Join Now

Java ME and Flash Lite expert in Forum Nokia Americas, Mountain View. Besides mobile technologies, interested in HCI and the use of technology in sports.

SATSA API on Nokia devices

hartti | 30 September, 2006 02:08

SATSA API (JSR-177) has four optional packages: APDU, CRYPTO, JCRMI, and PKI. The device manufacturers have so far been able to choose which ones to implement. In the future there is a little less flexibility in here, because Mobile Software Architecture specification (JSR-248, MSA), defines that APDU, CRYPTO, and PKI has to be implemented in MSA-compatible devices. JCRMI is not required for MSA compatibility.

 

[Side note. APDU stands for Application Protocol Data Unit, and allows you to communicate with applications on a smart card - like SIM card. JCRMI stands for Java Card Remote Method Invocation, and it allows a MIDlet to invoke a method of a remote Java Card object. CRYPTO provides basic cryptographic operations to support message digest, signature verification, encryption, and decryption. And finally, PKI defines an API to support application level digital signature signing (but not verification) and basic user credential management.]

 

The optionality of these packages has caused some fragmentation. S60 3rd Edition platform includes only CRYPTO and PKI packages. Even though there are some comments floating around in the Internet that the APDU would also available on those devices, that is incorrect. So no Smart Card access on S60 3rd Edition devices. This is true also for the new N95 (S60 3rd Edition Feature Pack 1).

 

On Series 40 side the first optional package to be implemented is APDU. That is included in the Series 40 3rd Edition Feature Pack 2 devices. I know it is not entire clear from our device specifications, which device belongs to that group, so here is a current list: Nokia 5200, Nokia 5300, Nokia 6085,Nokia 7360, Nokia 7373, Nokia 7390.
There is no PKI nor CRYPTO on Series 40 as of now.

 

Final word of warning. The SATSA spec defines that there is no Smart Card access for untrusted (unsigned) MIDlets. Additionally, "an exception to this is the permission javax.microedition.apdu.sat, which is not mapped to any function group. Access to (U)SAT is granted to applications only in the operator’s domain."

Java, S60, Series 40 | Next | Previous | Comments (10) | Trackbacks (0)

Comments

Re: SATSA API on Nokia devices

octavian | 12/10/2006, 11:58

Hello Harti,

There is no Series 40 3rd edition Feature Pack 2 available yet, wright? Current release is FP1 and the devices you mentioned belong to that category itself. Or am I wrong and there is already a mobile phone and a developers kit available that allow using APDU?

kind regards,
octavian

Re: SATSA API on Nokia devices

hartti | 12/10/2006, 17:47

hartti I quickly tested with 7373 and the APDU part is there (see the device list in the second to last paragraph in my blog entry). However you need signing to access the Smart Cards (see the last paragraph in my post)

Hartti

Re: SATSA API on Nokia devices

octavian | 12/10/2006, 18:33

thank you Harti!

Ok, so this means that on the Nokia 7373 you can access the Smart Card with a signed application. But how can an application be signed, or better said, must the application be signed by the operator, or there are other possibilities? And finally, is possible to access the Smart Card also in parallel with a phone call (i.e. is there a possibility to establish a parallel communication channel with the Smart Card id addition to the standard one that is used for the usual call applications?)?

thank you so much,
Octavian

Re: SATSA API on Nokia devices

felixgomez18 | 17/10/2006, 22:39

Hi all.

I'm developing an application for an E61 mobile, using PKI SATSA package. The IDE I use is netbeans 4.1 with the wireless toolkit 2.5, and the java card emulator 2.2.2.

Ok, the thing is that with the emulators, everything goes right. I can generate a CSR, I can add a certificate and I can sign as plain text as files. But when I try the same application on the E61 (specifically when I try to generate the CSR) I get an UserCredentialManagerException saying that the security element was not found.

In the emulator, I use the string "WIM 1.01 SATSA RI" as the SecurityElementID. In the device (Nokia E61), I've tryed "WIM 1.01 SATSA RI", "PKCS-15" and even null as the SecurityElementID, and none of them works. I get the same error message with any of them ("The security element was not found").

The most surprising thing is that it doesn't work even using null as the SecurityElementID, when the documentation of SATSA says that "If this parameter is null the implementation MUST choose the first available security element that meets the specified requirements".

I suspect that the SIM card I have may not carry out completely the PKCS#15 standard.

Does anybody know why may be failing my application?

Does anybody know which are the minimun requirements that the SIM must carry out in order to be usable through SATSA API?

Thanks in advance.

Re: SATSA API on Nokia devices

toema123 | 01/11/2006, 17:25

Same issue with my code, see http://discussion.forum.nokia.com/forum/showthread.php?t=92423

Re: SATSA API on Nokia devices

sinhashivam | 15/03/2007, 13:59

Hello Harti,

I tested SATSA-APDU Package implementation on Nokia 7373 emulator and it works beautifully. However, as you said, to test it on device we need to sign the midlet.

Does the permission javax.microedition.apdu.aid only given to operator-trusted midlets? If yes, How do we get our midlet to be operator-trusted?

Regards,
Shivam

Re: SATSA API on Nokia devices

hartti | 15/03/2007, 23:39

hartti Operator signing is required if you want to use (U)SAT. Operator signing requires partnering with the operator in question. The requirements and what kinds of agreements need to be signed differs from operator to operator.
Check also this document
http://www.forum.nokia.com/info/sw.nokia.com/id/2e279a27-26ef-4435-8492-9ebae977aa9c/MIDP_SATSA_APDU_API_Developers_Guide_v1_0_en.pdf.html

Hartti

SATSA PKI

Tatiana | 02/11/2007, 16:36

Hi,
I have a question about SATSA PKI.
if I have my certificate generated with OpenSSL, can I use it with SATSA PKI?

SATSA PKI wants that I use UserCredentialManager.generateCSR to generate CSR and UserCredentialManager.addCredential to stored it, but if I have my certificate,
can I use it?

thanks

Re: SATSA API on Nokia devices

hartti | 08/11/2007, 23:25

hartti

Tatiana, I am not sure of the answer. Sorry.

Hartti

Acces SIM (Pin code)

iluve | 23/04/2008, 14:48

Hi Hartti,

I have a question about nokia serie's 60. I want to access the SIM card, in particular, I would like to make an authentication of a user asking for him PIN code.

I must be able to access the SIM and made sure that the insert code in a textbox corresponds to the PIN code. The problem is in the serie 60 only are implemented CRYPTO and PKI. Do you have any idea how I could make this MIDlet?

I know that this type of aplication required a sign operator, discarding this ,I could pass a string to crypto so the phone asked me the PIN code?

thanks

You must login to post comments. Login
 
 
Powered by LifeType
RDF Facets: qfnZtopicQUqfnTopicZjavaQ qfnZtopicQUqfnTopicZseriesE5f40Q qfnZtopicQUqfnTopicZseriesE5f60Q qfnZtypeQUqfnTypeZBlogContentQ qfnZtypeQUqfnTypeZBlogE45ntryQ qfnZtypeQUqfnTypeZCommunityContentQ qfnZtypeQUqfnTypeZWebpageQ qmarsZlanguageQUxhttpE3aE2fE2fswE2enokiaE2ecomE2flanguageE2d1E2fenX