Information Technology Reference
In-Depth Information
STS server,
XKMS server,
TSA server,
M-government platform - Web service exposed for the SOAP based m-
government platform.
The communication between JAVA mobile application and STS server is realized by
using WS-Secured SOAP communication. According to the scenarios, the JAVA
mobile application sends the RST (Request for Security Token) to the STS server and,
if everything is ok, receives back the RSTR (RST Response) which consist of URL of
the municipality and the SAML token with the user's role on the SWEB platform.
The communication between the JAVA mobile application and the Web service of
the platform is realized as WS-Encrypted SOAP communication. According to the
scenarios, the JAVA mobile application sends the signed mRCertificate request or m-
invoice (signing is done by using XML signature mechanisms) to the Web service
platform of the municipality. Before sending it to the municipality, signed
mResidence Certificate request or m-invoice must be timestamped. In order to
accomplish this, the JAVA mobile application communicates with TSA server via
HTTP communication. In this sense, the JAVA mobile application sends a hash of the
signature of the mResidence Certificate or m-invoice to the TSA server and receives
back a timestamp (signed hash with added time information) which is signed by the
private key of the TSA server.
Only in the mResidence Certificate scenario, when the mResidence Certificate is
ready for delivery at the platform, the platform sends a SMS to the mobile user
informing him that the mResidence Certificate with the given TaskID is ready for
download. After that, the JAVA mobile application will send a request for
mResidence Certificate download also as a signed and timestamped request in a body
of the WS-Encrypted SOAP message to the platfom's Web service.
During the abovementioned communication, in order to verify signatures and
validate different X.509v3 certificates, the JAVA mobile application needs to
communicate with XKMS server which outsources a part of the time and resource
consuming PKI functionalities from the JAVA mobile application. Namely, the
JAVA mobile application could obtain a suitable certificate from the XKMS server
(by using LocateRequest XKMS function) and, more importantly, could validate
certificate of some party (by using ValidateRequest XKMS function). This way, the
most time consuming PKI operations, like certificate validation, will be excluded
from the mobile phone. The communication with the XKMS server is SOAP
communication without applying security features. Only, the XKMS server's
response is always digitally signed by using the XML signature mechanism.
5 Conclusions
In this paper, we present a possible model of secure SOA-Based m-government system
based on JAVA mobile Web service application. In fact, this work is related to the
consideration about secure mobile communication between citizens and companies with
the small and medium governmental organizations, such as municipalities.
We elaborated some m-government framework which is based on secure JAVA
mobile application, PKI certificates, SOA-based platform, XML-security, WS-
Security, SAML, Time Stamping and XKMS. The work presented and examples
Search WWH ::
Custom Search