Exit Print View

Java Platform Micro Edition Software Development Kit Version 3.0, CLDC
Get PDF Book Print View
 
Previous Next

Document Information

Getting Started

Features

Using Sample Projects

Creating and Editing Projects

Viewing and Editing Project Properties

Running Projects in the Emulator

Searching the WURFL Device Database

Finding Files in the Multiple User Environment

Profiling Applications

Monitoring Network Traffic

Security and MIDlet Signing

Security Domains

Setting Security Domains

Specify the Security Domain for an Emulator

Specify the Security Domain for a Project

Signing a Project

Sign a CLDC Project With a Key Pair

Managing Keystores and Key Pairs

Working With Keystores and Key Pairs

Create a Keystore

Add an Existing Keystore

Create a New Key Pair

Remove a Key Pair

Import an Existing Key Pair

Managing Root Certificates

Command Line Reference

Logs

JSR Support

JSR 75: PDA Optional Packages

JSR 82: Bluetooth and OBEX Support

JSR 135: Mobile Media API Support

JSR 172: Web Services Support

JSR 177: Smart Card Security (SATSA)

JSR 179: Location API Support

JSR 205: Wireless Messaging API (WMA) Support

JSR 211: Content Handler API (CHAPI)

JSR 226: Scalable 2D Vector Graphics

JSR 229: Payment API Support

JSR 238: Mobile Internationalization API (MIA)

JSR 256: Mobile Sensor API Support

Index


Security and MIDlet Signing

The Java ME Platform SDK supports the security policies and domains defined by both JSR 185 (Java Technology for the Wireless Industry or JTWI) and JSR 248 (Mobile Service Architecture or MSA). The SDK provides tools to sign MIDlet suites, manage keys, and manage root certificates. The security domains are further described in Security Domains.

MIDP 2.0 (JSR 118) includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain that determines access to protected functions. The MIDP 2.0 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.

The general process to create a cryptographically signed MIDlet suite is as follows:

  1. The MIDlet author, probably a software company, buys a signing key pair from a certificate authority (the CA).

  2. The author signs the MIDlet suite with the signing key pair and distributes their certificate with the MIDlet suite.

  3. When the MIDlet suite is installed on the emulator or on a device, the implementation verifies the author’s certificate using its own copy of the CA’s root certificate. Then it uses the author’s certificate to verify the signature on the MIDlet suite.

  4. After verification, the device or emulator installs the MIDlet suite into the security domain that is associated with the CA’s root certificate.

For definitive information, consult the MIDP 2.0 specification. For an overview of MIDlet signing using the Java ME Platform SDK, read the article Understanding MIDP 2.0's Security Architecture, which is available at http://developers.sun.com/techtopics/mobility/midp/articles/permissions/

If you need more background on public key cryptography, try the article MIDP Application Security 1: Design Concerns and Cryptography, which is available at http://developers.sun.com/techtopics/mobility/midp/articles/security1/. See the following topics:

Legal Copyright 1994-2009 Sun Microsystems, Inc.
Previous Next