93
By implementing Bound certificates, the process of creating and supporting developer-
specific flex files can be eliminated, which in turn simplifies the developer's environment,
avoiding dependency from the flex tools. Bound certificates will take advantage of the
High Assurance Boot system implemented at Motorola. The main difference becomes
relevant during the creation of the signing certificate for the developer. Below are the
steps necessary for the developer to follow:
•
The MIDlet developer generates a signing key that contains public and
private keys.
•
The developer will send the CSR, containing the developer’s public portion
of the signing key, and the serial number(s) of the handset(s) the developer
is using for testing, and the intended protected domains the MIDlet will be
signed against to the Motorola Java Signing Center.
•
The Signing Center constructs a developer certificate that includes the
public key and a tag, that denotes this is a bound certificate.
•
This bound certificate has the serial number for the unit appended to the
certificate format and the resulting file is signed using the PCS Java CA.
•
When the phone starts to load this type of certificate, it will identify the bound
tag and pull the electronic number from the processor and use it to validate
the signature of that certificate. Once this validation takes place, then the
certificate will be used to validate the signature of the JAD file and if it
passes, then it will install the JAR file on the product.
This implementation incorporates information about the target domain into the
bound certificate used for signing. This information should be submitted along
with developer's CSR and bound tag(s) of the target device(s). If Java security
manager has this information in runtime, it will be able to decide what domain to
use for binding.
Following are the requirements concerning these bound certificates:
•
An X.509 bound certificate shall support at least 10 serial numbers
supplied in the special bound tag extension.
•
A bound MIDlet shall be successfully installed on the target device, if at
least one of serial numbers supplied in the bound certificate coincides
with the processor's serial number retrieved from the target device.
•
A bound MIDlet shall not be installed if bound tag verification fails.
•
A bound MIDlet, after successful bound tag check, shall be successfully
mapped to the hardcoded, SRP* compliant manufacturer domain, if the
bound certificate includes information about target developer's domain
where all permissions have type allowed.
•
A bound MIDlet, after successful bound tag check, shall be successfully
mapped to the hardcoded, SRP* compliant 3rd party domain, if the
bound certificate includes information about target developer's domain
where all permissions have type user.
•
A bound MIDlet, after successful bound tag check, shall be mapped to a
domain in accordance with flexed policy file, if the bound certificate
either doesn't include any information about target developer's domain
or includes information about domain unknown to the device. The