LinuxMonk » Mobile App http://www.linuxmonk.org A Journey Towards Infinity... Fri, 16 Jul 2010 19:32:37 +0000 en hourly 1 http://wordpress.org/?v=3.0 M-Commerce Mobile App – My First J2ME Experience http://www.linuxmonk.org/2009/12/27/m-commerce-mobile-app-my-first-j2me-experienc/ http://www.linuxmonk.org/2009/12/27/m-commerce-mobile-app-my-first-j2me-experienc/#comments Sun, 27 Dec 2009 08:42:37 +0000 Rosario http://www.linuxmonk.org/?p=303

I am trying to create secure mobile application that would be used for m-commerce. From day one of the development i faced several challenges. I made the application more like a web browser, and the connection using http, (ofcourse finally after development it would be https) for the request and response. I created a cool graphical user interface with Kuix Library.  The J2ME application would interact with a PHP server application and all transactions will be in xml. I made the transactions light weight. Making the application look like it is loading the data from the local. I took care of all the security flaws, hiding most of the implementation from the user.

But still I am not satisfied of the security.

I wanted to create a seperate protocol, to ensure high security. Features

  1. The application should be bound to the mobile number, the user should be able to access the m-commerce service only through the mobile number he/she has registered.
  2. The application should be bound to the SIM card and the mobile itself. More to the SIM card.

Methods

  1. Try to push an sms from the server, on each login with a encrypted session key. After that use that key for every transaction you make in that particular session.
  2. Try to push an SMS with a generated permanent private key, on your first login with the application. Take the signature of the SIM card and save this private key and simcard signature in phone memory. From next login check if the saved signature and SIM signature matches. If so procees with the http login sending the username, password, and the private key.

Challenges in implementation,

  1. Its is very hard to know the mobile number from the J2ME application. There are some methods available, but they are not perfect and differs from each model.
  2. Still wondering if i could read the signature of the simcard, so that i could deactivate the Java application on sim card change.
  3. Waiting for the SMS would incur much time.

Any suggestions are most welcomed. Awaiting your comments

]]> http://www.linuxmonk.org/2009/12/27/m-commerce-mobile-app-my-first-j2me-experienc/feed/ 0