原文：http://theoreticlabs.com/dev/api/jsr-135/jsr135_rp.html

Multimedia Security

Addendum to the Mobile Media API (JSR135) version 1.2

Version 1.2 1 March 2006

Preface

This document, Multimedia Security is an addendum to the Mobile Media API (JSR-135) version 1.2 for the Java TM 2 Platform. The specification is aimed for implementations of the Mobile Media API, with the Mobile Information Device Profile, Version 2.0 (JSR-118) and the Connected Device Configuration, Version 1.0 (JSR-36) specification. The above specifications can be found at http://www.jcp.org/jsr/detail/135.jsp , http://www.jcp.org/jsr/detail/118.jsp , and http://www.jcp.org/jsr/detail/36.jsp respectively.

The terminology used herein is defined by the above specifications except where noted.

Who Should use this Document

The audience for this document is the Java Community Process (JCP) Expert Group that defined the Mobile Media API specifications, implementers of the MIDP or CDC/FP and the Mobile Media API, application developers using the MIDP or CDC/FP and the Mobile Media API, service providers deploying MMAPI applications, and wireless operators deploying the infrastructure to support MIDP and CDC/FP devices. This document specifically targets network operators, manufacturers, and service and application providers operating in GSM and UMTS networks.

Scope of this Document

This addendum is informative in a way that implementing profile will specify what security framework is used and how it is implemented. Special interest is on MIDP 2.0 for which it is specified that MMAPI implementations on top of MIDP 2.0 must follow this document. The behavior of the security of a MMAPI implementation for CDC is also specified. The purpose of this document is to:

• Define the security framework for Mobile Media API
• Define the security policy identifiers for the Mobile Media API when used together with MIDP 2.0
• Define the security Permissions for the Mobile Media API when used together with CDC 1.0 or later

References

1. Connected Limited Device Configuration (CLDC)
   http://jcp.org/en/jsr/detail?id=30
   
   
2. Mobile Information Device Profile (MIDP)
   http://jcp.org/en/jsr/detail?id=37
   
   
3. Mobile Information Device Profile, Next Generation (MIDP 2.0)
   http://jcp.org/en/jsr/detail?id=118
   
   
4. Security for GSM/UMTS Compliant Devices Recommended Practice.
   Addendum to the Mobile Information Device Profile version 2.0. JSR-118 Expert Group, Version 1.0, Nov 5, 2002.
   http://jcp.org/en/jsr/detail?id=118
   
   
5. Mobile Media API, version 1.0.
   http://jcp.org/en/jsr/detail?id=135
   
   
6. Java Technology for Wireless Industry (JTWI).
   http://jcp.org/en/jsr/detail?id=185
   
   
7. Connected Device Configuration 1.0 (CDC)
   http://www.jcp.org/jsr/detail/36.jsp
   
   

1. General

The Mobile Media API (MMAPI) specification does not define a security framework of its own. Rather, implementations of MMAPI are subject to the security mechanisms provided by the underlying profile and configuration, e.g. MIDP 2.0 or CDC. Some methods in MMAPI are defined such that a SecurityException will be thrown when called without the appropriate security permissions from the caller.

An implementation MUST guarantee that:

1. the SecurityException is thrown when the caller does not have the appropriate security permissions to execute the method;
2. the method can be used when the appropriate permissions are granted.

?

Access to the MMAPI properties that can be queried by System.getProperty(String key) is never security constrained.

2. Security Concerns for Mobile Media