Java ME Developer Guide

Chapter 12 - JSR-177 Java ME Security and Trust Services API

should be chosen. Implementers are not limited to using if-else statements.

If the MIDlet is trying to access a method protected by the Domain Mechanism, and access to it is denied, the implementation throws ￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿.

If the MIDlet is trying to access a method protected by the Static Mechanism, and access to it is denied, the implementation throws ￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿￿.

Evaluating Individual Access Control Entry

When evaluating ACE, the MIDlet is granted permission to open an APDU connection with an application in the SE if the ACE principal identifies a domain category (CHOICE domain is used with the OID indicating 'operator', 'manufacturer', or 'trusted third party') and the MIDlet belongs to the same domain.

When evaluating ACE, the MIDlet is granted permission to open an APDU connection with an application in the SE if the ACE principal identifies the domain root (CHOICE rootID is used) and the corresponding PrincipalID matches with the hash of the root certificate in the path used to sign the MIDlet.

When evaluating ACE, the MIDlet is granted permission to open an APDU connection with an application in the SE if the ACE principal identifies an end-entity ( CHOICE endEntityID is used) and the corresponding PrincipalID matches with the end-entity certificate used to sign the MIDlet.

When evaluating ACE, the MIDlet is granted permission to send an APDU to an ap- plication in the SE if the APDU being sent by the MIDlet is specified by at least one ACE.

When evaluating ACE, the MIDlet is granted permission to send an APDU to an ap- plication in the SE if the APDU being sent by the MIDlet is not one of those used for application selection and channel management.

A MIDlet operation is considered to be specified by an ACE if the following condition is satisfied: APDU(MIDlet) AND mask(ACE) = APDU(ACE),

12.3.4 Security Requirements

DRAFT - Subject to Change [98/201]

Page 98
Image 98
Motorola maxx V6 manual Draft Subject to Change 98/201, Security Requirements