Secure MusicDB Java ME Application

The Secure MusicDB application demonstrates most of the security features described in this document:

• Authentication on the Client Device: The first time you launch the MIDlet, you are prompted to set a security PIN. The PIN can be any alphanumeric string. You are also asked to enter a long random sequence of key-presses on the device in the “secret” field. The PIN and secret are used to compute the derivatives described above, which are stored on the mobile device's RMS record store. Upon subsequent launches of the MIDlet, you are prompted to enter the PIN. If the PIN does not correctly reverse the computation of the derivatives stored in RMS, then an error message appears, and you are prompted to enter the PIN again. The MIDlet also clearly indicates how many attempts you have left before it performs data destruction.

• Data Destruction and Lockout: After you fail to enter the PIN 3 times, the MIDlet destroys all MusicDB data on the device, and you are prevented from using the application.

• Recovering from Lockout: If you are locked out of the application, you must remove and reinstall the Secure MusicDB application on your device. This should reset the security information stored in RMS, and you will see the initial screen asking for a secret and PIN.

• Encryption: The PIN you enter is used to encrypt and decrypt all data at rest on the device.

• Transport-layer Security: The Gateway Engine is configured to allow mobile clients to communicate using HTTPS in order to provide transport-layer security.