Table of Contents
Advertisement
31
MIDP 2.0 Security Model
Dial a call
CBS
Receive CBS
The radio button messages will appear as follows and mapped to the permission types as
shown in the Table 28:
MIDP 2.0 Permission Types
Blanket
Session
Oneshot
No access
The above runtime dialog prompts will not be displayed when the protected function is set
to "Allowed" (or full access), or if that permission type is an option for that protected
function according to the security policy table flexed in the handset.
Trusted MIDlet Suites Using x.509 PKI
Using the x.509 PKI (Public Key Infrastructure) mechanism, the handset will be able to
verify the signer of the MIDlet suite and bind it to a protection domain which will allow the
MIDlet suite access to the protected API or function. Once the MIDlet suite is bound to a
protection domain, it will use the permission defined in the protection domain to grant the
MIDlet suite access to the defined protected APIs or functions.
The MIDlet suite is protected by signing the JAR file. The signature and certificates are
added to the application descriptor (JAD) as attributes and will be used by the handset to
verify the signature. Authentication is complete when the handset uses the root certificate
(found on the handset) to bind the MIDlet suite to a protection domain (found on the
handset).
Signing a MIDlet Suite
The default security model involves the MIDlet suite, the signer, and public key
certificates. A set of root certificates are used to verify certificates generated by the signer.
Specially designed certificates for code signing can be obtained from the manufacturer,
Table 27 Protected Functionality fot top line of prompt
Table 28 Dialog Prompts for MIDP 2.0 Permission Types
"Make Phone Call?"
"Use CBS?"
"Receive CBS?"
Dialog Prompts
"Always yes. Do not ask again."
"Yes, this is running."
"Only this operation. Ask me again."
"Not this operation. Ask me again."
"Not this running."
"No, always denied. Do not ask again."
117
Advertisement
Table of Contents
