Programming Wireless Devices with the Java2 Platform

Chapter 16. Secure Networking

Many mobile applications, especially those intended for mobile commerce, need secure transport protocols in order to ensure the integrity and confidentiality of transactions that are initiated by the applications. Secure protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have been in common use on the Internet for some time. The MIDP Specification version 2.0 now brings secure networking protocols also to the developers of J2ME applications.

The MIDP Specification version 2.0 defines two secure networking interfaces: HttpsConnection and SecureConnection. The HttpsConnection interface extends the interface HttpConnection, and the SecureConnection interface extends the interface SocketConnection. When a MIDlet opens an HTTPS connection or a secure socket connection, the client device and the server establish a secure link by negotiating the secure protocol and cipher suite, and by exchanging credentials.

Because the client and server components of mobile applications are usually designed and deployed together to satisfy a particular business need, the server-side infrastructure can define the confidentiality and integrity requirements. The client-side implementations needs to verify only that the client is communicating with the correct site and protocols.

Secure networking protocols supported by MIDP 2.0 include SSL and TLS as well as the Wireless Application Protocol (WAP) secure protocol WTLS. Each protocol places requirements on certificates used for secure networking, as described in Section 16.4, "MIDP X.509 Certificate Profile."