`
univasity
  • 浏览: 809919 次
  • 性别: Icon_minigender_1
  • 来自: 广州
社区版块
存档分类
最新评论

[JSR-135][资料]多媒体安全

    博客分类:
  • J2me
阅读更多

原文:http://theoreticlabs.com/dev/api/jsr-135/jsr135_rp.html

Multimedia Security

Addendum to the Mobile Media API (JSR135) version 1.2

Version 1.2 1 March 2006

Preface

This document, Multimedia Security is an addendum to the Mobile Media API (JSR-135) version 1.2 for the Java TM 2 Platform. The specification is aimed for implementations of the Mobile Media API, with the Mobile Information Device Profile, Version 2.0 (JSR-118) and the Connected Device Configuration, Version 1.0 (JSR-36) specification. The above specifications can be found at http://www.jcp.org/jsr/detail/135.jsp , http://www.jcp.org/jsr/detail/118.jsp , and http://www.jcp.org/jsr/detail/36.jsp respectively.

The terminology used herein is defined by the above specifications except where noted.

Who Should use this Document

The audience for this document is the Java Community Process (JCP) Expert Group that defined the Mobile Media API specifications, implementers of the MIDP or CDC/FP and the Mobile Media API, application developers using the MIDP or CDC/FP and the Mobile Media API, service providers deploying MMAPI applications, and wireless operators deploying the infrastructure to support MIDP and CDC/FP devices. This document specifically targets network operators, manufacturers, and service and application providers operating in GSM and UMTS networks.

Scope of this Document

This addendum is informative in a way that implementing profile will specify what security framework is used and how it is implemented. Special interest is on MIDP 2.0 for which it is specified that MMAPI implementations on top of MIDP 2.0 must follow this document. The behavior of the security of a MMAPI implementation for CDC is also specified. The purpose of this document is to:

  • Define the security framework for Mobile Media API
  • Define the security policy identifiers for the Mobile Media API when used together with MIDP 2.0
  • Define the security Permissions for the Mobile Media API when used together with CDC 1.0 or later

References

  1. Connected Limited Device Configuration (CLDC)
    http://jcp.org/en/jsr/detail?id=30

  2. Mobile Information Device Profile (MIDP)
    http://jcp.org/en/jsr/detail?id=37

  3. Mobile Information Device Profile, Next Generation (MIDP 2.0)
    http://jcp.org/en/jsr/detail?id=118

  4. Security for GSM/UMTS Compliant Devices Recommended Practice.
    Addendum to the Mobile Information Device Profile version 2.0. JSR-118 Expert Group, Version 1.0, Nov 5, 2002.
    http://jcp.org/en/jsr/detail?id=118

  5. Mobile Media API, version 1.0.
    http://jcp.org/en/jsr/detail?id=135

  6. Java Technology for Wireless Industry (JTWI).
    http://jcp.org/en/jsr/detail?id=185

  7. Connected Device Configuration 1.0 (CDC)
    http://www.jcp.org/jsr/detail/36.jsp

1. General

The Mobile Media API (MMAPI) specification does not define a security framework of its own. Rather, implementations of MMAPI are subject to the security mechanisms provided by the underlying profile and configuration, e.g. MIDP 2.0 or CDC. Some methods in MMAPI are defined such that a SecurityException will be thrown when called without the appropriate security permissions from the caller.

An implementation MUST guarantee that:

  1. the SecurityException is thrown when the caller does not have the appropriate security permissions to execute the method;
  2. the method can be used when the appropriate permissions are granted.

 

Access to the MMAPI properties that can be queried by System.getProperty(String key) is never security constrained.

2. Security Concerns for Mobile Media API

The security concerns of the MMAPI can be divided into areas of recording, network access and access to local data stores. In order to perform any actions on those areas using MMAPI the application MUST be granted the permission to do so. The mechanism to grant the permission is implementation specific and not in the scope of this document.

2.1 Permissions for recording

Recording in MMAPI include recording of audio and video and capturing of still images with the camera. The security issue in recording is the concern about user's privacy. Application silently accessing recording functionality could be used e.g. to record and distribute private conversations of the user. Therefore methods for recording and image capturing must be granted the appropriate permission.

Permissions for MIDP implementations of MMAPI

MMAPI implementations on the MIDP and compatible profiles must perform the permission checks in these methods:

 API call  Permission
 RecordControl.setRecordLocation(String locator)
 RecordControl.setRecordStream(OutputStream stream)
 VideoControl.getSnapshot(String type)
 javax.microedition.media.control.RecordControl
 javax.microedition.media.control.RecordControl
 javax.microedition.media.control.VideoControl.getSnapshot

Permissions for CDC implementations of MMAPI

MMAPI implementations on configurations and profiles that use the fine grained security permissions based on java.security.Permission security checks must include the class javax.microedition.media.PlayerPermission and the methods below must perform permission checks:

 API call  Action in javax.microedition.media.PlayerPermission
 RecordControl.setRecordLocation(String locator)
 RecordControl.setRecordStream(OutputStream stream)
 VideoControl.getSnapshot(String type)
 "record"
 "record"
 "snapshot"

2.2 Other Permissions

There are other than media recording related security issues when MMAPI is used. Those issues are related to accessing resources either locally or over the network. Media player can be initialized by a locator pointing to a content that can reside on a network server or it could be on some local storage. Reading data over the network requires use of the network connection that may have security policy in place. An access to a local data storage may have security policies in place as well.

Implementation of MMAPI must follow the security practices that are in place for accessing those resources. For example, when a Player is created to play content on a HTTP server, MMAPI implemented on top of MIDP 2.0 must follow the MIDP 2.0 security practices for network access.

MMAPI implemented on CDC must conform to the security requirements of the CDC configuration. When a locator is used to access media the MMAPI implementation must throw a SecurityException under the same conditions as would an access by the Generic Connection Framework.

Below is a list of MMAPI methods which can throw a SecurityException for non-media related security violations. They can potentially have other than media recording security policies attached to them.

 API call
 Manager.createPlayer(String locator)
 Manager.createPlayer(InputStream stream, String type)
 Manager.createPlayer(DataSource source)

 Player.realize()
 Player.prefetch()
 Player.start()

 DataSource.start()
 DataSource.connect()

 RecordControl.setRecordLocation(String locator)

When playback is started one of the methods Manager.createPlayer, Player.realize, Player.prefetch and Player.start must throw the SecurityException if there's no permission to open the connection. Because of the multi-stage initialization of Players it is not possible to specify which method exactly must do that.

Notice that RecordControl.setRecordLocation method also has a security permission for media recording. Therefore, it is possible that this method call can result in two separate security checks.

分享到:
评论

相关推荐

    j2me手册-webservice_mobile_wtk

    J2ME的M3G(Mobile 3D Graphics)和MIDI API(JSR-135)支持移动设备上的多媒体处理。M3G允许开发者创建3D图形应用,而MIDI API则用于播放音乐和音效。此外,J2ME的Canvas类是进行2D图形绘制的基础,开发者可以通过...

    J2ME中文版API

    5. **设备访问**:通过JSR(Java Specification Requests)规范,如JSR-118(Game API)、JSR-135(Java 3D API)和JSR-75(PIM API),开发者可以访问设备的特定功能,如传感器、GPS、日历和联系人等。 6. **无线...

    Mobile Information Device Profile for Java 2 Micro Edition Version 2.0(MIDP 2.0).PDF

    8. **JSR-135:Java 2D图形**:增加了2D图形绘制功能,让开发者可以创建更复杂、更丰富的图形用户界面。 9. **JSR-184:M3G (Mobile 3D Graphics)**:提供了3D图形支持,为移动游戏和图形密集型应用提供了强大的...

    sip servlet api

    7. **安全性与认证**:API提供了集成安全机制,如TLS加密和SIP认证框架,确保SIP通信的安全性和用户身份验证。 8. **可扩展性**:SIP Servlet API设计得非常灵活,允许开发者通过实现自定义监听器、过滤器和会话...

    jsr116

    标题:"jsr116" 描述:"sip voip, mgcp" ...总之,JSR 116规范为开发基于SIP协议的VoIP应用提供了一个强大且灵活的框架,通过遵循这一规范,开发者可以构建出高度可定制、安全可靠的通信解决方案。

    jsr180 sip格式消息封装

    JSR180旨在为移动设备上的即时通信应用提供统一的编程接口,使开发者能够更轻松地在资源受限的设备上构建基于SIP的VoIP和多媒体会话服务。 #### SIP消息封装:概念与实践 SIP是一种用于创建、修改和终止两个或多个...

    j2me手机照相和录制视频

    J2ME中的JSR-135(Java API for Multimedia Messaging Service,MMS)提供了处理多媒体数据的能力,包括图像、音频和视频。这使得开发者可以创建能够捕获、处理和发送多媒体内容的应用。 4. **拍照功能** 在J2ME...

    j2ME jsr 234

    JSR 234,也称为“Advanced Multimedia Supplements”,是J2ME的一个关键扩展,专注于在移动设备上提供支付服务和多媒体功能。 **Payment API (PAPI) 描述** Payment API (PAPI) 是JSR 234的核心组成部分,旨在为...

    我的j2me学习资料

    4. 多媒体支持:J2ME的MIDP 2.0引入了M3G(Mobile 3D Graphics)和JSR-135(Java 2D API),允许开发者创建包含2D图形和简单3D效果的应用。 5. 游戏开发:通过JSR-184(M3G)和JSR-234(Advanced Multimedia ...

    JSR205_WirelessMessagingAPI(WMA).pdf

    Wireless Messaging API (WMA) 是一种专门为Java ME平台设计的消息传递API,旨在简化开发人员在移动设备上实现短消息服务(SMS)、多媒体消息服务(MMS)等功能的过程。它提供了一套标准的接口,使得开发者能够更...

    JSR118_Mobile Information Device Profile 2.0 midp-2_1-mrel-spec.pdf

    对于希望了解移动应用开发的开发者来说,《JSR118_Mobile Information Device Profile 2.0 (MIDP 2.0) midp-2_1-mrel-spec.pdf》是一份宝贵的资料,它不仅详细介绍了MIDP 2.0的各个方面,还提供了关于如何正确使用该...

    SIP API for Java 2 Micro Edition

    ### SIP API for Java 2 Micro Edition (JSR-180) #### 一、概述 SIP API for Java 2 Micro Edition(简称SIP API)是针对Java 2 Micro Edition (J2ME)平台设计的一套Session Initiation Protocol (SIP)应用程序...

    BlackBerry 多媒体播放编程

    - **MMAPI-JSR 135**:Media Manager API (MMAPI) 是一种标准的Java接口,用于在移动设备上管理和播放多媒体内容。它定义了一系列接口和类,允许开发者控制媒体播放、录制和其他相关操作。 - **Plazmic Media Engine...

    MIDLet-Servlet通信

    在MIDLet中,由于硬件和资源限制,无法直接访问HTTP协议,因此通常需要通过JSR-82(Java API for Wireless Toolkit,即蓝牙API)或者JSR-184(M3G多媒体API)等中间层来间接实现网络通信。其中,最常见的是使用JSR-...

    jsr180源码 sip

    SIP是一种基于文本的协议,主要用于控制多媒体通信会话,如语音和视频通话、即时消息、在线游戏等。JSR180提供了一套完整的框架,使得开发者能够方便地构建SIP应用,而无需深入理解SIP协议的复杂性。 在源码实现中...

    MIDP2.0讲座(8)

    MIDP2.0引入了JSR-135(Java Media Framework for MIDP),使开发者能够集成音频、视频和图像处理到MIDlet中。这使得在移动设备上实现多媒体应用成为可能。 ### 6. 游戏开发 由于MIDP2.0对图形和输入设备的支持...

    从零开始学Java ME手机开发光盘

    全书以无线行业Java技术规范JTWI(JSR-185)为基础,内容涵盖了用户界面设计、事件处理、游戏设计、网络编程、多媒体、本地持久存储、Push注册、无线消息、无线程序发布、安全架构、国际化等主要技术。从编程实战...

    j2meAPI

    它的API文档是开发者理解和使用J2ME进行开发的重要参考资料。"j2meAPI" 提供了J2ME的核心库和框架的详细说明,帮助开发者了解如何在受限的硬件环境中实现功能丰富的应用程序。 J2ME API主要包括以下几个关键部分: ...

    midp20-src-windows-i686.rar

    7. **安全性与隐私保护**:Midp2.0引入了安全模型,以确保应用的安全运行,并保护用户的隐私。 通过分析和学习Midp2.0的源码,开发者可以: - **优化性能**:了解底层实现,找到性能瓶颈并进行优化。 - **解决兼容...

    jboss portal

    portlet容器支持JSR-168和JSR-286规范,允许开发者使用Java编写portlet,并提供了portlet生命周期管理、安全性和性能优化。 2. **个性化**: JBoss Portal支持用户自定义门户布局和内容,可以根据用户角色、偏好或...

Global site tag (gtag.js) - Google Analytics