Control
Access control governs the establishment of an APDU connection and communication
using the APDU connection between terminal objects and on SE objects.
The access control model is designed to achieve the following security objectives:
•
Protect an SE from malicious MIDlets
•
Support the SE to specify a fine-grained access control policy within the
limitations of the platform
•
Allow a MIDlet to select an SE object (for example, a smart card
application) for temporary exclusive usage
•
Safeguard PINs from improper usage by the MIDlets
The system will use two mechanisms to implement access control: the Domain Mech-
anism and the Static Mechanism, for all SEs on the handset.
In the Domain Mechanism, an SE defines a private domain by providing the domain
root object (trusted certificate or public key). In the Domain Mechanism, the SE ac-
cepts only access from MIDlets that reside in such a domain (i.e., the application is
signed with a certificate that chains back to the trusted certificate provided by the
SE).
In the Static Mechanism, an ACF is published by an SE. The ACF contains access con-
trol for individual methods, and applications on the SE. ACFs are stored in the SE.
The terminal platform is responsible for processing these files.
The implementation reads the certificate from the SE.
The implementation reads Access Control Files from the SE.
Each SE has one ACIF associated with it. Each ACIF contains a list of ACFs (an ACIE),
one for each application on the SE. Each ACF may contain a list of zero or more ACEs
(an ACL).
When a MIDlet calls a method, the implementation evaluates if the MIDlet has appro-
priate permissions to access it, by first applying the Domain Mechanism.
The implementation applies the Domain Mechanism according to MIDP 2.0 and se-
curity policy requested by the operator.
Java ME Developer Guide
Chapter 12 - JSR-177 Java ME Security and Trust Services API
[96/201]
DRAFT - Subject to Change