Sun has posted the proposed final draft specification of Java Specification Request (JSR) 177, Security and Trust Services API (SATSA) for J2ME to the Java Community Process (JCP). According to the draft spec,
The purpose of this JSR is to specify a collection of APIs that provides security and trust services by integrating a Security Element (SE). A SE, a component in a J2ME device, provides the following benefits:
- Secure storage to protect sensitive data, such as the user’s private keys, public key (root) certificates, service credentials, personal information, and so on.
- Cryptographic operations to support payment protocols, data integrity, and data confidentiality.
- A secure execution environment to deploy custom security features. J2ME applications would rely on these features to handle many value-added services, such as user identification and authentication, banking, payment, loyalty applications, and so on.
A SE can be in a variety of forms. Smart cards are commonly used to implement a SE. They are widely deployed in wireless phones, such as SIM cards in GSM phones, UICC cards in 3G phones, and RUIM cards in CDMA phones. For example, in GSM networks, the network operator enters the network authentication data on the smart card, as well as the subscriber's personal information, such as the address book. When the subscriber inserts the smart card into a mobile handset, the handset is enabled to work on the operator’s network. In addition to a smart card-based implementation, a SE can also be implemented by a handset itself. Such implementation may utilize, for example, embedded chips or special security features of the hardware. Alternatively, a SE may be entirely implemented in software. This specification does not exclude any of the possible implementations of a SE even though some of the packages are optimized for smart card implementation.