The Research On Key Techniques Of J2ME Secure Data Channel

In recent years, J2ME-based mobile commerce applications develop rapidly, by virtue of the especial technology advantage of Java language. However, the limited computing power of most mobile devices and the interceptable nature of wireless signals leave wireless systems easily facing the situation of data-theft and attack. The lack of data security on current mobile application platforms is one of the biggest obstacles to mobile commerce applications development. Even with mandatory HTTPS support in MIDP2.0 (Mobile Information Device Profile), the standard J2ME (Java 2 Platform, Micro Edition) platforms still cannot support versatile security solutions as those in the J2SE (Java 2 Platform, Standard Edition) world. To develop advanced mobile commerce security solutions, we must rely on assistant toolkits from third-party vendor.The main work of this paper is the design and realization of the J2ME secure data channel. Considering the demand of rapidness and convenience for mobile phone, we offer the mobile commerce applications a safe data channel solution which not only is relative advanced but also can be deployed simply and operated expediently. Without any modification to underlying protocol or wireless network infrastructure, this solution can be implemented with available limited resources of J2ME MIDP device, and realize client authentication and data transfers security by encrypt and decrypt at a different level according to the content of data. In addition, it can realize the integrity of data transfer and nonrepudiation of sender.This paper adopts an end-to-end application-layer security solution. This solution realizes the end-to-end secure data channel on J2ME-based mobile client and J2EE-based sever by using pure Java components and assistant using lightweight cryptography API toolkit from Bouncy Castle. The application itself completes all the security functions, and network transfer channel is transparent to application. The realization course was present in this paper in the background of mobile banking and mobile stockjobbing.The analysis, test and summing-up of performance for the realized secure data channel are also presented in this paper. The following work is discussed at the last of the paper.