Java technology in Wireless Web services Based on Java-based Web services and wireless Java development is the two most prominent topics for Javaone 2002. They represent the popular backend and front-end Java technology in the field of calculations.
Web services are loose interoperable software components based on standard XML communication protocols. The use of Web services allows suppliers to provide services in their specific markets in which they are in their core competitiveness. Then, customers can choose procurement services from multiple vendors according to their different needs. This convenience means that the Web service is fully suitable for serving the wireless front end. Convenience and dynamic nature of wireless information devices allow mobile users to utilize modular and dynamically reconfigurable backend services.
The Java platform can play several important roles in wireless web service applications. On the wireless end, Java 2 Micro Edition (J2ME) provides cross-devices compatibility, advanced language functions, and large libraries for all wireless devices (from cellular phones to complex home wireless information appliances). One key component of J2ME is the Mobile Information Device Framework (MIDP), which defines the Java API and runtime environment on cellular phones and low-end PDAs. Due to the huge number of low-end devices, it is expected that MIDP can be widely deployed in the future.
From the web server, Java 2 Enterprise (J2EE) has all necessary APIs and libraries to handle web service XML messages. With the web service interface or gateway, it is convenient to implement the core J2EE functionality of EJB technology, JDBC API, and RMI API for external world. In order to set these characteristics and enable wireless web service applications, J2ME Web service specification is proposed, which is currently in Java Community Process (JSR 172).
Security in Wireless Web Services Although Java-based wireless web services have a bright future in the popular mobile commerce world, current technology is still immature. Safety is still one of the problems left to be resolved. Wireless communication is the target of easy access to radio waves, and wireless devices have almost no computing power to support all communication data. In addition, in the backend, the web service runs outside the enterprise firewall and interacts with each other with an open message delivery protocol. Wireless web services are also easy to recruit a variety of crack attacks. Developable point-to-point security technology (such as SSL / TLS and HTTPS) is not suitable for multi-suppliers, multi-intermediate web service network topology graph - key must focus on the protection content itself rather than passing content. Despite new challenges, the Web service itself can also be used to enhance mobile business safety. Emerging Web Services Security Specifications allow you to use Web services as a security utility.
In the following paragraph, I will discuss a common security technology: digital signature. I will demonstrate how to use digital signatures in the XML message to ensure the data integrity of the end-to-end. I will apply some examples to explain how to implement XML digital signatures by using the popular J2ME / MIDP platform on the wireless side and using JavaServer Pages (JSP) technology on the rear end. Finally, I will discuss performance issues and the feasibility of using digital signatures on the current MIDP device. MIDP programming details are not within this article; if you need to review, see the reference information section.
The elemental data integrity of secure communication is only one aspect of protection of communication. Digital signatures can also provide other solutions. Typically, secure network communication must meet the following criteria:
Certification: Communication must identify itself. The digital signature on the public key certificate can verify the reliability of the public key and the reliability of the one of its parties. Data Integrity: Communication Both must ensure that the content is not changed during transmission. Digital signatures are the most common technologies that guarantee data integrity. Data confidentiality: Sometimes communication data is sensitive, must be confidential. Digital signatures do not provide data confidentiality. We must use data encryption. Unrecognizable: After the message is sent, the sender then should not deny it. Digital signatures provide some solutions. If the message is signed in a digital manner, the sender cannot deny his responsibility because he can provide this signature. Using Digital Signature Guarantee Data Integrity Let us assume that you are a stock trader, when you are not in the trading hall, use a cellular phone to track stock price changes. On the way to get off work, your phone reminds you that a stock price that has fallen into your psychological price. Now, you should buy it according to this prompt and use this low price to make a pen? Before you take any action, you must absolutely ensure that the prompt itself is trusted. If the competitor may intercept and change the message (for example, change the stock code), then he may tempted you to make a mistake, and throw his high price stock to you. How do you know that the message is not tampered with a call from the way of monitoring services to your phone?
Data integrity is indeed one of the most important aspects of communication security. Physically safe network is very expensive, and does not cover a wide range of geographic regions. If your business must rely on the Internet to communicate, you must face the fact that the Internet itself is hardly providing this fact. The Internet packet must pass multiple routers and hosts that are controlled by non-dialogue prior to arriving at their destination. Data communication is particularly vulnerable to the wireless Internet.
The timely rescue tool is a public key infrastructure (PKI) and a digital signature. (Like MIDP, digital signature is not within the scope of this article; interested readers can refer to the reference information section to get more information.) Summary, in the PKI digital signature mode, each party has two password intralactic Key: Public key, anyone can use it, and private key is confidential, only someone itself can be used. Messages encrypted with private key can only be properly decrypted by the corresponding public key. When the sender sends a message, he can send the private key encryption of the same message and his public key to the message. The recipient uses the sender's public key to decrypt the encrypted version. If it matches the plain text message, the recipient can know that the message is really credible. The private key encryption of the message is used as an integrity verification mark, which we call it "digital signature".
Since the original message may be quite long, and the public key algorithm generating and verifying the digital signature is resource dense, the sender usually calculates a short version of the original message called "Summary" and only the number of digital forms of the version. Abstract has a fixed length, which is a one-way hash of any length of input messages; its calculation is very fast. Receiver first verifies whether the received message produces a correct sum. If the summary does not match, the message is rejected before the public key algorithm is executed. This helps to prevent attacks from blocking, in which an attacker requests a full-handed server to exhaust its computing resources.
In most practical applications, the public key itself performs digital signatures by a trusted authority, and becomes a "Digital Certificate" to verify the sender's identity. However, the processing of the digital certificate is not within the scope of this article, so in the following examples, I will assume that the sender is credible and unsigned public key to explain the method.
The defined XML digital signature is as I mentioned earlier, XML is becoming a major data exchange protocol in the World World World. The XML message that drives the web service is usually necessary to pass multiple intermediate links before reaching the destination. Therefore, we protect the communication content from the end-to-end. The best way to complete this task is to ship the XML document and its security information (such as signature, summary, etc.), as a single document. XML digital signature is the W3C specification that adds a digital signature to an XML document. The sender can select a digital signature for the entire document or only part of it. Digital signatures, summary, and public keys are formatted into XML elements. Additional elements of those safety information can package the entire original XML message or can embed them into the original message. For convenience, I will use the package format in this article.
For the sake of clarity, the XML digital signature example I use in this article is not fully consistent with the W3C. For example, I save the standard (XML tag standardization) part because it only ensures consistency of the XML document and is independent of security itself. In addition, I divide the keys into several parameters and pass those parameters to the separate XML element under the public key element Keyinfo to replace the encoded public key certificate. This has established a more obvious connection between the key and the Java code processed.
Handling the XML digital signature IBM AlphaWorks in the MIDP application developed a Java package called XML Security Suite, which supports the latest XML digital signature specification. JSR 105 is a standardized set of Java APIs to process an XML digital signature. However, they act only on the Java 2 Standard Edition (J2SE), which means that the XML Security Suite or JSR 105 Java XML digital signature can be used on the server side, but they cannot be used on the MIDP wireless device.
To process XML digital signatures, wireless devices are being used to support the following features:
Read and write data for XML documents. In the sample MIDP application, the KXML parser analyzes XML documents and elements into Java objects (see Resources). In addition to KXML, there are several other MIDP XML parsers that can be used in different license terms. Sign the message and verify the signature. These features require a cryptographic API that is not belonging to the current MIDP 1.0 specification.
In the next section, I will discuss a lightweight Java password package, you can use it on the server side and wireless MIDP devices to generate and verify the XML digital signature.
Digital Signature Digital Signature in Security Mobile Code not only helps application data communication, but also helps protect the application itself. Wireless devices often need to download applications from wireless networks to dynamically adjust itself to make them suitable for new environments and tasks. Have hostile parties may intercept mobile code distribution and insert the virus and other harmful Troj code segments into the downloaded application. How can we ensure that the mobile code is credible? Mobile code vendors can digitally sign the entire JAR compressed document with their digital certificates. Wireless users can determine the security domain of the application based on the supplier's trust level.
Bounce Castle Crypto APBOUNCY CASTLE is a lightweight cryptosystem for open source for the Java platform. It supports a large number of cryptographic algorithms and provides the implementation of JCE 1.2.1. Because Bouncy Castle is designed to be lightweight, it can run from J2SE 1.4 to J2ME (including MIDP) platforms. It is a unique complete cryptosystem running on the MIDP.
Regardless of the function of the Bounce Castle package, it has a major problem: missing documentation. There is no online document, and its Javadoc is not good. Similar to many other advanced cryptosystems, the Bounce Castle package uses type polymorphism to separate conventional concepts with implementation algorithms. For beginners, the relationship between identification classes and the correct type of method parameters and return values are difficult. Typically, developers must browse the source code and test example to study the correct way to do things. Obviously, the guidelines for the Bounce Castle package are very suitable. In the rest of this article, we will discuss how XML digital signature specification and several different Bounce Castle key generators, encoding engines, digital signature signs engine, and summary engines.
We have discussed many techniques and concepts so far. Below, I will explain the full process: key generation, sign the document on the server side, encode and transmit documents in secure XML format, and verify the document in the client-side.
The server uses a set of key model parameters to generate a key pair consisting of a random public key and a private key. In the actual production system, this step is usually not required because the key pair is usually predicted and stored in the server keystore. When accessing a JSP page, the server calculates a summary of the response message. Then, the JSP page calls the signature engine as "sign", and uses the private key to generate a digital signature. The server embeds the signature information (including summary, digital signatures, and public key parameters) into the XML response message. The client receives the XML document and parsing the summary, digital signature, and public key parameters into Java application data. The client calculates a summary from the plain text message and compares it with the server's abstract. If the two summary does not match, the document verification fails; if they match, go to the next step. The client uses embedded key parameters to reconstruct the public key. The client calls the signature engine in "verification" manner and passes the summary, signature, and public key to verify the signature.
In the next few sections, we will follow these steps to implement several examples. Because our examples use the same Bounce Bounce Castle Crypto API on the server side and client, it is easy to change their messages on the wireless device and verify it on the server.
Processing Summary As I mentioned earlier, in order to improve performance and avoid attacks, you actually signed a message summary rather than the message itself. Listing 1 illustrates how to use the SHA1Digest summary engine to calculate the encoded summary from a piece of text messages.
Listing 1. Creating an encoded summary
Static Public String getDigest (string Mesg) throws exception {
Sha1Digest DiGeng = New Sha1Digest ();
BYTE [] MESGBYTES = MESG.GETBYTES ();
DiGeng.Update (Mesgbytes, 0, Mesgbytes.length);
Byte [] Digest = New Byte [DiGeng.getdigestsize ()];
DiGeng.dofinal (Digest, 0);
// encode the digest Into Ascii Format for XML
Return (new string (base64.encode (digest));
}
In the next few sections, we will learn how to sign and verify digital signatures using Bounce Castle's DSA, ECC, and RSA signature engines. Those signature engines use different algorithms and different keys and require different parameters. We will also discuss how to embed security information (signature, summary, and public key) into the XML document. Finally, I will compare three signature engines and put forward future improvement suggestions.
DSA Signature Example Method DSAsiGutil.GenerateKeys () Generates a key pair. As I have discussed, this step is usually done by the Central Certification Center in offline, as shown in Listing: Listing 2. Generating a key pair
// Get a secure random source.
Securerandom SR = New SecurerandM ();
// generate dsa parameters.
DsaparametersGenerator dsaparagen = new dsaparametersgenerator ();
DSAParagen.init (1024, 80, SR);
DSAPARA = dsaparagen.generateParameters ();
// Get DSA Key Generation Parameters.
DsakeyGenerationParameters dsakeygenpara =
New DsakeyGenerationParameters (SR, DSAPAR);
// generate keys.
DSAKEYPAIRGENERATOR DSAKEYPAIRGEN = New DSAKEYPAIRGENERATOR ();
DSAKEYPAIRGEN.INIT (DSAKEYGENPAR);
AsymmetriccipherKeypair Keypair = dsakeypairgen.generateKeyPair ();
Privkey = (DSAPRIVATEKEYPARETERS) Keypair.getPriVate ();
Pubkey = (dsapublicKeyParameters) Keypair.getPublic ();
The generated public key is described in parameter Y and retrieve it with a Pubkey.gety () method. Parameters G, P and Q Description Models. The following methods in class DSAUTIL retrieve models and key parameters, which are necessary to re-construct public key objects:
Listing 3. Retrieval model and key parameters
Public static string getg () throws exception {
NEW STRING (DSApara.getg ())))))));
}
Public static string getp () throws exception {
Return (new string (dsapara.getp (). TobyTearray ())))))))))))))
}
Public static string getq () throws exception {
Return (base64.encode (dsapara.getq (). TobyTearray ()))))))))))))))))
}
Public static string gety () throws exception {
Return (Base64.Encode (Pubkey.gety ())))))))))
}
By using the generated private key, the utility class DSAsigutil can get two parts DSA signature R and S:
Listing 4. Search DSA signature
Static public string [] getSignature (string digest) throws exception {
// sigh
Dsasigner signer = new dsasigner ();
Signer.init (True, Privkey);
Biginteger [] sigaRray = signer.generatesignature (Digest.getbytes ());
String [] result = new string [2]; // signature r
Result [0] = New string (Base64.encode (SigaRray [0] .tobyteaRray ())));
// Signature S
Result [1] = new string (Base64.encode (SigaRray [1] .tobyteaRray ()));
Return Result;
}
The server encodes a summary, signature, and key parameters into an ASCII text format and embedded in the XML digital signature format, as shown in Listing 5:
Listing 5. Embedding and embedding in digital signature format
Algorithm = "http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> FGLTXVDXKAMDQTQHKDDFF5ZTHKSPQHUCZRGXXZ7YZXM OLYRROJ5D8AXDGLS 5CZT4GU55MBO62DBFYEWKBWTIO 6e cuofa53wvqjml67tgxc8szgwwa6zvrwvvmj6wqb M5HNLR7Q1X2EJKQ U3xypffljktojv8o3zeepotstq = AOAU2WQVEKGTF8ZCXGDE4VXC8F / Z HK8A10M0ATY2LU 8CX54DZ2MUD6HOMHQGXJXIVLV9085D9D0YHCMV2WL9V VT0 / WW AQFUKCKZJ9FHGZZQ26NOBXMQIBDO67J2VFQW Ezmvcnybxds665whjzl5i7ubxu2su AqsoDnvg9pyyb AM / 9LEOUW7NYON24XEQIBMUPVOW8RYZCDNJP9NIPDFM HT42BVB4JL / CXX0TCBYHTCR5G VALOOO7MH3JJ / GJX7 SS8UHNNGQX6O6DADRC9VDPVYLLNDR0SZLJA1RTRCIY9M 8P0DKE / U8iotaj2zctjfbrromu / ftobhkvb2gvvr Verify that the MIDP application parses the summary, key parameters, and signatures from the XML document, reconstruct the public key and use the following methods to verify the signature: Listing 6. Verify signature Static Public Boolean Verify (String Digest, String Sig_r, string SIG_S, STRING Key_G, String Key_P, String Key_Q, String Key_Y) { Biginteger g = new biginteger (base64.decode (key_g)); Biginteger P = New Biginteger (Base64.Decode (Key_P)); Biginteger Q = New Biginteger (Base64.Decode); Biginteger y = new biginteger (base64.decode (key_y)); Biginteger R = New Biginteger (Base64.Decode (SIG_R)); Biginteger s = new biginteger (base64.decode); Dsaparameters dsapara = new dsaparameters (p, q, g); DSapublicKeyParameters dsapubkeypara = new dsapublicKeyParameters (Y, Dsapara); // Verify Dsasigner signer = new dsasigner (); Signer.init (False, DSapubkeypara); Boolean Result = Signer.verifySignature (Digest.getBytes (), R, S); Return Result; } Elliptic curve DSA Signature Example In the EcDsasiGutil class, first define the elliptic curve model you plan to use, as shown in Listing 7: Listing 7. Defining an elliptic curve model Private static biginteger q = new "." "" "" "" "" "" "" " Private static biginteger a = new Biginteger ("fffffffffffffffffffeffffffffffffffffffffffffc", 16); Private stat Biginteger B = New Biginteger ("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16); Private static biginteger n = new "" 6277, 38, 35, 3, 4, 6. Private staty [] g = HEX.DECODE ("03188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"); Ecdsasigutil.generateKeys () Method generates a random key pair using the model in Listing 7. As mentioned earlier, this step is usually done by the Central Authentication Center in offline. Listing 8. Generate random key pairs using the model in Listing 7 // Get a secure random source. Securerandom SR = New SecurerandM (); Eccurve.fp curve = new eccurve.fp (q, a, b); Ecdomainparameters ecdompara = New EcDomainparameters (Curve, Curve.DecodePoint (g), n); EcKeyGenerationParameters EckeyGENPARA = New EckeyGenerationParameters (EcDompara, SR); Eckeypairgenerator eckeypairgen = new eckeypairgenerator (); EcKeypairgen.init (EckeyGenpara); AsymmetriccipherKeypair Keypair = EckeyPairgen.generateKeypair (); Privkey = (ECPRIVATEKEYPARAMETERS) Keypair.getPriVate (); Pubkey = (ECPUBLICKEYPARAMETERS) Keypair.getpublic (); The public key is described in parameter Q and retrieves it with a Pubkey.Getq () method. In order to avoid confusion with the model parameter Q, use QQ, XML element names in the method use uppercase Q. Listing 9 shows how the ECDSAUTIL class is displayed. These methods retrieve models and key parameters, they are necessary to re-construct the public key object. Listing 9. EcDsautil method for retrieving models and key parameters // public key specificature field Public static string getqq () throws exception { NEW STRING (Base64.Encode (Pubkey.Getq (). getENCODED ())))))))))))) } // Key Parameter Fields. Could Also Be Retrieved from Pubkey. Public static string getq () throws exception { NEW STRING (Base64.Encode ())))))); } Public static string geta () throws exception { NEW STRING (a.tobyteaRray ())))) } Public static string getb () throws exception { NEW STRING (Base64.encode (Base64.Encode ()))))); } Public static string getn () throws exception { N.TOBYTEARRAY ())); } Public static string getg () throws exception { Return (new string (base64.encode (g)); } By using the generated private key, the utility class EcDsasigutil can get two parts DSA signature R and S: Listing 10. Search DSA signature Static public string [] getSignature (string digest) throws exception { // sigh Ecdsasigner signer = new ecdsasigner (); Signer.init (True, Privkey); Biginteger [] sigaRray = signer.generatesignature (Digest.getbytes ()); String [] result = new string [2]; // signature r Result [0] = New string (Base64.encode (SigaRray [0] .tobyteaRray ()))); // Signature S Result [1] = new string (Base64.encode (SigaRray [1] .tobyteaRray ())); Return Result; } The server encodes the summary, signature, and key parameters into an ASCII text format and embedded in XML digital signature format. As in the retrieval method name, the public key parameter Q is recorded as QQ to distinguish it from the key parameter Q in the respective XML element, as shown in Listing 11: Listing 11. Encoding and embedding in digital signature format Algorithm = "http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> zcefgewcgocpp mrciqwsf643uzbrrmx Verify that the MIDP application parses the summary, key parameters, and signatures from the XML document, recombines the public key and uses the methods displayed in Listing 12 to verify the signature: Listing 12. Verify signature Static Public Boolean Verify (String Digest, String Sig_r, String Sig_s, String Key_Q, String Key_A, String Key_B, String Key_n, String Key_G, String Key_Q) { Biginteger Q = New Biginteger (Base64.Decode); Biginteger a = new biginteger (base64.decode (key_a)); Biginteger B = New Biginteger (Base64.Decode (key_b)); Biginteger N = New Biginteger (Base64.Decode (key_n)); Byte [] g = base64.decode (key_g); Byte [] Q = Base64.Decode (key_q); Biginteger R = New Biginteger (Base64.Decode (SIG_R)); Biginteger s = new biginteger (base64.decode); Eccurve.fp curve = new eccurve.fp (q, a, b); EcDomainparameters ecdompara = new ecdomainparameters Curve, Curve.DecodePoint (g), N); ECPUBLICKEYPARAMETERS Pubkey = New EcpublicKeyParameters Curve.DecodePoint (Q), EcDompara); // Verify Ecdsasigner signer = new ecdsasigner (); Signer.init (False, Pubkey); Boolean Result = Signer.verifySignature (Digest.getBytes (), R, S); Return Result; } RSA signature sample RSA algorithm has only one model parameter EXPONENT: Private static Biginteger Pubexp = New Biginteger ("11", 16); Rsasigutil.generateKeys () method uses Exponent to generate a random key pair. Similarly, this step is usually done by the Central Authentication Center in offline. Listing 13. Generating random key pairs Securerandom SR = New SecurerandM (); RsakeyGenerationParameters RsakeyGenpara = New RsakeyGenerationParameters (Pubexp, SR, 1024, 80); Rsakeypairgenerator rsakeypairgen = new rsakeypairgenerator (); Rsakeypairgen.init (RsakeyGenpara); AsymmetriccipherKeypair Keypair = rsakeypairgen.generateKeyPair (); Privkey = (RsaprivateCrtKeyParameters) Keypair.getPrivate (); Pubkey = (RsakeyParameters) Keypair.getPublic (); The public key is described in parameter modulus and retrieve it with the Pubkey.getModulus () method. Listing 14 shows the method in the RSAUTIL class. These methods retrieve the Exponent and MODULUS, models, and key parameters, which are necessary to re-construct the public key object. Listing 14. RSAUTIL method for retrieving models and key parameters // public key specificia. Public static string getmod () throws exception { Return (Base64.encode (Pubkey.getmodulus (). TobyTearray ()))))))))); } // general key parameter. Pubexp is The Same as Pubkey.Getexponent () public static string getpubexp () throws exception { NEW STRING (Base64.Encode ())))) } By using the generated private key, the utility class RSAsiGutil can get a byte array RSA signature from the summary: Listing 15. Get bytes array RSA signature Static Public String GetSignature (String Mesg) THROWS EXCETION { Sha1Digest DiGeng = New Sha1Digest (); RsaEngine rsaeng = new rsaEngine (); Psssigner Signer = New Psssigner (RSAENG, DiGeng, 64); Signer.init (True, Privkey); Byte [] sig = signer.generatesignature (MESG.GETBYTES ()); String result = new string (base64.encode (sig)); Return Result; } The server encodes the summary, signature, and key parameters into the ASCII text format and embedded in XML digital signature format: Listing 16. Embedding and embedded in digital signature format IHJ / umitjx7swbzhng8ukiddyiz0mfouoawemgig08c WCQ3CUSZGJXOICLHW / LN7W54W2FQYLSTB HPKASEC6R Ojjjgtbs6pwhjhch2xxwx7hs7fdi9 / qk / ybh6xygaeaz 3ohdbjfz3hedtrvbychn3kecavnce22idrx7kbl8do = Akt1SyxSM4UT1ZYWEPY9IAFY7VDHPKIM7FZEIQ Ognkesee5d3spfonkcihfo2oe4x6jncxg / ngri TMIXBKJFKGHZF4TRZZTNQZJFZAGCXGLJZP9MD2 Zewqbhkvmzvzyjvrt2slxlzusxwlwxdacpridg BqdamldBobpkmrudppf9 Verify that the MIDP application parses the summary, key parameters, and signatures from the XML document, reconstruct the public key and use the following methods to verify the signature: Listing 17. Verify signature Static Public Boolean Verify (String Mesg, String Signature, String MOD, STRING PUBEXP) { Biginteger MODULUS = New Biginteger (Base64.Decode (MOD)); Biginteger Exponent = New Biginteger (Base64.Decode (Pubex)); Sha1Digest DiGeng = New Sha1Digest (); RsaEngine rsaeng = new rsaEngine (); RsakeyParameters Pubkey = New RsakeyParameters (false, modulus, exponent); Psssigner Signer = New Psssigner (RSAENG, DiGeng, 64); Signer.init (False, Pubkey); Boolean res = signer.verifysignature (Mesg.getbytes (), Base64.Decode (Signature)); Return res; } Performance problem My test shows that XML parsing and summary generation on wireless devices is very fast. As expected, the main performance bottleneck is the speed of public key algorithms. The Bounce Castle Crypto package offers several signature engine classes that use the DSA, RSA, and ECC algorithms to sign and verify messages. But in actual equipment, they are not all practical. Because the Bounce Castle Crypto package is completely based on the Java language, it does not evenly rely on a very optimized JVM without special optimization. As a result, only the RSA algorithm provides a reasonable performance and is barely acceptable. It can verify simple digital signatures with 1024-bit public keys on the 16MHz Palm VII device as long as it takes more than one minute. You can improve performance by selecting a weaker key. But though, verification procedures must be run as a backend thread in any actual application to avoid locking of user interfaces. DSA and ECC algorithm performance are completely unacceptable in its current implementation. DSA signatures with 1024-bit keys and ECC signatures with 192-bit keys have to spend more than a month to verify on standard Palm VII MIDP. Performance issues strongly implies that we need to optimize JVM for large intensive mathematics operations and public key algorithms. JVM must also utilize the available special hardware and the underlying OS function to facilitate the relevant mathematical operations related to security. The public key algorithm is used to exchange information in a secure connection (such as https). Many current MIDP VMs can support HTTPS protocols in a reasonable performance. MIDP4PALM VM can use the underlying INETTTPS protocol of the Palm OS to establish a secure connection. Imagine future VMs and core language libraries not only optimize public key operations associated with secure connection, but also make optimizations can be used for general security functions (such as digital signatures). Conclusion In this article, you learned the importance of security in wireless web services and describes how to process XML digital signatures in wireless and web services. I used the pure Java implementation of the Bounce Castle Java password package to handle digital signatures. In all algorithms provided by Bounce Castle, only RSA algorithms provide performance in wireless devices. However, advances in the MIDP runtime environment can make digital signatures easier to mobile users in the future. Reference Participate in this article by clicking the discussion at the top or bottom of this article. Download the sample code in this article. Michael Yuan and his computing JU Long focused on the general security issues of the J2ME / MIDP platform (DeveloperWorks, June 2002), which can be obtained from the DeveloperWorks wireless area. For reviews for J2ME / MIDP application programming, please consult the tutorial "The Midlets Advantage" (DeveloperWorks, March 2002). In "J2ME GROWS UP" (DeveloperWorks, May 2001), Todd Sundsted demonstrated how J2ME provides developers to utilize their skills on a wide variety of devices. In "Make Your Software Behave: Cryptography, July 2000), the security expert Gary McGRAW explained the basic knowledge of a safe hashing and digital signature. IBM AlphaWorks XML Security Suite supports the latest XML digital signature and other secure XML protocols. Please find more information about XML digital signatures from a comprehensive article written by Larry LoEB (DeceLOperWorks, December 2001). Please read the W3C XML digital signature standard. To handle the XML digital signature on the server-side Java platform, review this proposed Java XML digital signature API. The J2ME Web service specification proposes an API that handles XML messages on the J2ME platform and the web service XML-RPC. Javaone 2002 Conference Conference Discuss Web Services and Wireless Applications. In "Javaone 2002: Top Innovations" (United States, March 2002), Govind Seshadri summarized the innovation he advocated. In "Security In A Web Services World: a proposed architecture and roadmap", IBM and Microsoft propose policies and models that resolve security in a web service environment. This article uses the KXML parser to parse the XML document in the example. Bouncy Castle Crypto Lightweight Password Package is running on the J2SE and J2ME / MIDP platform. Most Bounce Castle Algorithms Directly come from CRC Press Press in 1996 published by Alfred J. Menezes, Paul C. Van Orschot, SCOTT A. Vanstone. This comparison table emphasizes the cryptography intensity and performance of the DSA, RSA and ECC algorithm. Please find other Java programming references on the developerWorks Java technology area. About the author Michael J. Yuan is a Ph.D. in Austin, Texas. He is very interested in promoting scientific education and research using Java technology. You can contact him through Juntao@mail.utexas.edu. Author: Michael Juntao Yuan source: WWW-900.IBM.com rwgahqpoppx // bmyxzh8dty0lha = amjjuzy1rnqrqe / 22BS83K2HK8VR
amejdeckwrqo6eeehl3het flddl4iedca == ap7 // w ==
