Information Technology Reference
In-Depth Information
emphasis and contribution of the paper is the Secure JAVA Mobile Web Service
application communicating with the Web Service of the proposed m-government
platform. In a process of development the secure JAVA Mobile Application we have
used the J2ME development environment [1].
The work presented and examples described are included in the general framework
of the EU IST FP6 SWEB project (Secure, interoperable cross border m-services
contributing towards a trustful European cooperation with the non-EU member
Western Balkan countries, SWEB) [2].
The paper is organized as follows. A consideration of security in mobile
communication is given in Chapter 2 whike description of the possible m-
Governmental architecture is given in Chapter 3. Chapter 4 is dedicated to the
consideration about secure JAVA mobile Web Service application. Conclusions are
given in Chapter 5.
2 Security in Mobile Communication
This paper mainly identifies the need for security in mobile communications, such as
mentioned in [3], and presents a secure mobile framework that is based on widely
used XML-based standards and technologies such as XML-Security (XML-Signature,
and XML-Encryption) and Web Services Security (WS-Security).
Besides security aspects of the XML communication, a possible Federation ID
system based on security token service is considered too. In this work, SAML
(Security Assertion Markup Language) tokens/assertions have a role of security
tokens. Communication between JAVA mobile application, or the SOA-Based
platform itself, and STS server is realized by using WS-Secured SOAP
communication.
We have also used XKMS protocol [3] in the proposed m-government system. It
enables the integration of keys and certificates into mobile applications as well as the
implementation of PKI X.509v3 digital certificate registration, revocation, validation
and update mechanisms.
Besides STS and XKMS, the client applications and the platform used also the
time stamping functionalities in order to create timely valid electronic documents with
digital signatures of long-term validities. In this sense, a suitable TSA also represents
an important part of the proposed model.
Regarding security needs in m-government online systems, the proposed model
addresses main security functionalities (business security needs) in a following way:
User authentication
- the Secure JAVA Mobile application needs the user
password based authentication to launch the application itself. This prevents
accessing the application from non-authorized persons. In fact, there is a two-
step user authentication procedure since the user needs to present another
password (passphrase) to enable application access to its asymmetric private
key stored in the JAVA key store inside the application for the functions that
needs the user's electronic signature.
User identity
- as reliable electronic identities of different users and entities in
the proposed system, PKI X.509v3 electronic certificates are used issued by
corresponding Certification Authorities (CA).
Search WWH ::
Custom Search