Java Reference
In-Depth Information
data center, for example), logging, auditing, and using secure network channels help you
secure your networked application. Bear in mind that cryptography can solve only one
segment of the security challenges you face, and that many of the challenges you face
may be social (think of phishing scams prevalent in today's e-mail) rather than technical.
■
Note
Secrets & Lies: Digital Security in a Networked World
by Bruce Schneier (John Wiley & Sons, 2000)
and
The Art of Deception
by Kevin D. Mitnick and William L. Simon (Wiley Publishing, 2002) are good places
to start learning more about the technical and social threats to application security and how to establish
countermeasures against those threats.
Looking at Java ME's Security and Trust Services
Java SE provides a host of cryptographic interfaces including Java Cryptography
Architecture ( JCA) and Java Cryptography Extension ( JCE); not so with the base imple-
mentation of Java ME. There are a number of reasons for this, both technical and
legal; memory footprint and computational complexity make cryptography difficult
for some Java ME devices, and export restrictions could hobble Java ME's adoption in
some markets if it came bundled with strong cryptographic solutions.
The extensible nature of Java ME comes to the rescue, however. JSR 177 defines
the Security and Trust Services API for J2ME (SATSA). In addition to supporting crypto-
graphic operations, SATSA includes optional components for Java ME that provide APIs
for communication with hardware security components, as well as certificate and signa-
ture management. SATSA defines four key optional packages that a device may support:
•
Application Protocol Data Unit (APDU)
: This communications API enables low-
level communication between your application and cryptographic hardware such
as Java smart cards.
•
SATSA-Java Card RMI (SATSA-JCRMI)
: This communications API permits
high-level communication between your application and a Java smart card.
•
SATSA
-
public key infrastructure (SATSA-PKI)
: This API provides support for
managing public keys.
•
SATSA-CRYPTO
: This API provides a subset of the
java.security
package for
cryptography.
The APDU protocol builds on the GCF to provide a general interface for communi-
cating with Java smart cards, Universal Subscriber Identity Modules (USIMs), and
