The functionality of electrical devices, such as mobile telephones, PDAs, etc, can be enhanced by adding applications for carrying out specific instructions or introducing additional functionalities.
By using MIDlets (MIDlet is a term designating an application in the Java™ environment), applications are enabled by allowing them to access the equipment through an known or standardized interface. The control of the equipment may be dependent of the origin of the application. The origin is verified and validated by signatures and certificates linked to a root certificate in the equipment. Depending on the applications, the manufacturer or operator may be the origin of the application.
The fact that a MIDlet is signed by, e.g., an author certifies two issues: 1) that the author actually authored that MIDlet, and 2) that the MIDlet is in its original state (i.e., that it hasn't been modified by a third party).
The purpose of signing a MIDlet is 1) to gain access to security-sensible operations on the phone (such as sending an SMS, opening a TCP connection, etc.), and 2) ensuring that a (malicious) third party cannot present or pass off an altered MIDlet as the original.
A traditional MIDlet signing procedure may include generating a secure hash (also called message digest) of the MIDlet and encrypting the hash value with the private key of the signer. The signature may be checked by decrypting the encrypted hash value using the public key of the signer, and checking the decrypted mash value for equality with a computed hash of the received MIDlet. If the two (the signed hash, and the actual computed hash) are equal, it means that the MIDlet signature has been verified successfully.
The idea is that only the owner of the private key can sign the MIDlet (so that the signature is verified with the corresponding public key), and that any modification to the MIDlet after the signing will cause the signature verification to fail.
The user, i.e., the subscriber, is associated with an identification module, e.g., the SIM card (SIM) for example in a cellular communications system. The SIM is normally issued by the operator of the mobile telecommunications system to which the subscriber is subscribing. The operator wants to control that only his own applications are enabled in a phone with a SIM belonging to this operator.
In one version of MIDP (Mobile Information Device Profile 2.0), this may be solved by locating a root certificate in the SIM. The mobile phone contains logic such that the applications are only enabled when a SIM with the correct root certificate is inserted in the phone. A more detailed description of the prior art procedure may be found in the detailed description. In some cases operators have the operator root certificate stored on a memory in the phone.
Many applications for mobile devices are supplied by third parties. These applications may differ depending on manufacturers, regions, operators and device models. In many cases, for example for competition reasons, special applications may be offered to users of the devices, to make the products more attractive.
In case of mobile telephones, for example, when a Java MIDlet is signed with the manufacturer certificate or by any other domain certificate, the application is normally able to work in all phones that have the trusted root certificate to which the signing certificate is linked back. Normally, this is good; however it might not be in all cases, such as when, e.g., an application developer wants to limit the usage of one or several applications to a specific phone model or operator. At present, there are no secure ways to do so.