recommended.gsm.umts.securitypolicy.html

J2ME MIDP2.0 final specification

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta http-equiv="CONTENT-TYPE" content="text/html;      charset=iso-8859-1">
   <meta name="GENERATOR" content="Mozilla/4.5 [en]C-CCK-MCD   (WinNT; I) [Netscape]">
   <meta name="CREATED" content="20020719;16144600">
   <meta name="CHANGED" content="20020719;17014700">
   <meta name="ProgId" content="Word.Document">
   <meta name="Originator" content="Microsoft Word 9">
   <title>The Recommended Security Policy for GSM/UMTS Compliant Devices</title>
<!-- Changed by: Roger Riggs - Sun Microsystems Inc, 25-Jul-2002 -->
<!-- Changed by: Gary Adams - SMI Software Development, 30-Jul-2002 -->
<link REL="STYLESHEET" href="stylesheet.css" charset="ISO-8859-1" type="text/css">
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>CHANDRASIRIP</o:Author>
  <o:Template>Normal</o:Template>
  <o:LastAuthor>CHANDRASIRIP</o:LastAuthor>
  <o:Revision>10</o:Revision>
  <o:TotalTime>2663</o:TotalTime>
  <o:LastPrinted>2002-07-09T08:30:00Z</o:LastPrinted>
  <o:Created>2002-07-09T08:36:00Z</o:Created>
  <o:LastSaved>2002-07-09T08:50:00Z</o:LastSaved>
  <o:Pages>50</o:Pages>
  <o:Words>6111</o:Words>
  <o:Characters>34838</o:Characters>
  <o:Company>Vodafone Group </o:Company>
  <o:Lines>290</o:Lines>
  <o:Paragraphs>69</o:Paragraphs>
  <o:CharactersWithSpaces>42783</o:CharactersWithSpaces>
  <o:Version>9.3821</o:Version>
 </o:DocumentProperties>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>130</w:Zoom>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:DrawingGridVerticalSpacing>0 pt</w:DrawingGridVerticalSpacing>
  <w:Compatibility>
   <w:UseFELayout/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
 </w:WordDocument>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1027"/>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1"/>
 </o:shapelayout></xml><![endif]-->
<style>

	<!--

		TD P { color: #000000 }

		H2 { color: #000000 }

		P { color: #000000 }

		H3 { color: #000000 }

		H4 { color: #000000 }

		A:link { color: #0000ff }

		A:visited { color: #0000ff }

	-->

	</style>
</head>
<body text="#000000" link="#0000FF" vlink="#0000FF" lang="en-GB">

<h1 class="DocumentTitle">
The Recommended Security Policy for GSM/UMTS Compliant Devices</h1>

<h4 class="TitleContinuation">
Addendum to the Mobile Information Device Profile version 2.0</h4>

<hr>
<h2 class="ChapterTitle">Scope of This Document</h2>

<p class="Paragraph">This addendum is informative. However, all
implementations of MIDP 2.0 on GSM/UMTS compliant devices are expected
to comply with this addendum.</p>

<p class="Paragraph">MIDP 2.0 defines the framework for authenticating
the source of a MIDlet suite and authorizing the MIDlet suite to
perform protected functions by granting permissions it may have
requested based on the security policy on the device. It also
identifies functions that are deemed security vulnerable and defines
permissions for those protected functions. Additionally, MIDP 2.0
specifies the common rules for APIs that can be used together with the
MIDP but are specified outside the MIDP. MIDP 2.0 specification does
not mandate a single trust model but rather allows the model to accord
with the device trust policy.</p>

<p class="Paragraph">The purpose of this addendum is to extend the
base MIDlet suite security framework defined in MIDP 2.0 and to define
the following areas:</p>

<ul type="disc">
<li class="Bullet1">The required trust model for GSM/UMTS compliant
devices</li>

<li class="Bullet1">The domain number and structure, as reflected in
the device security policy</li>

<li class="Bullet1">The mechanism of reading root keys from sources
external to the device</li>

<li class="Bullet1">Capabilities of MIDlets based on permissions defined
by MIDP 2.0 and other JSRs</li>

<li class="Bullet1">MIDlet behaviour in the roaming network</li>

<li class="Bullet1">MIDlet behaviour when SIM/USIM is changed</li>

<li class="Bullet1">The use of user permission types</li>

<li class="Bullet1">Guidelines on user prompts and notifications</li>
</ul>

<h2 class="ChapterTitle">How This Specification Is Organized</h2>

<p class="Paragraph">This specification is organized as follows:</p>

<p class="Paragraph">Sections 2 to 4 establish the relationship
between the device security policy, different protection domains, and
requirements concerning certificate storage on smart cards. Section 5
specifies the function groups and identifies the permissions and the
APIs that need to be protected using the MIDP 2.0 security framework.
Sections 6 and 7 specify rules that must be followed when permissions
are granted, and also requirements of user notifications. Finally
Section 8 specifies the MIDlet behaviour during roaming and after
changing the smart card.</p>

<h2 class="ChapterTitle">References</h2>

<ol>
<li class="List1">
Connected Limited Device Configuration (CLDC)
<br><a href="http://jcp.org/jsr/detail/30.jsp">http://jcp.org/jsr/detail/30.jsp</a></li>
<li class="List1">
Mobile Information Device Profile (MIDP) 2.0
<br><a href="http://jcp.org/jsr/detail/118.jsp">http://jcp.org/jsr/detail/118.jsp</a></li>
<li class="List1">
HTTP 1.1 Specification
<br><a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a></li>
<li class="List1">
WAP Wireless Identity Module Specification (WIM) WAP-260-WIM-20010712-a
<br><a href="http://www.wapforum.org/what/technical.htm">http://www.wapforum.org/what/technical.htm</a></li>
<li class="List1">
WAP Smart Card Provisioning (SCPROV) WAP-186-ProvSC-20010710-a
<br><a href="http://www.wapforum.org/what/technical.htm">http://www.wapforum.org/what/technical.htm</a></li>
<li class="List1">
PKCS#15 v.1.1
<br><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-15/">http://www.rsasecurity.com/rsalabs/pkcs/pkcs-15/</a></li>
<li class="List1">
USIM, 3GPP TS 31.102: "Characteristics of the USIM applications"
<br><a href="http://www.3gpp.org/">http://www.3gpp.org</a></li>
<li class="List1">
RFC3280
<br><a href="http://www.ietf.org/rfc">http://www.ietf.org/rfc</a></li></ol>

<h2 class="ChapterTitle">1 General</h2>

<p class="Paragraph">GSM/UMTS compliant devices implementing this
Recommended Security Policy MUST follow the security framework
specified in the MIDP 2.0. Additionally, devices that support trusted
MIDlets MUST follow the PKI-based authentication scheme as defined in
MIDP 2.0 specification.</p>

<h2 class="ChapterTitle">2 Protection Domains in the Device Security
Policy</h2>

<p class="Paragraph">A protection domain is a way to differentiate
between downloaded MIDlet suites based on the entity that signed the
MIDlet suite, and to grant or make available to a MIDlet suite a set
of permissions. A domain binds a Protection Domain Root Certificate to
a set of permissions. The permissions are specified in the protection
domain security policy, a policy has as many entries as there are
protection domains available on the device. A domain can exist only
for a Protection Domain Root Certificate that contain the
<tt>id-kp-codeSigning</tt> extended key usage extension. MIDlet suites
that authenticate to a trusted Protection Domain Root Certificate are
treated as trusted, and assigned to the corresponding protection
domain. A MIDlet suite cannot belong to more than one protection
domain. The representation of a domain and its security policy is
implementation specific.</p>

<h2 class="ChapterTitle">3 Protection Domains and the Permissions
Framework</h2>

<p class="Paragraph">This document specifies two different
requirements as to how the MIDP permissions framework should be used,
depending on the protection domain an application executes.</p>

<p class="Paragraph"><b>Manufacturer and Operator Domains</b>