CHAPTER 6
Security and MIDlet Signing
MIDP 2.0 includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain which determines access to protected functions. The MIDP 2.0 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.
For definitive information, consult the MIDP 2.0 specification. For an overview of MIDlet signing using the J2ME Wireless Toolkit, read this article:
Understanding MIDP 2.0's Security Architecture
http://developers.sun.com/techtopics/mobility/midp/articles/
permissions/
If you need more background on public key cryptography, try this article:
MIDP Application Security 1: Design Concerns and Cryptography
http://developers.sun.com/techtopics/mobility/midp/articles/
security1/
This chapter describes support for protection domains, permissions, and MIDlet signing in the J2ME Wireless Toolkit.
6.1Permissions
MIDlets must have permission to perform sensitive operations, like connecting to the network. Permissions have specific names, and MIDlet suites can indicate their need for certain kinds of permissions through attributes in the MIDlet suite descriptor.
49
