Java Reference
In-Depth Information
CHAPTER 15
Securing Java ME
Applications
S
ecurity plays a big part in the success of today's mobile marketplace. More so than
ever before, consumer devices are being woven into the very infrastructure of electronic
commerce. This revolution is being powered by mobile versions of the same security and
trust technologies—largely powered by the revolution in cryptography over the last
generation—that power electronic commerce on the Internet.
In this chapter, I look at the some of the various components available to Java ME
developers that can help you create more secure applications. After beginning with a look
at why you should have a grasp of today's security fundamentals, including a review of
some key building blocks when designing secure applications, I move to a discussion of
Java ME's Security and Trust Services API—an optional package that provides support
for smart cards and cryptography. I next touch on Java ME's relatively new Contactless
Communication API, which enables secure commerce applications through near-field
communication devices to enable using your mobile device as a wireless wallet. Finally,
I close with a discussion of the Bouncy Castle cryptography package—a full-featured,
open source package for providing cryptography for Java ME devices.
Understanding the Need for Security
Back when I wrote my first networked application, the Internet was a small place—not so
small that everybody knew everybody, but still small enough that passwords were often
transmitted in the clear, right there where everybody could read them, if that's what they
intended. Of course, that was before the Web, too, and writing a networked application
required serious protocol work or a good understanding of the remote procedure call
semantics just then in vogue for networked computing. Fast-forward a couple of
decades, and the Internet's no longer a wild and wooly frontier, but a teeming metropolis.
While it's tempting to blame the influx of people for the need for greater security, the
truth is far more complex and as much a reflection of human nature as one of human
presence. Today, securing an application is often as much an important part of gaining
413
