19.9 Standardization of J2ME Security APIs
Vendor-specific security APIs often offer good performance at the cost of application portability. One way to avoid such fragmentation yet still take advantage of native performance is to develop standard J2ME cryptography API specifications and allow device vendors to provide their own implementations.The upcoming CDC Foundation Profile v1.1 specification (JSR 219) will include a "Security API optional package." The optional package supports subsets of the J2SE v1.4 Java Secure Socket Extension (JSSE), Java Cryptography Extension (JCE), and Java Authentication and Authorization Service (JAAS) APIs. Most algorithms in the javax.crypto package will be supported. It is not clear, however, whether this optional package can be used in conjunction with the CLDC and MIDP.The "Security and Trust Services API for J2ME" (JSR 177) is an optional package for both the CLDC and CDC. It supports access to embedded security elements, including SIM cards in GSM phones and UICC cards in 3G phones. Those security cards not only store user keys and personal information but also perform certain cryptography algorithms. At the time of this writing, the JSR 177 expert group is still debating whether to include a lightweight cryptography API in this optional package. |
لطفا منتظر باشید ...
