The Java ME Platform SDK supports the security policies and domains defined by both JSR 185 (Java Technology for the Wireless Industry or JTWI) and JSR 248 (Mobile Service Architecture or MSA). The SDK provides tools to sign MIDlet suites, manage keys, and manage root certificates. The security domains are further described in Security Domains.
MIDP 2.0 (JSR 118) includes a comprehensive security model based on protection domains. MIDlet suites are installed into a protection domain that determines access to protected functions. The MIDP 2.0 specification also includes a recommended practice for using public key cryptography to verify and authenticate MIDlet suites.
The general process to create a cryptographically signed MIDlet suite is as follows:
The MIDlet author, probably a software company, buys a signing key pair from a certificate authority (the CA).
The author signs the MIDlet suite with the signing key pair and distributes their certificate with the MIDlet suite.
When the MIDlet suite is installed on the emulator or on a device, the implementation verifies the author’s certificate using its own copy of the CA’s root certificate. Then it uses the author’s certificate to verify the signature on the MIDlet suite.
After verification, the device or emulator installs the MIDlet suite into the security domain that is associated with the CA’s root certificate.
For definitive information, consult the MIDP 2.0 specification. For an overview of MIDlet signing using the Java ME Platform SDK, read the article Understanding MIDP 2.0's Security Architecture, which is available at http://developers.sun.com/techtopics/mobility/midp/articles/permissions/.
If you need more background on public key cryptography, try the article MIDP Application Security 1: Design Concerns and Cryptography, which is available at http://developers.sun.com/techtopics/mobility/midp/articles/security1/. See the following topics: