CHAPTER 6

Security and MIDlet Signing

MIDP 2.0 includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain which determines access to protected functions. The MIDP 2.0 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.

For definitive information, consult the MIDP 2.0 specification. For an overview of MIDlet signing using the J2ME Wireless Toolkit, read this article:

Understanding MIDP 2.0's Security Architecture

http://developers.sun.com/techtopics/mobility/midp/articles/

permissions/

If you need more background on public key cryptography, try this article:

MIDP Application Security 1: Design Concerns and Cryptography

http://developers.sun.com/techtopics/mobility/midp/articles/

security1/

This chapter describes support for protection domains, permissions, and MIDlet signing in the J2ME Wireless Toolkit.

6.1Permissions

MIDlets must have permission to perform sensitive operations, like connecting to the network. Permissions have specific names, and MIDlet suites can indicate their need for certain kinds of permissions through attributes in the MIDlet suite descriptor.

49

Page 61
Image 61
Sun Microsystems J2ME manual Security and MIDlet Signing, Permissions