Proceed to WirelessDevNet Home Page
Publications, e-books, and more! Community Tutorials Store Downloads, tools, & Freebies! IT Career Center News Home
newnav.gif
Newsletters
EMail Address:
   Content
  - Articles
  - Columns
  - Training
  - Library
  - Glossary
 
   Career Center
  - Career Center Home
  - View Jobs
  - Post A Job
  - Resumes/CVs
  - Resource Center
 
   Marketplace
  - Marketplace Home
  - Software Products
  - Wireless Market Data
  - Technical Books
 
   News
  - Daily News
  - Submit News
  - Events Calendar
  - Unsubscribe
  - Delivery Options
 
   Community
  - Discussion Boards
  - Mailing List
  - Mailing List Archives
 
   About Us
  - About WirelessDevNet
  - Wireless Source Disks
  - Partners
  - About MindSites Group
  - Advertising Information
 

DOES JAVA SOLVE WORLDWIDE WAP WAIT?

by Nicki Hayes, April 6, 2001

Last month, WDN reported on the UK’s first wireless public key infrastructure (WPKI) trial by Vodafone, SmartTrust and the UK’s Department of Trade and Industry (DTI). This trial relies on the use of SIM cards to generate and store the associated digital signatures. Such an approach was necessary in the absence of WPKI enabled WAP1.2 phones, but brings with it a number of new issues. In this article, Nicki Hayes looks at these issues and suggests that Java Cards could overcome them - and the worldwide wait for WPKI enabled phones.

Those of you who were at CeBIT last month would, no doubt, have seen demo’s of various wireless public key infrastructure (WPKI) enabled WAP 1.2 phones. You will also, no doubt, have heard the one about WAP being an acronym for ‘where are the phones?’

These phones have been promised for almost a year now, and will, according to their manufacturers, be on the market in the next six months. Their eventual delivery is set to move mobile commerce and business onto the next stage of its evolution by providing a wireless digital signature facility as standard. But many organizations are not prepared to wait this long, especially given the history of over-promising and under-delivering by the handset manufacturers. Such organizations are turning to SIM toolkits (STKs) to develop secure products and services that get to market early. But, while STKs overcome the ‘where are the phones?’ dilemma, they introduce a number of other problems in their own right. Recent developments in the world of Java have led to many card vendors introducing Java Cards? into their products. These look set to both overcome the worldwide wait for the WPKI enabled phones and the issues introduced by the STK approach to this dilemma.

So why all the excitement about WPKI enabled WAP 1.2 phones?

The forthcoming WAP1.2 phones are set to deliver secure mobile commerce because they use a browser that understands WML SignText specification and has a secure storage place for users keys - or WIMs (wireless identity modules). This means they offer end-to-end security via an in-built digital signature facility. Digital signatures are universally accepted as proof of identity and authentication and such a facility is considered a key enabler to mobile commerce.

Now, in the absence of these handsets vendors are looking at how they can roll out secure services, such as banking and payment systems, to market early. Since they cannot rely on the phone/handset to generate the digital signature, they need an alternative solution that does not rely on the digital signature application being on the phone/handset. The most common such solution is a STK- a toolkit used to build applications that run on the SIM rather than on the actual handset. They enable the development of SIM based WPKI solutions that typically implement a browser and all the cryptography needed to generate a digital signature. However, special SIM cards with cryptographic co-processors are needed to run these applications and this, along with a number of other new issues, is why some organizations are choosing to wait for the phones, even though STKs could facilitate first to market products and services.

So what are these new issues?

STK applications have a variety of standards and there is no one common one, this can lead to interoperability issues later on. Such applications are also, typically, proprietary solutions, meaning more interoperability issues and the likelihood that vendors may be locked into a single provider. Most network operators like to have multiple SIM providers, a much better procurement strategy, I’m sure you’ll agree!

There are many different SIM card vendors (Schlumberger, GemPlus, Oberthur, G&D etc). STK apps have to be ported to each one as they all run their own proprietary OS. This again introduces issues of locking the operators into a particular OS and vendor.

Add to this the fact that SIM solutions typically require more power, making battery life an issue, and that the distribution or replacement of SIM cards by network operators can be costly and time consuming and the benefit of first to market solutions may not still seem quite as attractive.

But wait. There is another solution to the wait for WPKI enabled WAP1.2. Java Cards™!

Java Card SIMs provide support for Java applications supporting J2ME, Java’s micro edition. This allows the development of open standards systems that are non-proprietary and solves the worldwide wait for phones. Double whammy!

However, this in itself is not sufficient. Even though you are using a an open standard programming language such as Java, you still have to make sure that the applications you write support open standards and protocols. For instance, the Java application may implement a non standard digital signature application, which while working in the short term, could cause problems in the long term. Consider what will happen when the WAP 1.2 phones finally arrive and the associated server side infrastructure is in place. Either these proprietary applications will become redundant or customers will be tied to the solution with no way out apart from re-implementation.

Of course all this could be avoided if the Java application used open standards in the first place based on WPKI and other WAP security standards

And remember, while the examples used to illustrate the point here are based on security issues, analogous situations arise in other essential functions that need to be implemented by developers too. So it’s important to build in the right design approach from the start in order to prolong the longevity of your application. Even so, for those of you keen to develop portable open source applications, Java Cards - available from most major card vendors, including GemPlus, Schlumberger and Bull - are well worth looking into.

About the author:
Nicki Hayes is a freelance writer and corporate communications consultant specialising in business to business internet issues. She has contributed editorial to a number of publications including Unstrung.com, Guardian Online, Financial Times, Banking & Financial Training, eAI Journal and Secure Computing. Nicki is also the European correspondent for The Wireless Developer Network. Nicki is based in Dublin, Ireland and also has a base in Cambridge, UK. Through her consultancy, Hayes-Singh Associates, she has access to a number of technical writers and PR consultants throughout Ireland and the UK.

Sponsors

Search

Eliminate irrelevant hits with our industry-specific search engine!





Wireless Developer Network - A MindSites Group Trade Community
Copyright© 2000-2010 MindSites Group / Privacy Policy
Send Comments to:
feedback@wirelessdevnet.com