Sun GlassFish Mobility Platform Security and Authentication

Sun makes every effort to ensure secure operation of Sun GlassFish Mobility Platform, which was designed with security in mind. Sun GlassFish Mobility Platform uses MD5 to generate a hash used as the symmetric key for 3DES to encrypt client data stored locally. When that data is sent over the wire from the client device, it is decrypted and sent using SSL/HTTPS. User data is at no time exposed to prying eyes. For security reasons, Sun GlassFish Mobility Platform does not duplicate the user's data to a local database, but only metadata required during the synchronization process.

Sun GlassFish Mobility Platform supports both client-side and server-side security:

• Sun GlassFish Mobility Platform Client Security

• Sun GlassFish Mobility Platform Server Security

Sun GlassFish Mobility Platform Client Security

Sun GlassFish Mobility Platform client security includes the following features:

• A simple PIN-based form of authentication

• A means to secure data at rest on the mobile device (data encryption)

• A means to securely synchronize with the Gateway Engine on the server (transport-layer security)

• A mechanism to destroy business data (data destruction)

• A means to prevent the client device from synchronizing (lockout)

• A means to remotely destroy all of the data on the device (poison pill)

• A means to notify the application that a certain quiet period has elapsed (data fading)

• An API that allows developers to replace the Sun GlassFish Mobility Platform default security manager implementation with their own

For details, see Chapter 3, “Client Security Architecture,” in Sun GlassFish Mobility Platform 1.1 Developer's Guide for Client Applications.

Sun GlassFish Mobility Platform Server Security

Sun GlassFish Mobility Platform server security features include the following:

• TLS/HTTPS is used to provide authentication and encryption between the device and the Gateway Engine. The OMA DS protocol requires support for basic authentication and for verification of data integrity using a message digest created with MD5. The use of transport layer security (HTTPS) is assumed.

• In a two-tier Sun GlassFish Mobility Platform installation, TLS/HTTPS is used for communication between the Web Service connector and the Web Service endpoint.

• The Gateway Engine incorporates an Enterprise Server realm for user authentication. The default configuration uses a JDBC realm.