Hi all..
I hope you guys cna give me some feedback on the following:
Im working on an mobile app. which has to transfer secure information with
a server.
In order to make the post less abstract, consider the following: Students
will logon to a server via their mobile phone with a pw/username (e.g.
social security number) and if succesfull, receive a number of questions
(e.g. multiple choice) which they'll answer and send back to the server.
- The app. should work on MIDP 2 as well as MIDP 1 devices, which might
mean that I have to make two versions of the app.
- The app. will (most likely) be downloadable from various websites, which
makes the encoding of unique keys hard (or impossible?).
- Information should be secure both from and to the server.
I am considering the following:
For MIDP2 devices, I'll use a HttpsConnection instread of an HttpConnection
which should make the transaction secure, because of the SSL protocol.
For MIDP1 devices, I'll logon with the help of a digest (e.g. SHA1 from the
bouncycastle framework) and the let the rest of the communication be done
with another bouncycastle crypt. algorithm.
Onwards to my questions:
1) Is it correct, that the communication will be 100% secure because im using
SSL, and the information therefor is encrypted ?
2) Does anyone have any suggestions on suitable algorithms for the MIDP1
devices. As mentioned, since the app will be downloadable from website
it's hard if not impossible for me to generate a unique key.
Any advice, pointers ect. will be appreciated.
/Svend Rost
edit: Forgot a
word..
[ May 27, 2005: Message edited by: Svend Rost ]