2.5 MIDP Security Model
The MIDP security model is built on two concepts:
Trusted MIDlet suites are those whose origin and integrity can be
trusted by the device on the basis of some objective criterion.
Protected APIs are APIs to which access is restricted, with the level
of access being determined by the permissions (Allowed or User)
allocated to the API.
A protection domain defines a set of permissions which grant, or
potentially grant, access to an associated set of protected APIs. An installed
MIDlet suite is bound to a protection domain, thereby determining its
access to protected APIs.
An MIDP device must support at least one protection domain, the
untrusted domain, and may support several protection domains, although
a given MIDlet suite can only be bound to one protection domain.
The set of protection domains supported by an implementation defines
the security policy. If installed, an unsigned MIDlet suite is always
bound to the untrusted domain, in which access to protected APIs may
be denied or require explicit user permission. Since a requirement of
the MIDP specification is that a MIDlet suite written to the MIDP 1.0
specification runs unaltered in an MIDP environment, MIDP 1.0 MIDlets
are automatically treated as untrusted.
2.5.1 The X.509 PKI
The mechanism for identifying and verifying that a signed MIDlet suite
should be bound to a trusted domain is not mandated by the MIDP
specification but is left to the manufacturer of the device and other
stakeholders with an interest in the security of the device, for example,
network operators. The specification does, however, define how the
X.509 Public Key Infrastructure (PKI) can be used to identify and verify a
signed MIDlet suite.
The PKI is a system for managing the creation and distribution of
digital certificates. At the heart of the PKI lies the system of public
key cryptography. Public key cryptography involves the creation of a
key pair consisting of a private key and a public key. The creator of
the key pair keeps the private key secret, but can freely distribute the
public key. Public and private key pairs have two principal uses: they
enable secure communication using cryptography and authentication
using digital signatures. In the first case, someone wishing to communicate
with the holder of the private key uses the public key to encrypt the
communication. The encrypted communication is secure since it can
only be decrypted by the holder of the private key.