This document, Advanced Multimedia Supplements Security is an addendum to the Advanced Multimedia Supplements (JSR-234) version 1.1 for the JavaTM Platform, Micro Edition. The specification is aimed at implementations of the Advanced Multimedia Supplements API, especially with the Mobile Information Device Profile, Version 2.x (JSR-118) and Connected Device Configuration (CDC), Version 1.0 or later specifications. The above specifications can be found at http://www.jcp.org/jsr/detail/234.jsp, http://www.jcp.org/jsr/detail/118.jsp and http://www.jcp.org/jsr/detail/36.jsp, respectively.
The terminology used herein is defined by the above specifications except where noted.
The audience for this document is the Java Community Process (JCP) experts, implementers of the Advanced Multimedia Supplements, application developers using MIDP or CDC and the Advanced Multimedia Supplements, service providers deploying MIDP or CDC applications, and wireless operators deploying the infrastructure to support MIDP or CDC devices. This document specifically targets network operators, manufacturers, and service and application providers operating in GSM and UMTS networks.
The purpose of this document is to identify the security concerns regarding Advanced Multimedia Supplements and to define the corresponding security policy identifiers (permission names) when it is used in conjunction with MIDP 2.x, or CDC 1.0 or later.
This document does not specify what the security framework is or how it functions; they are specified and implemented by the implementing platform, e.g. in MIDP 2.0.
Advanced Multimedia Supplements implementations on MIDP 2.x must follow this document. CDC based implementations using the CDC security framework for application security must follow the security defintions for CDC in this document.
The Advanced Multimedia Supplements (AMMS) specification does not define a security framework of its own.
Rather, implementations of AMMS are subject to the security mechanisms
provided by the underlying profile and configuration, e.g. MIDP 2. Some
methods in AMMS are defined such that a
SecurityException will be thrown when
called without the appropriate security permissions from the caller.
An implementation MUST guarantee that:
SecurityExceptionis thrown when the caller does not have the appropriate security permissions to execute the method;
The security of AMMS concerns the use of camera and tuner.
In order to perform any security sensitive actions using AMMS the application MUST be granted the permission to do so. The mechanism to grant the permission is implementation specific and not in the scope of this document.
Camera security concerns privacy and storing of images.
CameraControl.enableShutterFeedback is used to control the possible
audible and visual feedback of taking a picture. In order to disable the
shutter feedback the application must be granted the permission to
perform the operation. Otherwise,
SecurityException is thrown.
It should be noted that because of differing local regulations it may
not be possible to disable the shutter feedback at all. In those cases
MediaException will be thrown.
AMMS permissions for the camera are specified in table 1.
Security regarding storing of images affects AMMS only indirectly. AMMS does not specify its own permissions for storage but they are handled by the API which is used to store the images. With MIDP, the permissions of the FileConnection API (JSR-75) are used when images are written to the file system.
AMMS implementations must follow the security practices of the FileConnection API to store the images when AMMS and FileConnection API exist in the same implementation.
Similarly, MMAPI specifies the security practices concerning capture of images in general. Since AMMS uses the MMAPI framework, AMMS implementations do not exist without MMAPI. Images taken by AMMS must follow the image capturing security practices of MMAPI.
References to other APIs which may affect AMMS are listed in table 2. Information concerning related permissions can be found from those API specifications.
|API call||Related API|
TunerControl of AMMS allows use of the tuner (usually FM or AM
radio). The API allows accessing and setting of the preset channels of
the native tuner application. The Java application must be granted
permission to set the native presets in order to perform these operations.
AMMS permissions for the tuner are specified in table 3.
Implementations using security permissions based on
java.security.permission must include class
javax.microedition.amms.AmmsPermission and the methods below must perform permission checks.
|API call||Action in javax.microedition.amms.AmmsPermission|