outbound from the enterprise to System SEVEN at the mobile operator’s data center. Each connection is protected using both encryption (128-bit AES) and digital signature algorithms to satisfy the requirements of the most demanding enterprise. The SEVEN Enterprise Server requires no network topology or firewall rule set changes.

Authentication

Administration

The SEVEN Enterprise Server is managed within the enterprise using a Microsoft Management Console snap-in application, enabling it to integrate seamlessly into existing IT user management workflow. In addition, the SEVEN administration application integrates with the Exchange Global Address List and Active Directory, making it easy for administrators to batch import users for rapid provisioning. For maximum convenience, SEVEN Server Edition can also be managed using a web-based interface. After securely logging in, the IT Administrator can edit the enterprise profile, add and delete sites, reset the site password and more.

ENTERPRISE SECURITY POLICY

SEVEN Server Edition enables enterprise administrators to extend many of the security policies from their wired environment out to their mobile devices.

Username/password policy – Administrators can choose how often users are required to log in to the SEVEN application.
Enable/disable browse mode – Administrators can choose to disable browse- mode access so that users can only access data via an end-to-end encrypted channel using the SEVEN Mobile Client.
Enable/Disable Internet Accounts Access- Administrators can choose to disable access to Internet accounts from devices that support multiple inboxes.
Device Registration Code – Administrators can choose a registration code that users will be required to enter upon registration.
Extend Windows authentication policy to mobile devices- When using SEVEN Server Edition, the enterprise security policy set for that username and password (e.g. expire every X days) is seamlessly extended to the mobile device rather than requiring the administrator to manage a separate policy for mobile devices.
Remote date removal- System SEVEN provides administrators with the ability to ensure the security of enterprise data even when the user has misplaced his/her mobile device. The enterprise administrator simply initiates a data removal request and a command is sent to the SEVEN Mobile Client to remove all data. The data on the enterprise server is not affected.

TRANSPORT SECURITY

MOBILE ACCESS METHODS

SEVEN Server Edition provides end users with maximum flexibility in deciding which mobile devices they want to use while assuring IT professionals that their security and ease of administration needs are met across devices.

Scenario 1: End-to-End Encryption using a SEVEN Mobile Client

The advent of “smart devices”, PDAs and phones with integrated wireless network connectivity and local processing capability has opened up exciting new possibilities for mobile productivity. System SEVEN bridges the gap between these networked devices and the firewalled sanctity of the corporate network by offering a complete solution, including purpose-built client technology with support for remote management and end-to-end security.

The SEVEN Mobile Client is compatible with BREW, J2ME, Microsoft Pocket PC, Microsoft Smartphone 2003, Palm OS and Symbian-based phones, and is tightly integrated with the System SEVEN components running in the operator and enterprise networks.

Over-the-air synchronization with offline capabilities

This scenario delivers the maximum security possible for safeguarding enterprise data. Each mode in the previous diagram has a security association with each of its neighbors, called the point-to-point security association, consisting of a shared secret AES key, associated encryption parameters and session-specific data. The point-to-point security association enables secure communications over a single ‘hop’ within System SEVEN. For example, the SEVEN Mobile Client might use the point-to-point security association enables secure communications over a single ‘hop’ within System SEVEN. For example, the SEVEN Mobile Client might use the point-to-point security association it shares with the System SEVEN service hosted by the mobile operator to send a request for delivery of any new email messages, which would then be re-encrypted and relayed to the enterprise data connector.

The true power of System SEVEN is manifested when the SEVEN Enterprise Server uses the end-to-end security association to encrypt new email messages for delivery to the SEVEN Mobile Client in one channel of the reply, and uses the point-to-point security association to encrypt the routing information in a second channel. When this reply is received by the System SEVEN service, only the second channel can be decrypted, as the System SEVEN service is not a member of the security association used to protect the messages encoded in the first channel.

The SEVEN Enterprise Server is responsible for determining when new messages are present for each user. By default, the SEVEN Mobile Client is configured for push-type delivery of new email messages, which is handled as follows:

1. The presence of one or more messages matching the user’s individual filter criteria causes a notification to be sent to System SEVEN using the point-to-point security association.
2. System SEVEN then processes this notification and generates an encrypted SMS message for delivery to the device running the SEVEN Mobile Client.
3. The encrypted SMS message is delivered to the device with the SEVEN Mobile Client installed, where it is decrypted and processed.
4. The SEVEN Mobile Client initiates a mailbox sync operation immediately upon validation of the encrypted notification, uploading changes (e.g. messages marker read or deleted) and downloading any new messages.

This level of device and integration enables the mobile user to experience the benefits of on-demand delivery of email to their device.

Scenario 2: Point-to-point Encryption using PDA and PC browsers

Accessing SEVEN Server Edition with a PC-class browser unlocks a full-features virtual desktop, which includes access to multiple independent email inboxes, schedule management, personal and corporate directory services, documents and more. Browser-based access uses a point-to-point security model to protect data in transit between System SEVEN at the mobile operator’s data center and the browser.

In many cases, a PC-class browser accessing SEVEN Server Edition is a suitable replacement for a remote-access VPN connection to the enterprise. Unlike a VPN-based remote access solution, a mobile user can make use of any SSL-enabled web browser to be immediately productive, with no need to load software.

APPENDIX

AES Overview

AES was selected for use throughout System SEVEN for all of these reasons, in accordance with SEVEN’s policy of using proven, tested security standards. In the short term, using AES encryption on a per-transaction basis (encrypting each payload individually allows radically more efficient use of server resources than SSL-based client connections, which are extremely CPU-intensive. System SEVEN’s implementation of AES encryption at the application layer requires much less CPU time per new session startup, which translates directly to fewer connection servers needed for any given size user population.

Glossary

AES: Advances Encryption Standard; the cipher suite chosen by the United States federal government to replace Triple OES. Specifications exist for keys of 128, 192 and 256 bits, allowing migration to longer keys as available computational power grows over time

ECC-DH: Diffie-Hellman secret-key negotiation using Elliptic Curve Cryptography HMAC-MD5: Keyed-Hash Message Authentication Code using Message Digest version 5

SSL: Secure Sockets Layer

VPN: Virtual Private Network

ABOUT SEVEN

SEVEN is a leading global provider of software that enables mobile operators to offer their subscribers secure, low-cost, real-time access to critical information including business and personal email and applications. SEVEN is available as Personal Edition for individuals, and Server Edition and Enterprise Edition for businesses. Our software supports a wide variety of device platforms, including BREW, J2ME, Microsoft Pocket PC, Microsoft Smartphone 2003, Palm-OS and Symbian-based phones, and is currently compatible with handheld devices manufactured by Hitachi, HTC, Motorola, palmOne, Sanyo, Samsung, Sony Ericsson and Toshiba. SEVEN is available today across major international network standards, and is sold by Cingular Wireless, KDDI Corp., NTT DoCoMo, O2, Orange, The Singtel Group and Sprint. SEVEN is a global company headquarted in Redwood City, CA.

Contact Information
901 Marshall Street
Redwood City, CA 94063
650.381.2500 P
650.216.6422 F
info@seven.com
www.seven.com

NOTICES

This document is provided for informational purposes only and SEVEN makes no warranties, either express or implied, in this document. Information in this document is subject to change without notice.

SEVEN and System SEVEN are either registered trademarks or trademarks of SEVEN Networks in the U.S.A. and/or other countries.

June 2004

Attachment 3.4 SEVEN Handsets

Manufacturer	Model	OS
Audiovox	PPC 6600/1	PPC 2003 Second Edition
Audiovox	SMT 5500	Smartphone 2003
Hitachi	G 1000	PPC 2002
HP	HW6515	PPC 2003
HP	HW6500	PPC 2003
HTC	XDA	PPC 2002
HTC	XDAII	PPC 2003
HTC	SPV E200	Smartphone 2003
HTC	XDA Mini	PPC 2003
HTC	SPV M500	PPC 2003
HTC	SPV M1000	PPC 2003
HTC	SPV M2000	PPC 2003 Second Edition
HTC	SPV C500	Smartphone 2003
LG	8138	J2ME
Motorola	A630	J2ME
Motorola	A925	Symbian 7.0 UIQ
Motorola	A1000	Symbian 7.0 UIQ
Motorola	MPx220	Smartphone 2003
Motorola	A630	J2ME
Motorola	E1000	J2ME
Motorola	RAZR	J2ME
Motorola	V551	J2ME
Motorola	V600	J2ME
Nokia	6230	J2ME
Nokia	6620	J2ME
Nokia	6620	Symbian S60 (7.0s)
Nokia	6630	Symbian S60 (7.0s)
Nokia	6680	Symbian S60 (8.0)
Nokia	6682	Symbian S60 (8.0)
Nokia	9300	Symbian S80 (7.0s)
palmOne	Treo 300	Palm 3.5
palmOne	Treo 600 (GSM, CDMA)	Palm 5.2
palmOne	Treo 650 (GSM, CDMA)	Palm 5.4
Samsung	i330	Palm 3.5
Samsung	i500	Palm 4.1
Samsung	I600	Smartphone 2003
Samsung	MM A700	J2ME
Samsung	D307 (QWERTY)	Samsung Nucleus
Samsung	A800	J2ME
Sanyo	5600	J2ME
Sanyo	7400	J2ME
Sanyo	8300	J2ME
Sony Ericsson	P900	Symbian 7.0 UIQ
Sony Ericsson	P910	Symbian 7.0 UIQ
Sony Ericsson	Z500a	J2ME
Sony Ericsson	S710a	J2ME
Sony Ericsson	K700	J2ME
Siemens	SX66	PPC 2003 Second Edition
Toshiba	2032SP	PPC 2002

Attachment 3.5 Test Object List

(illegible table)

Client – Ericsson

ATTACHMENT 3.6

Working Level Agreement (WLA) – Hosting Service of SEVEN solution

Table of Contents

1.	INTRODUCTION	2
2.	HISTORY OF CHANGES	2
3.	ERICSSON’S NETWORK MANAGEMENT CENTER	2
4.	MANAGEMENT AND CONTACTS MODEL	2
4.1.	Management Committee	2
4.2.	Project Manager	3
4.3.	Client’s Contacts	3
4.4.	Ericsson’s Contacts	3
5.	MANAGEMENT OF EVENTS	4
5.1.	General Definitions	4
5.2.	Opening Procedure	5
5.3.	Trouble Tickets	5
5.4.	Scheduling	8
6.	OPERATION AND MAINTENANCE	9
7.	BACK-UP UNDER SYSTEM BY ERICSSON	9
8.	SECURITY PLAN	10
8.1.	Network Access and Security	10
8.2.	Personal Security	10
9.	PERFORMANCE REPORTS	11
10.	APPLICATION FOR CHANGE	12
10.1.	Categories of application for Change	12
10.2.	Requesting for an application for Change and Submission	13
10.3.	Approval of application for Alteration & Reply	13
11.	APPENDIX A - SERIOUSNESS LEVELS	13
12.	APPENDIX B – APPLICATION FOR CHANGE	14

1. Introduction

This document provides details on the Working Level Agreement (WLA) for the hosting service of SEVEN solution and shall be used as a daily reference of how this service shall be managed by Ericsson and the client.

The activities outlined herein are in accordance with the scope of service set forth.

2. History of changes

Revision	Date	Name	Main changes
A	2005-08-02	Sérgio Cabete	1^stedition

3. Ericsson’s Network Management Center

The hosting service of SEVEN solution shall be performed by Ericsson Regional Operation Center – ROCLA) located in Ericsson’s facilities in the city of São Paulo.

ROC shall guarantee all infrastructures required for providing the service, including the network management, preventive maintenance, corrective maintenance (handling and correction of defect), performance reports and quality management.

4. Management and Contact Models

In order to secure that the services established in the agreement be duly provided, it is advisable to create a management committee and a team of project managers, as described below.

4.1. Management Committee

The Management Committee shall be incumbent on the quality and strategic decision relating to services. Such committee shall deal any and all dispute, analyze and approve any deviations deemed necessary. The committee may participate of meetings through conference calls or, whenever requested, one of the project managers.

The committee members are listed in table 1 below:

Name	Position	Phone	E-mail

Table 1. Members of the Management Committee

4.2. Project Managers

The project managers are the only contacts for Ericsson and Client, respectively. They are incumbent upon the full rendering of the service and the contract management.

The project management team is listed in table 2

Project Manager	Company	Phone	Cellular Phone	E-mail

Table 2. Project Managers

The project managers shall hold monthly meetings in order to analyze the performance reports, pending problems, improvement and so on.

The project managers shall further keep their respective companies informed about the project’s status.

4.3. Client’s Contacts

Table 3 includes all client’s contacts that shall be the interface between the departments.

Scheduling Order	Position	Name	Phone	Cellular Phone	E-mail/Comment

Table 3. Client’s Contacts – interfaces and scheduling

4.4. Ericsson’s Contacts

Table 4 includes all Ericsson’s contacts that shall be the interface between the departments and shall be used during the scheduling.

Scheduling Order	Position	Name	Phone	Cellular Phone	E-mail/Comment
1	Initial Contact	Call-center	0800-11189		ROCLA.FO@ericsson.com
2	ROC’s manager	To be established
3

Table 4. Ericsson’s Contacts – Interfaces and scheduling

5. Management of Events

In order to manage events, ROC shall use Ericsson Resolution©, based on Remedy ARS. Such system enables fault flow control, service orders, management of changes and statistics reports.

5.1. General Definitions

Trouble Ticket (TT) shall mean an electronic representation of events record. All events identified shall create a TT through the filling out of a standard form. A number is generated for the TTs in order to secure a reliable processing that may be tracked.

TTs shall be mainly classified as follows:

Fault/incident – any event deviating from a normal situation;
Problem – another occurrence of faults/incidents not promptly solved;
Application for changes – alterations in the services, functionalities, configurations and so on.

Reply Time – shall mean the time spent as of the information of the fault/problem to ROC until the acknowledgment thereof.

Solution Time – shall mean the time as from the acknowledgment of the fault/problem until the final or partial solution thereof, as agreed between Client and Ericsson.

Closing Time – shall mean the time as from the report of the event to ROC until the final solution thereof.

Seriousness Level – defines the effect and priority of a fault. There are four levels: (1) critical; (2) major; (3) minor and (4) without effect to the service. See appendix A to obtain definitions and examples.

Call center - shall mean the only contact for the client to report the events. It shall be available seven days a week and twenty-four hours a day.

5.2. Opening procedure

The establishment of the event may be reported as follows:

1     Initialized by Client for ROC Ericsson
2     Initialized by ROC Ericsson for Client
3     Initialized by ROC Ericsson for partner
4     Initialized by partner for ROC Ericsson

5.3. Trouble Tickets

At first, both parties shall register the event in their respective systems. The information about the event shall be exchanged by e-mail, always after phone contact with the other party.

The following information about the event shall be registered:

Contact’s name and phone number;
Date and time of the event;
Brief description and effect produced by fault/problem;
Seriousness level;
Reference number;
Technical information, effects, diagnostics, measures, comments.

The set of information shall be called Trouble Ticket (TT). A number shall be created for each TT, which shall be always used as reference.

Every TT shall be associated to a seriousness level. This classification enables the technical teams to identify the proper resources to handle the event, with due regard for the time for solving the problems and desirable replies. See Appendix A about the priority order established.

Both parties shall have all information required for creating a TT. Such procedure shall expedite the efficient flow of all cases and shall provide proper information about the event.

Upon gathering of all information and creation of TT, Ericsson shall analyze the data and take all measures required for solving the TT. Ericsson shall be incumbent on keeping the Client informed about the development of the analysis for solving the TT.

Both parties shall provide all relevant information required for solving the fault/problem.

5.3.1. Criteria for creation of TT

The faults may be classified into four seriousness levels. See Appendix A for further information.

The TT shall be followed by a phone call for the acknowledgment thereof. This contact is required for maintaining the minimum solving time.

5.3.2. Criteria for solving a TT

Ericsson and Client shall identify and secure the following topics before changing the TT status to “solved”:

Fault/problem solved through a temporary solution or another reason;
Functionality restored; and
Security/service restored.

5.3.3. Criteria for closing a TT

Ericsson and Client shall identify and secure the following topics before closing a TT.

Reason for the fault identified and eliminated;
Fault/problem solved upon confirmation of user;
Final solution applied and reported.

5.3.4 Ericsson’s responsibilities

Ericsson shall be prepared to send an e-mail for notifying and informing the Client, in addition to making a sole phone contact.

Any fault affecting the service and identified by Ericsson shall be notified to a Client’s contact, pursuant to the notification procedure agreed by the companies.

Ericsson shall inform Client’s phone contact about the attendance and fault solution.

Ericsson shall inform such Client’s contact of any change in the contacts regarding scheduling, phone numbers, e-mails and so on.

If Ericsson suspends an event reported by Client, Ericsson shall contact Client by phone, as soon as possible, justifying the suspension.

5.3.5. Client’s Action/Attendance Flow for ROC Ericsson

(1) If the Client identifies a fault/problem relating to the Hosting of SEVEN solution, it shall promptly informed it to Ericsson’s Call center by phone.

(2) Call center shall create a TT and inform the number created (TT#) to the Client which, in turn, shall contact the technical teams for correctly dealing the fault/problem in Ericsson.

(3) Subsequently to Client’s attendance, an e-mail shall be sent to ROC Ericsson, containing details on fault, the subject field of which shall contain the ticket # (TT#) informed by Call Center.

(4) ROC Ericsson shall send an e-mail confirming the answer containing Ericsson TT#.

(5) Upon establishment of a solution (whether temporary or final), ROC Ericsson shall contact the Client by phone and change the TT status to “solved”.

(6) Upon solution of the problem, an E-mail confirming solution of the problem shall be sent to Client and TT shall be finalized in the Ericsson Resolution^©’s system.

During the critical events, ROC’s operation managers may hold a conference between the parties involved in the solution of the event.

5.3.6. ROC Ericsson’s Action/Attendance Flow for the Client

(1) If ROC Ericsson identifies a fault/problem, a TT shall be created in the system of Ericsson Resolution ©. Then, the information about the event and TT# shall be informed to Client’s contact.

(2) After the first contact, ROC shall send an e-mail containing details on the TT and clarifications.

(3) The Client shall be incumbent on correctly handling the event, within the company.

(4) Upon identification of the solution, ROC Ericsson shall contact by phone, detailing the solution (whether temporary or not).

(5) Upon establishment of a final decision, the original e-mail shall be updated and sent to Client and, subsequently, a phone contact shall be made.

(6) ROC Ericsson shall close the TT.

5.3.7. Interfaces and responsibilities

All contacts relating to this procedure shall be made between Client’s operation manager and the ROC Ericsson’s operation manager. Either party shall guarantee that all superiors and teams are aware of the procedure.

Both parties shall keep a record of any correspondence for audit purposes. It shall contain the following information:

Date and time of communication;
Date and time of event or actions subject to scheduling;
WLA under operation;
Description of event that entailed the scheduling;
Purpose and time of scheduling
Seriousness level.

5.4. Scheduling

The scheduling shall be applied if the fault procedure does not restore the service within the time agreed for such seriousness level.

The scheduling provides a description of the measures to be taken by various management levels so as to minimize the loss of the service for the final user, to the extent deemed possible.

The scheduling process integrates the fault treatment process and should always be documented in trouble ticket (TT).

In order to identify the contacts, see item 4.3. and 4.4.

6. Operation and Maintenance

As a regular part of the operation, Ericsson shall make changes in the platform for maintenance and improvement of the system. It shall include the schedule of maintenance routines and emergence changes that shall be conducted with a minimal impact.

If ROC Ericsson or the Client identifies any maintenance or alteration in its environment that may adversely affect the hosting of SEVEN solution, a notice shall be sent to the following contacts of the other party:

Type of Maintenance	Time for Notifying ROC Ericsson	Contacts aee item 4.3. (Client) and 4.4 (Ericsson)
Emergency Changes	As soon as possible
Maintenance of routine	48 hours

Before beginning the scheduled maintenance, the party incumbent upon the performance thereof shall contact the other party informing the beginning of the activity. Upon termination thereof, a phone contact shall be made.

Upon completion of the maintenance, Ericsson shall finalize the related TT and inform the Client by e-mail.

7. Back-up under system by Ericsson

Technicians shall monitor the system 24/7 in order to secure a maximum availability. All critical equipment and systems shall be configured with redundancy and high availability.

ROC Ericsson shall run the backup procedures from time to time:

8. Security Plan

One of the reasons for the business success of the service is to guarantee the security of the information pertaining to Ericsson and Client. Accordingly, Ericsson shall adopt comprehensive measures to secure the protection required as to the environment security and its information.

Development, tests and the production environment are physically and logically separated so as to minimize the risk and the spread of errors among environments. The EMO service nodes are physically allocated in secure racks in the facilities of Ericsson São Paulo.

Before the implementation in the production environment hereof, the following elements shall be secured:

Not introduce security faults
Maintain the function, according to the security requirements
Not adversely affect the system operation
Not introduce any change in the system, other than those authorized

8.1. Network Access and Security

The system security is based on Netscreen’s firewalls configured to:

Protect from attacks of DoS

Block and register “IP spooting inbound and outbound”

Reject and register the traffic of entry into the reserved IP network and multicast IP

To fully block, except for that explicitly allowed.

The network services and doors allowed (open/running) are restricted for those required for the service purposes. The non-essential doors shall be maintained closed in order to prevent the access.

Access through LANs wireless 802.11 are not used in the network.

All applications shall be executed by users without privileges in the systems and shall run in the original application systems. Ericsson shall conduct audit proceedings, from time to time, of all applications.

8.2. Personal Security

Ericsson shall check the history and previous records of its employees. ROC’s employees are extremely skilled and committed with the security, thus securing the compliance with the security policies established by it, its operations and its employees.

An electronic badge valid is required for accessing ROC’s facilities. The access is restricted only for those with needs related to ROC’s activities.

Sole IDs and passwords are required for accessing the network and each server. All users have an individual ID to access the network. Management logins shall not be shared. The users’ access (including the root/super-user) shall not be associated to individuals in order to create a final responsibility.

Audit proceedings shall be carried out, from time to time, for access of users in order to secure that the privileges are consistent with their activities and responsibilities and the users (without any need relating to the service) shall have their IDs excluded from the system.

All employees and sub-contracted parties shall execute confidentiality agreements.

9. Performance Report

Ericsson shall gather statistic data regarding the EMO service for analysis so as to guarantee the key performance indexes (KPIs) are in accordance with the levels agreed and that the system is operating in accordance with the performance agreed in the project.

Ericsson shall monthly provide performance and use reports to the Client, as detailed in Table 5.

Report	Description
EMO Performance	Current performance data and history of the EMO service at the end of each month. The report shall contain the number of signatures for EMO service (ascertained in the 15^thday of the month)and the monthly amounts of the KPI agreed.
Use of the Service of SEVEN solution	Containing the data related to the use of users.

Table 5. Use and Performance Reports

10. Application for Change

The Application for change is a key element for controlling the production environment. The application shall contain details on the purpose of the change, its consequences and effects in the operation and in the KPIs and further foresee the main activities required for implementing the change.

10.1. Categories of Application for Change

The application for change is divided into two categories:

Operational Changes: Alterations not related to daily operations and services provided. These may include, among others:

Alterations in the configuration not requiring customization (for instance, new functions, interface alterations);
Introduction of new functions, services (which may not require customization or platform upgrade);

Alterations in the Network Configurations (for instance, due to the changes in the transport network or in the network services);

Non-operational Changes: Alterations not related to the relationship, as well as the services provided.

10.2. Requesting an Application for Change and Submission

The Client and Ericsson may request an application for change by filling out a standard form (Appendix B).

In the case of the Client, the change may be requested by every company, but it shall be internally reviewed and submitted by its project manager. Likewise, all applications for change of Ericsson shall be submitted by its project managers to Client’s project managers.

All applications for change shall require a service order to be created through an application of Ericsson Resolution^© TT#.

The procedure for submission of an application is the same procedure for registering an event in the Call Center: a filled out form shall be sent to the call center’s mail box containing TT#.

Ericsson’s ROC shall check whether the form contains all information required and shall confirm whether the work may be performed within the time requested.

10.3. Approval of Application for Change & Reply

The application for change may be accepted, rejected or accepted on a conditional basis. The reply to the application for change shall be issued within fifteen (15) business days.

In the event of “conditional acceptance”, a new previous study may be required.

The reply “rejected” shall include a detailed justification for the rejection.

The change shall be scheduled when both parties ratify their approval in the application form.

If the application for change entails additional costs not provided for in the agreement, the project managers shall deal it with the respective business department of the respective companies, which shall borne such costs.

The execution of an application for change with additional costs and previously approved shall be scheduled upon confirmation of a purchaser order issued by the Client.

All managers listed in tables 4.3. and 4.4. shall be informed of all applications for changes approved.

Upon implementation of the change, the service order shall be closed in the Ericsson Resolution^© TT and the project managers shall be informed.

11. Appendix A – Seriousness Levels

Seriousness Level	Description of classification
Critical	A fault shall be deemed critical should it entail any unavailability of EMO service, that is, the client’s business shall be adversely affected. It shall include, among others: i. Significant or total loss of the service. A fault shall be deemed critical should it adversely affect, in whole or potentially, all services’ users.

Major

A fault shall be deemed major should it entail any partial unavailability of EMO service or total loss of one of its functionalities.

Major fault shall include, among others:

i. Significant or total loss of one of the service's functionalities;
ii. Frequent and cyclical restart and restart (once a week) of one of the service's functionalities; and
iii. Decrease in the service performance level.

Minor

An event shall be deemed minor in the event of no loss of service. The occurrence of an event of such level shall entail that there is an incorrect behavior in the functionality, however such situation shall not prevent the use thereof and, consequently, it shall not affect the service to the Client and/or final User.

Service not affected

General consultation and small problems shall slightly affect the product's functionality. No user shall be affected.

The following events are examples of such level:

     • Disturbances not affecting the functionality or not causing any loss of service;
     • Documentation faults;
     • Operational questions.

12. Appendix B – Application for Change

Application Heading

From:	( ) Ericsson	( ) Client
Type of change:	( ) Operational	( ) Non-operational

Application Description

Responsible

Company	Name	Bank Account
Client
Ericsson

Purpose of Change and Implementation of Plant
Please provide a brief description of the purpose of the change and how it shall be conducted

Consequences and Operational Effects in KPIs or Contract Documents
Please provide a description of the operational consequences, the defects in the KPIs and the service levels and other effects in contract documents

Consumer’s Experience
Please describe how such change shall affect consumer’s experience.

Change Impact in the Service
Please describe how such change shall affect Client’s service

General Comments
Other comments, including, but not limited to, reference number of TT, previous phases, etc.

Activities Scheduled

Day	Activities	By	Completed by:

Submitted by: ____________________________ Date: ____________________________

--------------------------------------------- Answers and Approvals ---------------------------------------------

Answer:

( )Accepted

( ) Conditionally Accepted

( )Rejected

Please inform below whether you accept or reject the circumstances

Approved by:		Date:

	Program Manager - Client

Approved by:		Date:

	Program Manager - Ericsson

AMAZÔNIA CELULAR

TELEMIG CELULAR

Engineering Board
Planning Management
Technological Innovation Coordination

ATTACHMENT IV

REQUEST FOR PROPOSAL

CORPORATE DATA SYNCHRONISM

TABLE OF CONTENTS

1. OBJECTIVE
2. DEFINITIONS OF TERMS
3. INTRODUCTION
4. SERVICE DESCRIPTION
     4.1. INTRODUCTION
     4.2. DESCRIPTION
     4.3. ARCHITECTURE
          4.3.1. Synchronism Server
         4.3.2. Synchronism Client
     4.4. DEVICES
5. SERVICE AVAILABILITY
6. SECURITY
7. TICKETING
8. DIMENSIONING
9. OTHER TECHNICAL SPECIFICATIONS
10. SUPPLY SCOPE
     10.1 Company’s Data
     10.2 Hosting
     10.3 Implementation
     10.4 O&M
     10.5 Training
     10.6 Presentation

1. OBJECTIVE

This document provides a description of the requirements/platform to be acquired by TC for rendering of Push E-mail and Synchronism Service of personal information.

In general, this document intends to present the requirements for evaluation of solutions available in the market, for Push E-mail and Synchronism of personal information for mobile users, describing the services supported by the platform, as well as other additional services to be provided by supplier. It further presents the need to perform a trial test in order to check some solutions presented.

2. DEFINITIONS OF TERMS


3DES	Tripe Data Encryption Standard – DES standard application where three keys are successfully used in order to provide additional security
Desktop	Desk or Portable Personal computer
EDGE	Enhanced Data rates for GSM Evolution
GPRS	General Packet Radio Service
Handheld	Hand Computer
IMAP4	Internet Mail Access Protocol (edition 4)
MMS	Multimedia Message Service
OTA	Over-The-Air
PC	Personal Computer
PDA	Personal Digital Assistant
PIM	Personal Information Manager
POP3	Post Office Protocol – public standard protocol for receiving e-mail
SMS	Short Message Service
SMTP	Simple Mail Transfer Protocol
SSL	Secure Socket Layer
SyncML	Protocol for define and facility the information synchronism in mobile devices
TLS	Transport Layer Security Protocol
VPN	Virtual Private Network
WAP	Wireless Application Protocol

3. INTRODUCTION

The ongoing development of TI systems evidences that the capacity of storing personal information by the user has been increasing. However, such capacity has not been equally reflected in the personal mobile devices. On the other hand, the storage capacity of personal mobile devices and the possibility of remote connectivity have been increasing.

This scenario presents the mobile user’s difficulty in accessing personal information at the right time and place. In general, such information is stored – and will be available – in the internal environment of its corporate network.

This work is intended to allow the user to access information in a uniform and decentralized manner. This may be fully expressed by the following arguments:

An adequate manner of organizing the interface between the information stored and the Operator’s network;
Availability and efficient presentation to the user;

In view of the above, this document is to provide aspects to be addressed for performance of the synchronism service.

4. SERVICE DESCRIPTION

4.1. INTRODUCTION

The service to be provided by Telemig Celular and Amazônia Celular consists of providing corporate email information, PIM and others, stored in corporate servers to mobile users.

Accordingly, the Operators seeks a solution that must be flexible, applicable to a higher number of mobile devices, using the main technologies available that enables to receive e-mails in mobile devices such as, E-mail, SyncML, J2ME, web/wap browser, SMS, MMS, etc. From the access network point of view, the EDGE/GPRS connection shall be used, but other access technologies will be accepted. In general, the service must become corporate email information available to mobile devices (with support and attached files), scheduling, calendars, tasks and meetings.

Answer:
Compliant.

SEVEN Sever Edition is a behind-the-firewall mobile email solution that is network integrated for optimal security and manageability. Available as a service via the world’s leading mobile operators, and compatible with the broadest variety of mobile devices, SEVEN Server Edition is quick and easy to deploy enterprise-wide. The average deployment takes less than one hour, and provisioning end users is done effortlessly over-the-air.

SEVEN Server Edition enables secure, real-time mobile access to the following applications across a diverse range of services:

Email – View respond to email with messages pushed to the device and changes instantly updated on the enterprise application;
Calendar – View appointments pushed to the device; schedule and receive reminders for appointments from a mobile device;
Personal Contacts – Interact with personal contacts, initiate calls and emails;
Corporate Contacts – Seamlessly interact with extensive corporate directories from the mobile device without having to store the entire directory on the device itself
Documents – Browse, view, email and fax documents from a mobile device.

4.2. DESCRIPTION

The Corporate Synchronism service shall implement the access to the information below, mainly in the manners presented herein:

Email: the service shall enable the access to corporate email through:

Push alerts: sending of notification of message receipt to the user device through the SMS, MMS, WAP Push or another system for promptly alert control.

Answer:
Compliant

Seven Solution supports many alerts & training mechanisms: SMA and IP Push (WAP). On this offering, we are considering just IP Push as a triggering mechanism.

Access to email subject: to enable the access to email subject, enabling the user to delete e-mails in a remote manner, before any download;

Answer:
Compliant

Files attached: it shall support the download and optional viewing of files sent as attachment, in the formats more used in the market (.doc, .xls, .ppt, .jpg. .gif, etc);

Answer:
Compliant

Documents – Browse, view, email and fax documents from a mobile device. To have access to the documents, the user must first download the document, then access it.

On-Line and Off-Line Access: to enable the partial use of functionalities without being connected. For instance, the user may answer the email on-line that is stored in the “Exit Box” of the application in order to further send it.

Answer:
Compliant

Support to configurable Black List and White List filters;

Access to the global corporate list and contacts;

Answer:
Compliant

Remote Access to Email, Calendar, Contacts and Documents: Real-time remote access to the high-value communications and corporate information makes being out of the office less stressful and more productive for your end users.

Calendar: synchronism of information of:

Reminder to appointments;

Answer:
Compliant

Remote Access to Email, Calendar, Contacts and Documents: Real-Time remote access to the high-value communications and corporate information makes being out of the office less stressful and more productive for your end users.

- Contacts;

Answer:
Compliant

- Tasks;

Answer:
Not compliant.

Tasks access is in Seven’s roadmap. Will be available in Q1’2006.

Desktop: the solution may foresee a synchronism client for maintenance of information;

Answer:
Compliant

SyncML: compatibility with SyncML standard and/or other solutions available in the market, for instance, ActiveSync;

Answer:
Compliant

Email WAP: devices without synchronism support may access corporate emails from WAP browsers (edition 1.1. or up);

Answer:
Compliant

For access via mobile browsers, SEVEN communicates to mobile browsers via gateway over point-to-point encrypted channels.

Total security in the information traffic and user validation.

Answer:
Compliant.

4.3. ARCHITECTURE

The proposal shall provide possible architectures for the solution, as well as the scenarios to which they may be applied. It shall further inform, in details, the elements that compose the architecture, technologies used, functionalities, security components and topology of connection between the elements.

Please find below the logical schedule of a possible architecture for the solution. In such system, the Synchronism Server and the Synchronism Client are highlighted. Such elements shall be described, in details, together with other elements, if they are in the solution.

Answer:
Compliant.

SEVEN has four different solutions (called as Editions), depending on the target corporate (SMB or Large Enterprises) or consumer users:

Server Edition: behind the firewall solution
Seven Enterprise Edition: Managed solution
Seven Personal Edition: Self-provisioned solution
Seven Consumer Edition: Consumer market segment

Target Architecture depending on selected Seven Edition:

The Server Edition server registers the corporate messaging server.

The Server Edition server establishes and encrypted communication channel with SEVEN, which handles mobile device access.
SEVEN negotiates key exchange with the SEVEN mobile client, enabling encrypted “control channel” communications.
For smart device access, the SEVEN smart device clients communicate over end-to-end encrypted channels with Server Edition.

Architecture for Seven Server Edition:

4.3.1. Synchronism Server

The Synchronism Server shall act as an intermediate between the Corporate Server –which actually store information of email, calendar, contacts and so on – and the Operator’s network, which becomes the information available. The Synchronism Server may be internally located inside Telemig Celular’s network or hosted externally.

For a hosted solution, all management of platforms shall be provided by supplier. Such management includes maintenance, operation, support and so on. In such event, the connection between the Telemig Celular’s network and the partner/supplier shall be secured in proper availability and confidentiality levels.

In addition, the information of email, calendar and contacts shall rely on, to the extent deemed possible, the cryptography in the corporate server to the client’s synchronism (end-to-end security).

Answer:
Compliant

4.3.2. Client’s Synchronism

The synchronism shall occur in a transparent manner for the user.

Preferentially, client’s synchronism shall receive notifications of synchronism server through the push mechanisms described above (item 4.2. ) and, thenceforth, shall start the data connection. It is worth stressing that the GPRS/EDGE connection provided by Telemig Celular establishes parameters for the time out that shall change the user mode to stand-by mode, what would not enable the synchronism. Accordingly, a signaling shall occur between the Sever for activating the GPRS/EDG connection, thus changing the user’s status from “stand-by” to “active”.

The synchronism shall be bidirectional, that is, it shall be possible to include, alter or delete information of email, calendar and contacts to be synchronized by the client.

Answer:
Compliant.

There are two possible scenarios:

Scenario #1: Over-the-air synchronization with offline capabilities

This scenario delivers the maximum security possible for safeguarding enterprise data. Each mode in the previous diagram has a security association of its neighbors, called the point-to-point security association, consisting of a shared secret AES key, associated encryption parameters and session-specific data. The point-to-point security association enables secure communications over a single ‘hop’ within System SEVEN. For example, the SEVEN Mobile Client might use the point-to-point security association it shares with the System SEVEN service hosted by the mobile operator to send a request for delivery of any new email messages, which would then be re-encrypted and relayed to the enterprise data connector.

1. The presence of one or more messages matching the user’s individual filter criteria causes a notification to be sent to System SEVEN using the point-to-point security association.
2. System SEVEN then processes this notification, and generates an encrypted SMS message for delivery to the device running the SEVEN Mobile Client.
3. The encrypted SMS message is delivered to the device with the SEVEN Mobile Client installed, where it is decrypted and processed.
4. The SEVEN Mobile Client initiates a mailbox sync operation immediately upon validation of the encrypted notification, uploading changes (e.g. messages marker read or deleted) and downloading any new messages.

This level of device and integration enables the mobile user to experience the benefits of on-demand delivery of email to their device.

Scenario #2: Point-to-point Encryption using PDA and PC browsers

1. Data moving between the SEVEN Enterprise Server and System SEVEN at the mobile operator’s data center is protected using 128-bit AES encryption.
2. Data moving between System SEVEN and the desktop browser running on the PC or PDA is protected using 128-bit SSL encryption.

4.4. DEVICES

In addition to the real-time availability and always on of the user’s information, the difference intended for such service is the extension of devices compatible with the solution. In general, the devices are provided below, without excluding other device options without connection not listed.

Devices	SO	Connectivity	Services
			Voice¹	Email Push	Email Cab	Attachments	Desktop	SyncML	Calendar	Email WAP
Smartphones	Windows Mobile PalmOne	GPRS, EDGE	X	X	X	X	X	X	X	X
PC/PDA/ handheld	Windows Mobile PalmOne Symbian	GPRS, EDGE, WFI		X	X	X	X	X	X	X
Handsets high	Symbian Others	GPRS, EDGE	X		X			X	X	X
Handsets low	-	WAP	X							X

The supplier shall inform the list of devices, mentioning manufacturer and model compatible with its solution.

^{______________________________

1} Although it is not the main purpose of this service, some devices shall have the traditional voice service GSM.

Answer:
Partially Compliant.

The list bellow contains all handsets and operational systems supported by current default Seven Solution regardless the selected edition. Many others handsets will be supported in the future release:

Palm OS 3.5 and up
Pocket PC 2002, 2003
Motorola A630
SmartPhone2003
Symbian 7.0 (LIQ)
Symbian S60
Symbian S80
xHTML devices
J2MR

<File: Seven Handsets.pdf>

More details related with handsets certification/homologation process and costs are presented on document “Esclarecimentos Seven de 23082005_Rev.E.doc”.

5. SERVICE AVAILABILITY

In order to secure the flexibility proper for the user, some supplying criteria (enrollment) shall be observed and detailed in the proposal, such as:

Rendering of Services – the access to any type of service may occur if the user has any service actually enrolled. Accordingly, the access to the service shall occur upon any kind of validation;

Answer:
Compliant.

Administration

The SEVEN Enterprise Server is managed within the enterprise using a Microsoft Management Console snap-in application, enabling it to integrate seamlessly into existing IT user-management workflow. In addition, the SEVEN administration application integrates with the Exchange Global Address List and Active Directory, making it easy for administrators to batch import users to rapid provisioning. For maximum convenience, EVEN Seven Edition can also be managed using a web-base interface. After securely logging in, the IT administrator can edit enterprise profile, add and delete sites, reset the sit password and more.

Web provisioning interface for TAC subscribers will be available in Brazilian Portuguese and with respective TC and AC brand. More detailed can be obtained on the commercial proposal.

Filter for viewing emails – use of amicable configuration toll that enables the user to filter per sender, subject, time, receipt date, mentioning messages that should be synchronized;

Answer:
Compliant

Establishment of password – possibility of providing the client with the configuration of a password for access personal information. Such password shall be mandatory for the accessing solution via WAP browser.

Answer:
Compliant.

Username/password policy – Administrators can choose how often users are required to log in to the SEVEN application.

Administration

The SEVEN Enterprise Server is managed within the enterprise using a Microsoft Management Console snap-in application, enabling it to integrate seamlessly into existing IT user-management workflow. In addition, the SEVEN administration application integrates with the Exchange Global Address List and Active Directory, making it easy for administrators to batch import user to rapid provisioning. For maximum convenience, EVEN Seven Edition can also be managed using a web-base interface. After securely logging in, the IT administrator can edit enterprise profile, add and delete sites, reset the sit password and more.

6. SECURITY

The security requirements are, evidently, important aspects for differentiating Synchronism solution sought by Telemig Celular. It is a basic requirement to secure the confidentiality, availability and authenticity of the participants (Corporate Network and user) involved in the information transmission.

The solution shall foresee the use of VPN’s or another cryptography application in order to maintain the security of the information from the user to the information server, as per the scenarios presented in the previous item.

Likewise, the validation of the users involved in synchronism shall be secured by using MSISDN information or any other types of validation keys. Such validation shall be conducted based on an external database located at AA server or as otherwise established.

Answer:
Compliant.

SEVEN Server Edition enables enterprise administrators to extend many of the security policies from their wired environment out to their mobile devices.

Username/password policy – Administrators can choose how often users are required to log in to the SEVEN application.
Enable/disable browse mode – Administrators can choose to disable browse-mode access so that users can only access data via an end-to-end encrypted channel using the SEVEN Mobile Client.
Enable/Disable Internet Accounts Access- Administrators can choose to disable access to Internet accounts from devices that support multiple inboxes.
Device Registration Code – Administrators can choose a registration code that users will be required to enter upon registration.
Extend Windows authentication policy to mobile devices – When using SEVEN Server Edition, the enterprise security policy set for that username and password (e.g. expire every X days) is seamlessly extended to the mobile device rather than requiring the administrator to manage a separate policy for mobile devices.
Remote date removal – System SEVEN provides administrators with the ability to ensure the security of enterprise data even when the user has misplaced his/her mobile device. The enterprise administrator simply initiates a data removal request and a command is sent to the SEVEN Mobile Client to remove all data. The data on the enterprise server is not affected.

Transport security
128-bit AES encryption is used to safeguard all communications between System SEVEN components. More importantly, AES is scalable to 192-bit and 256-bit key lengths, and System SEVEN is designed to accommodate transparent upgrades to its security subsystems over time. This compares very favorably to products using Triple DES encryption, which has a limited future. In fact, the U.S. Federal Government selected the AES standard as the replacement for Triple DES, and expects to phase out the use of Triple DES over time in favor of AES.

• Connectivity

The SEVEN Enterprise Server establishes and maintains a pool of durable network connections outbound from the enterprise to System SEVEN at the mobile operator’s data center. Is protected using both encryption (128-bit AES) and digital signature algorithms to satisfy the requirements of the most demanding enterprise. The SEVEN Enterprise Server requires no network topology or firewall rule set changes.

• Authentication

7. TICKETING

The service shall foresee the ticketing mechanism upon creation of CDRs or logs formatted with relevant information in order to provide a full and flexible Billing. On the other hand, other ticketing options for the service may be presented.

It is worth stressing that any integration between the Synchronism platform and the package of Billing systems shall be evaluated at Telemig Celular.

Answer:
Compliant.

All information about integration between Seven Solution with Operator Mediation & Billing system are presented on “System Integration” documents, which shows all mechanisms and interfaces to make this integration.

8. DIMENSIONING

The platforms involved shall be dimensioned to support 2,000 users simultaneously – subject to scheduling up to 10,000 users – from among various users profiles (item 4.4) . The service shall be provided in the operation area of Telemig Celular and Amazônia Celular.

Answer:
Compliant.

Scalable solution, meet all traffic and user requirements defined by TAC.

9. OTHER TECHNICAL SPECIFICATIONS

In addition to the requirements above, the Corporate Synchronism solution shall consider:

The execution of a trial phase in which the service shall be evaluated by using Telemig Celular’s infrastructure and various mobile devices;

Answer:
Compliant

Please refer to document “Esclarecimentos Seven de 23082005_Rev. E.doc”, item 1, which presents the project phases. Phase 1 refers to commercial trial.

The Synchronism Server shall be compatible with POP3/SMTP and IMAP4 Servers and/or Windows Exchange environments (edition 4 or up) and IBM Lotus Notes (edition 5 or up);

Answer:
Compliant

SEVEN Server Edition provides secure, real-time mobile access to the following enterprise applications:

Microsoft Exchange 5.5, 2000, 2003;
Lotus Domino R5, R6, R6.5;
IMAP enterprise Server;
Internet email accounts (such as, Yahoo!, Earthlink);
Documents stored on enterprise file share.
In addition to the support to SyncML devices, the solution may attend other synchronism protocols such as, ActiveSync and so on;

Answer:
Compliant

The solution supplier shall present all relevant differences of its solution, even if it is not a requirement explicitly presented herein.

Answer:
Compliant

THE BENEFITS OF SEVEN

Affordable: SEVEN Server Edition simply costs less than other market solutions; billed as a service so you pay for what you need as you need it; a flexible solution that scales with your enterprise; compatible with the widest variety of mobile devices, so you can leverage existing device investments and choice; no infrastructure investment, mail server system re- architecture or deployment consultants needed – deploys on a standard ~$500 server box in under an hour by an IT manager with mail server administration rights.
Manageable: Manage SEVEN Server Edition as you would any other enterprise application – only much easier; web-based provisioning gives you the immediate ability to implement an enterprise-wide mobile email solution in under an hour – forego the long, drawn out enterprise application purchasing process; intuitive network-integrated management tools fit seamlessly into existing systems and processes for ease of use and administration – you don’t need to hire an expert to manage or train you on the system; over-the-air provisioning gets end users up and running in no time, and over-the-air upgrades ensure enterprise-wide notification when they happen – frees up your time while keeping end users happy and up- to-date.
Secure: SEVEN Server Edition is so secure that the world’s leading mobile data network operators sell it to you; best-of-breed advanced AES security technologies (the latest development beyond Triple DES) that map to the bleeding-edge – as it’s improved out there, it’s moved in here; behind-the-firewall server for true, end-to-end encryption – meeting the demands of your enterprise security policies; data obliteration functionality and system statistics keep you in control of sensitive corporate information – no sleepless nights or days spent hunting for misplaced devices, just delete it.

HIGHLIGHTED FEATURES

Behind-the-firewall Server: Lightweight server installs quickly and requires no firewall changes; enterprise data and applications remain securely stores behind the corporate firewall
End-to-end Encryption: Best-of-breed security technologies including AES designed to meet rigid enterprise security standards
Web-based Server Provisioning: Fast and easy deployment via the world’s leading mobile operators; register; download and install the behind-the-firewall server and be up and running in an average of 45 minutes
Snap-in Management Tools: Microsoft Management Console snap-in application provides the most familiar interface for system administration; ongoing end user provisioning and account management is easy and seamless with your mail server
Over-the-Air End User Provisioning and Upgrades: End user provisioning and upgrades happen over-the-air (OTA) for immediate deployment and comprehensive upgrades; no need for end user desktop cradle syncs or connector software
Push Delivery: Immediate delivery of email and calendar data to mobile device; no need to keep checking for updates by manual syncing.
Real-time Synchronization: Real-time synchronization with corporate applications; no desktop cradle hassles or store-and-forward approach security risks; no need to manage multiple inboxes
On-Demand Data Obliteration: Instantly erase data from misplaced or no longer supported devices to reduce security risks
Integrated Billing: Purchased as a service from the world’s leading mobile operators, billing is integrated with your other voice and data services – making it simple and predictable; easily add and remove end users on a monthly basis
Remote Access to Email, Calendar, Contacts and Documents: Real-time remote access to the high-value communications and corporate information makes being Out of the Office less stressful and more productive for your end users
Intuitive Mobile Device Clients: Easy-to-use mobile device clients provide a desktop-like user interface for remote access to corporate and personal data on the widest variety of mobile devices
Optional End User Webmail Interface (in English): Selectable anywhere, anytime secure remote access via an Internet-connected PC Web Browser; implement as a replacement or addition to your existing remote access solution for a quick and easy alternative RAS

10. SUPPLY SCOPE

The following items shall be complied with in order to provide a correct and full analysis of the proposals presented. Such requirements include additional services to supplement the proposal.

10.1. COMPANY’s DATA

The supplier shall inform relevant aspects regarding its structure, stressing, among other aspects:

The number of Operators using its solution, in Brazil or abroad;
The number of users of its solutions.

Answer:
Compliant.

10.2. HOSTING

A proposal for platform of support to the service shall be presented in 2 different types of hosting:

a) in the Operator, in which the platform(s) is(are) actually acquired and assume the responsibility for the services of administration, maintenance, management and so on; or

Answer:
No Compliant

b) In external partner, in which the supplier is responsible for the platform management, with direct connection to the Telemig Celular’s network.

Answer:
Compliant.

10.3. IMPLEMENTATION

The supplier shall present the costs associated to services of consulting, project and implementation of the system, which includes the installation and physical and logical configuration together with the technical team of TC&AC.

Likewise, the supplier shall present the costs associated to extension of the service, considering the hardware/software involved (licenses) and the possibilities of upgrade.

Answer:
The commercial conditions are according to Attachment V.

10.4. O&M

The pricing for the following services shall be further provided:

assisted operation, within 90 days as of the acceptance of the platform implementation;

Answer:
Not applicable

12 month minimal guarantee considering all scope of the proposal (hardware and software) and excluding the term for the assisted operation;

Answer:
Not applicable.

After the guarantee term, the supplier shall quote the prices of the remote maintenance services (annual and renewable).

Answer:
Not applicable.

The supplier shall further present information about the availability of the platforms involved, considering the minimum of 99.9% of availability.

Answer:
The SLA conditions are pursuant to Attachment I.

10.5. TRAINING

The supplier shall consider and quote the training services for the following profiles:

Training of technical staff involving group of 8 professionals for implementing the service within the users’ environment;
Technical training for Operation and Maintenance of the system, considering group of 8 professionals;
Training of sales personnel, involving group of 10 professionals.

Answer:
The commercial conditions are pursuant to Attachment V. All groups are priced to 8 people.

10.6. PRESENTATION

The proposals and all relevant technical documentation may be sent in the digital format, c/o

Mrs. Maria de Lourdes Teixeira Souto
E-mail: mlourdes.souto@telemigcelular.com.br – Phone: (031) 9954-8362

Until March 18, 2005.

ATTACHMENT V

BUSINESS PROPOSAL


ERICSSON	Date	Reference
	10/04/2005	EDB/VW-05:031 Upb
	Your Date	Your Reference
		Rev. F


Serves this issue:		Cristiane da Souza Martins
Luiz Antonio Tavares da Silva		Purchase Manager – AMAZÔNIA CELULAR /
Sales Manager – Ericsson		TELEMIG CELULAR
Telecomunicações S.A.		+55 (31) 9972-4976
+ 55(11) 6224-5053		cristiane.csm@telemigcelular.com.br
luiz.tavarez@ericsson.com

Business Proposal G5022 Ver. F – Corporate Data Synchronism – Seven

BUSINESS CONDITIONS

1. SUBJECT MATTER

As requested by Telemig on July 21, 2005 regarding proposal for performance of Hosting Service of platform for rendering of Push E-mail and Corporate Data Synchronism services, we hereby present the revision F of proposal G5022 regarding Hosting of Seven solution.

This business model shall provide a series of benefits for Telemig Celular such as, TTM (Time-to-Market) reduction – requirement essential for introducing the Push E-mail solution in the current status presented by the Brazilian cellular telephony market, in addition to being low investment, risk sharing, known opex, investment according to the increase of the users base among other issues.

Pursuant to the Hosting business model, Ericsson hereby secure the delivery and service quality, based on a SLA and undertakes to be incumbent upon the implementation, operation, maintenance and support, as well as the extensions thereof. Telemig Cellular shall connect its network to the platform and market the service to its clients. Such model enables Telemig Celular to put forth its best efforts to obtain new clients and maintain its client base, thus not worrying about investing in technology, competence and infrastructure.

2. PRICES

The prices, including all costs and expenses, including fees and taxes are provided below.

All prices are expressed in Reais, proposal of September 20, 2005.

A minimum number of subscriptions shall be monthly charged (see minimum monthly investment). Such quantity shall be only charged should the number of users not exceed that established for each edition.

The business conditions for acquiring the corporate data synchronism in the Personal and Server edition are:

Initial Investment: the initial investment (CAPEX) shall be four hundred and ninety- nine thousand reais (R$499,000.00) to cover a portion of the costs for implementation, customization, regional adaptation/nationalization, branding and integration of the service. Such amount shall be paid by Telemig, as per item 5 hereof, Payment Conditions;

Monthly Hosting Price per user: eighteen reais and ten centavos (R$18.10);

Minimal Monthly Investment, as per table below:

	Month 1 -3	Month 4-6	Month 7-9	Month 10-12	As of Month 13
Users	0	1,000	2,000	2,000	2,000

In order to illustrate the model proposed, we provided the following examples:

Month 5: 200 users

Price to be paid: 1,000 x R$18.10 = eighteen thousand and one hundred reais (R$18,100.00) –if the minimal number of users does not exceed 1,000 users.

Month 5: 12,000 users

Price to be paid: 12,000 x R$18.10 = two hundred and seventeen thousand and two hundred reais (R$ 217,200.00) .

CONTRACTING PARTY shall undertake to pay a minimum amount per month, as established in the table above.

• Additional Services

If the inclusion of a specific branding is required for Amazônia Celular, the amount below shall be considered.

Customization with inclusion of logo and name of Amazônia Celular’s product (Branding)

R$ 59,990.00

• Training

The training amounts are:

Training of Technical Team for operation and maintenance of the system (group of 8 participants): twenty-five thousand and nine hundred and ninety-six reais (R$ 25,996.00) per group;
Training of Sales Team (group of 8 participants): twenty-five thousand nine hundred and ninety-six reais (R$ 25,996.000) per group;
Training of Team for Call Center Support (group of 8 participants): twenty-five thousand nine hundred and ninety-nine reais (R$ 25,996.00) per group.

The training courses shall be given in Portuguese and shall take place at CONTRACTING PARTY’s facilities in Belo Horizonte, and the expenses incurred by the instructors with transport, lodging and hotel shall be borne by CONTRACTED PARTY.

• Certification of Handsets

Should any additional certification of handset is required for TELEMIG (in addition to those provided for in phases 1,2 and 3, pursuant to Attachment II), even if its platform had been certified by Seven and introduced into the US market in English, all certification procedures shall be conducted for the Brazilian market.

The amount for such certification is thirty-five thousand four hundred and fifty reais (R$ 35,450.00).

As for the handset models not certified and ratified by Seven, the amount relating to the certification shall be discussed in due course, on a case-by-case basis.

The clients already ratified by Seven, in English and holding Seven’s brand, shall be only provided without any cost to TELEMIG for performance of trials and demos for TELEMIG’s clients or operators’ employees. Accordingly, the clients shall not be available at operator’s website for download by the clients. The distribution of trials and demos by the client shall be conducted on a case-by-case basis by TELEMIG, upon knowledge and consent of Ericsson. If TELEMIG is interested in commercially distribute such clients, the latter shall be certified and the maximum cost thereof shall be thirty-five thousand and four hundred and fifty reais (R$ 35, 450.00) for each type of terminal.

• Implementation of Active Mail in the Server edition

INSTALLATION

For the city of Belo Horizonte:
Four thousand and eight hundred reais (R$ 4,800.00) per installation;

For other cities of the State of Minas Gerais:
Five thousand and three hundred reais (R$ 5,300.00) per installation;

For other capitals/cities located in TAC’s coverage area. Six thousand reais (R$ 6,000.00) per installation

REMOTE SUPPORT

For up to 20 calls/month:
Seventeen thousand reais (R$ 17,000.00) per month

ON SITE SUPPORT

One hundred and twenty reais (R$ 120.00) per worked hour

Note: The expenses incurred with transport and lodging are not included in the amount above and shall be borne by TELEMIG. The expenses incurred by CONTRACTED PARTY with meals shall be borne by CONTRACTED PARTY.

• Additional Customization and Consulting Services

If any Ericsson’s experts and know-how are required for performance of the customization and consulting services, we provide below the monthly amount of each service;

Monthly Customization Service – one hundred and sixty-five thousand five hundred and ninety-five reais and eighty-four centavos (R$ 165,595.84).

Such service consists of one (01) month for customization in peripheral system for Seven solution (rather than for internal customizations of the product), by using Ericsson’s resources such as project managers, consultants, programmers and technicians.

Monthly Consulting Service – one hundred and twelve thousand eight hundred and sixty-three reais and ninety-four centavos (R$ 112,863.949.

Such service consists of one (01) month of consulting, using Ericsson’s resources such as project managers, system developers, consultants and so on.

3. TAXES

The Service Prices established in the price charts include the Tax on Services (ISS), the Employee’s Profit Participation Program (PIS) and the Social Security Financing Contribution (COFINS) and other similar taxes.

If any tax mentioned above is increased, reduced, canceled or modified pursuant to law or in view of any interpretation of the law by tax authorities or if new taxes are created and directly applicable to the sale of Products or the rendering of Services, the respective prices shall be altered so as to reflect such change.

4. CONTRACT TERM

The minimum term hereof is thirty-six (36) months, considering the payment conditions for the initial investment, pursuant to item 2 hereof.

5. PAYMENT CONDITIONS

All payments shall be made according to the respective amounts, including taxes, in Reais (R$) upon submission of the respective collection documents (issuance of the respective Invoice -NF), as follows:

One hundred percent (100%) of the total amount, as established in the main and/or supplementary OC, shall be paid in thirty (30) days as of the issuance of the respective NF/Invoice.

• Initial Investment

Ericsson shall issue an invoice equivalent to:

50% of the total amount relating to such activities, upon delivery of phase 1, as established in implementation schedule – Attachment II;
30% of the total amount relating to such activities, upon delivery of phase 2, as established in implementation schedule – Attachment II;
20% of the total amount relating to such activities, upon delivery of phase 3, as established in implementation schedule – Attachment II.

• Minimal Monthly Investment (M)

Ericsson shall issue a monthly invoice up to the 5^th day of the month subsequent to the rendering of services, relating to the minimum number of licenses.

• Monthly Investment per user (D)

Ericsson shall issue monthly invoices up to the 5^th day of the month subsequent to the rendering of services. The amount regarding the number of subscriptions shall be invoiced, as per item 8.1.2. of the draft agreement.

• Request of license reports

Telemig may at any time employ methods and procedures necessary to check and verify the reports of software copies reproduced or distributed with use purposes by subscribers. Telemig shall send Ericsson, the following information on a monthly basis.

The number of copies of each software reproduced for distribution to subscribers for commercial use.
The number of copies of each software reproduced for demonstration and trials to the client.
The number of copies of each software reproduced for internal use, such as support and maintenance.

6. ADJUSTMENT CONDITIONS

For one hundred percent (100%) of the prices of all items and severance pays, the adjustment frequency shall be one (01) year as from the delivery of the operation in Phase 2. The amounts shall be adjusted according to the IGP-M, column 7, disclosed by Conjuntura Econômica magazine of the Getulio Vargas Foundation (FGV) and according to the following formula:

AP = BP x I / Io, where:

AP = Adjusted Price;
BP = Base Price, in Reais (R$);
Io = IGP-M index, column 7, relating to the month before the execution of the agreement;
I = IGP-M Index, column 7, relating to the month before each twelve (12) month term as of the start-up of Phase 2.

If during the effectiveness of the AGREEMENT, new taxes, charges and social security contributions are created, except for those assessed on or modified herein and, provided that such fact adversely affect the prices contracted herein, such prices shall be adjusted (increased and decreased), so as to reflect such alterations, except for any differences arising therefrom.

7. LATE PAYMENT FINE

In the event of payment delay, the amounts due may be updated at one hundred and three percent (103%) of the Inter-banking Deposit Certificate (CDI), as of the due date thereof until its actual payment. The payments related to such charges shall be made within ten (10) days as of the issuance of the respective NF/Invoice.

8. CONTRACTUAL TERMINATION

Regardless of the term provided for in item 4 hereof, Telemig Celular, at its sole discretion, may, on an unjustified and unilateral basis, and provided that it is not in default or in delay with its contract obligations, terminate this AGREEMENT, upon written notice sent within sixty (60) days in advance. In such event, CONTRACTING PARTY shall pay CONTRACTED PARTY, as compensation for the financial losses arising from such termination, as well as compensation for the investment made, the amount of three hundred and fifty thousand reais (R$ 350,000.00), which shall be reduced, on a pro rata basis, up to the end of the second year, to one hundred and ninety-nine thousand reais (R$ 199,000.00) . During the third year, the amount to be paid by CONTRACTING PARTY, in the event of termination, shall be one hundred and ninety-nine thousand reais(R$ 199,000.00), to be reduced, on a pro rata basis, up to the end of the effectiveness hereof to zero reais (R$ 0.00) . We provided the table below, for exemplification purposes:

	Month 1	Month 2	Month 3	Month 4	Month 5	--	--
Severance Pay	Implementation	Implementation	350.00	343.708	337.417	--	--

Month 25	Month 26	Month 27	--	--	Month 34	Month 35	Month 36
211,583	199,000	179,100	--	--	39,800	19,900	--

The amounts mentioned above (expressed in R$) shall be paid within 30 business days as from the written notice of the contract termination.

9. TERMS

The terms for implementation of the solution are provided for in the schedule, Attachment II.

10. PROPOSAL VALIDITY

This proposal shall be valid for six (6) days. If the purchaser order or the agreement executed is not received until such date, the delivery term shall be renegotiated by the parties.

Sincerely yours,

André M. Fonseca
Business Officer