Java ME Developer Guide

Chapter 8 - MIDP 2.0 Security Model

x.509 PKI

Using the x.509 PKI (Public Key Infrastructure) mechanism, the handset will be able to verify the signer of the MIDlet suite and bind it to a protection domain which will allow the MIDlet suite access to the protected API or function. Once the MIDlet suite is bound to a protection domain, it will use the permission defined in the protection domain to grant the MIDlet suite access to the defined protected APIs or functions.

The MIDlet suite is protected by signing the JAR file. The signature and certificates are added to the application descriptor (JAD) as attributes and will be used by the handset to verify the signature. Authentication is complete when the handset uses the root certificate (found on the handset) to bind the MIDlet suite to a protection domain (found on the handset).

8.11 Signing a MIDlet Suite

The default security model involves the MIDlet suite, the signer, and public key certi- ficates. A set of root certificates are used to verify certificates generated by the signer. Specially designed certificates for code signing can be obtained from the manufacturer, operator, or certificate authority. Only root certificates stored on the handset will be supported by the MOTORAZR maxx V6 handset.

8.12 Signer of MIDlet Suites

The signer of a MIDlet suite can be the developer or an outside party that is respons- ible for distributing, supporting, or the billing of the MIDlet suite. The signer will have a public key infrastructure and the certificate will be validated to one of the protec- tion domain root certificates on the handset. The public key is used to verify the sig- nature of JAR on the MIDlet suite, while the public key is provided as a x.509 certi- ficate included in the application descriptor (JAD).

8.13 MIDlet Attributes Used in Signing

DRAFT - Subject to Change [58/201]

Page 58
Image 58
Motorola maxx V6 manual 509 PKI, Signing a MIDlet Suite, Signer of MIDlet Suites, MIDlet Attributes Used in Signing