Siemens AC65 Benutzerhandbuch
Java User’s Guide
12.2 Execution Control
112
s
wm_java_usersguide_v12
Page 103 of 123
2008-02-25
Confidential / Released
12.2
Execution Control
The Java environment of the ME supports two modes.
Unsecured mode:
•
•
The device starts all Java applications (MIDlets).
Secured mode:
•
•
A condition for the secured mode of the device is the existence of a certificate inside of the
module.
module.
•
The customer can activate the secured mode of the device. To do so, the customer sends
a root certificate (x.509 certificate) and the command Switch ON Security Mode to the
device (over an AT Interface). The device changes from unsecured mode to the secured
mode. From this time the module will only start Java applications with a valid signature. In
addition, the device will only accept special commands from the customer if they are
marked with a signature. The device examines each command with the public key of the
customer root certificate.
a root certificate (x.509 certificate) and the command Switch ON Security Mode to the
device (over an AT Interface). The device changes from unsecured mode to the secured
mode. From this time the module will only start Java applications with a valid signature. In
addition, the device will only accept special commands from the customer if they are
marked with a signature. The device examines each command with the public key of the
customer root certificate.
•
The secured mode supports a simple protection domain concept, providing a domain for
unsigned MIDlets. If this domain (domain for untrusted MIDlets) is active, then an unsigned
MIDlet is assigned to this domain and has only limited access to the Java-API. The
untrusted domain is activated by use of Java Security Command Switch ON Untrusted
Domain (see
unsigned MIDlets. If this domain (domain for untrusted MIDlets) is active, then an unsigned
MIDlet is assigned to this domain and has only limited access to the Java-API. The
untrusted domain is activated by use of Java Security Command Switch ON Untrusted
Domain (see
untrusted domain:
- HTTP-Connection is permitted
- TCP/IP-Socket Connection is permitted
- HTTP-Connection is permitted
- TCP/IP-Socket Connection is permitted
Standard behavior of the module:
Siemens supplies modules with unsecured mode as the default configuration.
Insert the certificate:
Siemens supplies modules with unsecured mode as the default configuration.
Insert the certificate:
- The module changes into the mode “trusted” for MIDlet execution. “Untrusted Domain” is
OFF.
- HTTPS certificate verification is OFF.
- MES is ON.
- MES is ON.
Remove the certificate:
- The module changes into the mode “untrusted” for MIDlet execution.
- HTTPS certificate verification is OFF
- MES is ON.
- HTTPS certificate verification is OFF
- MES is ON.