beautypg.com

2 execution control, Execution control, Ts (see – Siemens XT65 User Manual

Page 103: Section 12.2

background image

Java User’s Guide

12.2 Execution Control

112

s

wm_java_usersguide_v12

Page 103 of 123

2008-02-25

Confidential / Released

12.2

Execution Control

The Java environment of the ME supports two modes.

Unsecured mode:

The device starts all Java applications (MIDlets).

Secured mode:

A condition for the secured mode of the device is the existence of a certificate inside of the
module.

The customer can activate the secured mode of the device. To do so, the customer sends
a root certificate (x.509 certificate) and the command Switch ON Security Mode to the
device (over an AT Interface). The device changes from unsecured mode to the secured
mode. From this time the module will only start Java applications with a valid signature. In
addition, the device will only accept special commands from the customer if they are
marked with a signature. The device examines each command with the public key of the
customer root certificate.

The secured mode supports a simple protection domain concept, providing a domain for
unsigned MIDlets. If this domain (domain for untrusted MIDlets) is active, then an unsigned
MIDlet is assigned to this domain and has only limited access to the Java-API. The
untrusted domain is activated by use of Java Security Command Switch ON Untrusted
Domain (see

Section 12.5.3

).

untrusted domain:
- HTTP-Connection is permitted
- TCP/IP-Socket Connection is permitted

Standard behavior of the module:
Siemens supplies modules with unsecured mode as the default configuration.
Insert the certificate:

- The module changes into the mode “trusted” for MIDlet execution. “Untrusted Domain” is

OFF.

- HTTPS certificate verification is OFF.
- MES is ON.

Remove the certificate:

- The module changes into the mode “untrusted” for MIDlet execution.
- HTTPS certificate verification is OFF
- MES is ON.

This manual is related to the following products: