Java ME Developer Guide

Chapter 12 - JSR-177 Java ME Security and Trust Services API

Control

Access control governs the establishment of an APDU connection and communication using the APDU connection between terminal objects and on SE objects.

The access control model is designed to achieve the following security objectives:

Protect an SE from malicious MIDlets

Support the SE to specify a fine-grained access control policy within the limitations of the platform

Allow a MIDlet to select an SE object (for example, a smart card application) for temporary exclusive usage

Safeguard PINs from improper usage by the MIDlets

The system will use two mechanisms to implement access control: the Domain Mech- anism and the Static Mechanism, for all SEs on the handset.

In the Domain Mechanism, an SE defines a private domain by providing the domain root object (trusted certificate or public key). In the Domain Mechanism, the SE ac- cepts only access from MIDlets that reside in such a domain (i.e., the application is signed with a certificate that chains back to the trusted certificate provided by the SE).

In the Static Mechanism, an ACF is published by an SE. The ACF contains access con- trol for individual methods, and applications on the SE. ACFs are stored in the SE. The terminal platform is responsible for processing these files.

The implementation reads the certificate from the SE.

The implementation reads Access Control Files from the SE.

Each SE has one ACIF associated with it. Each ACIF contains a list of ACFs (an ACIE), one for each application on the SE. Each ACF may contain a list of zero or more ACEs (an ACL).

When a MIDlet calls a method, the implementation evaluates if the MIDlet has appro- priate permissions to access it, by first applying the Domain Mechanism.

The implementation applies the Domain Mechanism according to MIDP 2.0 and se- curity policy requested by the operator.

DRAFT - Subject to Change [96/201]

Page 96
Image 96
Motorola maxx V6 manual Draft Subject to Change 96/201, Control