memory.
•
If the certificate is not available on the device, the manufacturer
domain MUST be disabled.
•
The certificate can only be deleted or modified by the
manufacturer.
•
Any new or updated manufacturer protection domain root
certificate must be associated with the manufacturer domain
security policy on the device. MIDlet suites verified by a previous
manufacturer protection domain root certificate MUST be
disabled.
Operator Domain
The certificate must be mapped to the specified location in the SIM or
in the phone memory.
•
If the certificate is not available on the specified location in the
SIM or in the phone memory, the operator domain MUST be
disabled.
•
The implementation MUST search SIM first for the operator root
certificate.
•
The operator domain can't be deleted or modified by the
application or any other party, except by device provisioned
capability.
•
Number of "Operator domain" certificates to be stored in the SIM
or in the phone memory should be at least 5.
Trusted third party Domain
•
The certificate must be mapped to the specified location in the
SIM or in the phone memory.
•
Only operator can provision trusted third party root certificates in
SIM. The certificate shall be stored as READ_ONLY.
User/application can't disable/enable/delete trusted third party
certificates stored in SIM.
•
The implementation must search SIM first for trusted third party
root certificate.
•
If a certificate is not available at the specified location in the SIM
or in the phone memory, the trusted third party domain must be
disabled.
•
The user must not be able to delete or disable trusted third party
protection domain root certificates which are stored as
READ_ONLY.
•
Disabled trusted third party protection domain root certificates
must not be used to verify downloaded MIDlet suites.
•
If this certificate is to be deleted, the user MUST be prompted to
warn of the consequence of this action. This prompt MUST work
in conjunction with the browser functionality.
•
If deleted or disabled, the third party domain MUST no longer be
associated with this certificate.
Java ME Developer Guide
Chapter 16 - Java ME™ Access to certificates on SIM and phone
memory
[125/201]
DRAFT - Subject to Change