Secure Java Element

[slugger_2003]

Hi all,

I'm building a MIDlet that connects to a servlet over HTTP, retrieves data from a remote database then displays the information. Does anyone have any tips on doing this securly? In my reading I've come across something referred to as the Java Secure Card or Secure Element but haven't really followed how to go about this, or why. If someone can give me hints and tips or direct me towards relevant and succinct reading sources it would be appreciated.
In addition, is utilising SHA1 and SSL possible to and from the MIDlet's side to the servlet so that the data is securely transferred from beginning to end? I'm trying to adapt the MIDlet to be as secure as possible as easily as possible.

Thanks in advance.

[slugger_2003]

208 views but no replies...seems a lot of people are looking for an answer, not just me. Can anyone help??

[geri-m]

Hey,

I don't think Java Card is the right direction, as you don't want to implement all the auth protocoll yourself.

Have you had a look at this paper?

<http://www.forum.nokia.com/info/sw.nokia.com/id/8b28cf7e-6d31-4a29-9689-c2c911cc33b9/MIDP_2_0_Introduction_to_Secure_MIDlet_Communication_v1_0.zip.html>

best, Gerald

[le sage]

You might want to install a client certificate in your smartphone. The client certificate may be installed either in the phone memory or in the secure element. Then, you'll be able to do some double authentication (server & client) SSL sessions. Your phone will need to be compatible with several JSRs. I don't think this has anything to deal with Near Field Communication.