New Security Protocols and Approaches to Application Service Providing for Mobile Devices on the Internet

摘要

In Application Service Providing (ASP) frameworks, security is one of the most important issues. Current approaches implementing such frameworks take advantage of elaborated protection mechanisms like signatures, public and private key encryption and SmartCards. Those technologies are demanding in terms of processing power, so that many of them are not or only partly applicable on mobile clients and their limited capacities. This requires looking for new methods to guarantee an acceptable degree of security, if such devices are to be used within ASP frameworks. In the approach suggested in this paper, a secret DES key shared between client and server is hidden inside the Java classes to be executed on the mobile client. Using our approach, only applications with a valid license are allowed to be executed on a mobile device. The methods introduced seem to be particularly well-suited to small applications aimed at mobile phones like games or location-based services, which have a limited lifetime and are not expensive or valuable enough to put much effort in to reverse engineering.