Java User’s Guide
12 Java Security
112
s
wm_java_usersguide_v12 Page 98 of 123 2008-02-25
Confidential / Released
12 Java SecurityThe Java Security Model follows the specification of MIDP 2.0 and is IMP-NG conforming. It
integrates only a simple protection domain concept since protection domains are not needed
for module use cases.
Java Security is divided into two main areas:
• Secure MIDlet data links (HTTPS, Secure Connection) (see Section 12.1)
• Execution of signed/unsigned MIDlets (see Section 12.2)
The interface of Java Security offers the following functionality.
• Insert/delete X.509 certificate (default is no certificate, see Section 12.2.1)
• Switch between trusted and untrusted mode for the execution of MIDlet
(default is trusted after inserting the certificate, see Section 12.2.1)
• Enable/disable untrusted domain in trusted mode (default is disabled)
• Switch MES (default is ON see Section 12.3)
• Switch https certificate verification (default is OFF, see Section 12.1)
Restrictions:
• The module does not supply users independent date/time base. Therefore no examination
of the validity of the expiration date/time of the certificate takes place.
12.1 Secure Data Transfer
This feature makes it possible for MIDlets to use safe data links to external communications
partners. The specification IMP-NG defines two java classes with this characteristic - HTTPS-
Connection and SecureConnection
.
The Siemens implementation follows the recommendations in IMP-NG:
HTTPSConnection
• HTTP over TLS as documented in RFC 2818 and TLS Protocol Version 1.0 as specified in
RFC 2246.
SecureConnection
• TLS Protocol Version 1.0 as specified in RFC 2246