Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Standard Edition >

Letters to the Editor

JavaWorld.com, 04/25/03

  • Print
  • Feedback

"Build Database-Powered Mobile Applications on the Java Platform"
Michael J. Yuan and Ju Long

Why a JSP-based communication layer?



Michael and Ju,

In the article's architecture, why did you use JSP (JavaServer Pages) as the communication layer? I think a servlet is a more suitable option. According to what I know about JSP and servlets, JSP is best when you actually have to display something, and servlets play a good role when you want to do some sort of communication only, like object streams.

Ghulam

Ghulam, Yes, you are right. In a production system, servlets are probably better than JSP in the communication layer. However, the article's purpose was to illustrate the concepts and demonstrate how you access backend databases from the mobile device. JSP is easy to use and does not require compilation, packaging, and deployment. Just copy it to the right directory and it works. Once you understand how it works, you are free to use any architecture you want. The server side does not even have to be Java. Michael Yuan


Wireless Java
"Data Security in Mobile Java Applications"
Michael Juntao Yuan

Where does SIM fit in?



Michael,

I feel that you failed to mention one of the most important factors of the security modules for future mobile devices: SIM (Subscriber Identity Module), which has its roots in security and authentication. Modern SIMs have RSA (Rivest, Shamir, Adelman) accelerators making PKI (public key infrastructure) possible and secure on these devices. The interface between the mobile device and SIM can be extended to include J2ME (Java 2 Platform, Micro Edition) requirements (which I believe is part of what JSR (Java Specification Request) 177 is all about). Not adding this information to the article was quite a serious omission.

Eric

Eric, The article's focus is cryptography toolkits on small devices. I did not mention SIM as a viable option for J2ME because JSR 177 has not been active for an entire year. None of the commercial crypto kits use special SIM acceleration. I do not know what's up with JSR 177, but unless the JCP (Java Community Process) releases at least a concrete community draft, I would like to avoid mentioning it. It is at least another year away from real-world phone implementation. In the meantime, if you are aware of any real-world SIM extension to CLDC (Connected Limited Device Configuration) and benchmark on the improved RSA performance, please feel free to email me. Michael Yuan


Michael,

I actually exchanged emails with someone who claimed they were close to the JSR 177 workgroup. The group planned to issue a community release in Q1 this year, a deadline they already missed.

I should follow up a bit. I am currently contracting with an aggressive mobile operator in mobile commerce, which gave me the opportunity to meet with some handset manufacturers and SIM vendors who committed to push this hard. Alas, the results aren't there yet.

I notice that Microsoft is using this opportunity and is working on a similar SIM-based solution, something which J2ME is in a favorable position to address since Java Card could provide what SIM needs and most SIM vendors have a Java Card product.

  • Print
  • Feedback

Resources