Security configuration menu, Java – Sagem myC5-2 User Manual

81

Java™

According to the security status of an installed MIDlet (see below), each of these security groups has one among 5 possible

authorizations levels (listed from the more restrictive to the more permissive):

• Never

The security group completely prevents access to the protected features.

• Per use

Each time MIDlet tries to use protected feature, user is prompted to grant access.

• Per session

First time a MIDlet uses a protected function, user is prompted to grant access like in "Per use" authorization but

access is granted until the MIDlet terminates.

• Single confirmation

The first time in the whole MIDlet life a MIDlet uses a protected feature, user is prompted to grant access. It remains

valid until the MIDlet is removed from the handset.

• Always

The security group unconditionally grants access to protected features.

A MIDlet has a security status which is either "uncertified", or else "certified".
An "uncertified" status means that the source of the MIDlet could not be verified by the mobile phone at installation time. As far

as the phone knows, the MIDlet could have been written by anyone.
A "certified" status means that the MIDlet was digitally signed by a known party, whose name is displayed by the mobile phone.

This means that the mobile phone successfully authenticated the named party as the source of the MIDlet.
Security permissions are different for "uncertified" or "certified" MIDlets, and may be different for different sorts of named parties.

Usually "uncertified" security permisions are more restrictive than "certified" ones.

Security configuration menu

When a MIDlet is installed in the mobile phone, default security authorizations are applied.

This default security configuration may be altered through the "Settings/Security" menu of an installed MIDlet.
Once in the "Security" menu, the security status of the MIDlet is displayed (see "Security considerations" paragraph above).
If you do not want to enter the security menu, simply select "Back" button.
You can proceed by selecting "Ok" button.
The menu displayed allows you to increase or decrease permissions currently applied to the current MIDlet for each of the

security groups.
When you set a more permissive authorization to a security group than the current value, mobile phone asks you to

confirm your increased risk exposure.
The maximum risk exposure increase is limited by the security status. Depending of the manufacturing configuration, it means,

for example, that "Net Access" security group authorization cannot be set to a permissive value higher that "Session" for an

"uncertified" MIDlet ("Single confirmation" and "Always" are unavailable in the security configuration menu) but an operator

"certified" MIDlet may have all permission values available without any limitations.

251729200_myC5-2_lu_en.book Page 81 Lundi, 4. octobre 2004 11:21 11