Welcome!

Java IoT Authors: Elizabeth White, Pat Romanski, Liz McMillan, Shelly Palmer, Karthick Viswanathan

Related Topics: Java IoT

Java IoT: Article

Provisioning and Digital Rights Management

Instrumentation of J2ME applications

The mobile industry is standardizing both application provisioning and digital rights management (DRM). Provisioning includes the discovery and downloading of an application to a client device, while DRM deals with how to protect the application from unauthorized use.

The Java Community Process recently finalized JSR 124, J2EE Client Provisioning Specification, which a number of content server providers are rapidly incorporating into their products. On the DRM side, the Open Mobile Alliance has defined the industry standard in its document Digital Rights Management version 1.0. Nokia, a strong supporter of the OMA, implemented a key OMA DRM feature - forward locking - in its 3595 model. Forward locking occurs when the device embeds a hardware identifier in the application so that the application can be used only on that device.

One goal of this article is to demonstrate how to use class-level instrumentation to provide DRM solutions for J2ME applications. I'll show how to create a J2ME DRM wrapper that's similar to forward locking, but less restrictive. Another goal of this article is to provide insight into how provisioning and stocking (the submittal and registration of content) takes place.

Software Requirements
Running the sample application requires a Web or application server with a servlet container. JBoss is a popular open source product that serves this purpose. For the client side, download Sun's Wireless Toolkit for MIDP 2.0 from http://java.sun.com. The toolkit also contains the sample JAR and JAD files used in this article. If you don't have a J2ME wireless mobile device, use the toolkit's emulator.

You'll need the source code that's included with this article to build the provisioning WAR file and the client content submittal program (download from www.sys-con.com/java/sourcec.cfm). Ant scripts are included; to use them, download the Ant build utility at http://apache.org.

Stocking Content
Submitting Content from the Provider

To submit content, the content provider places the JAR file that contains the J2ME application on a publicly accessible URL. Next, the provider creates a JAD file containing seven required properties, including the MIDlet-Jar-URL property. Finally, the content submitter posts the JAD file to the content server.

It's common in the industry for the content provider to submit both the JAR and the JAD files to the content server. However, since the JAD contains the JAR's URL, submitting the JAR file is unnecessary. Note that the JAD file contains the MIDlet-Jar-URL property so that the application manager on the mobile device knows where to find the J2ME application. We'll use the MIDlet-Jar-URL property in a different way: to get the JAR file from the provider's server onto the content server.

Let's see how to make this work in practice. Go to the WTK20/apps/games/bin directory. There are two files: games.jad and games.jar. Make the games.jar accessible on a Web server and test that the JAR exists by typing in the URL on a Web browser at http://localhost:8080/ROOT/ games.jar. If a dialog box appears asking to download the file, then the JAR file is accessible. Note that you should replace localhost and 8080 with the domain name and port of your Web server.

Open the games.jad file and change the MIDlet-Jar-URL property to http://localhost: 8080/ROOT/games.jar. Also add an Install-Notify property with a value of http://localhost:8080/ provisioning/InstallNotify. I'll explain why you need the Install-Notify property in the section on OTA provisioning. Now instantiate the org.jvending.vending. client.ContentSubmitter class, feeding in two arguments on the command line: the URL of the content server stocking servlet and the local file system path of the games.jad file. The instance of the ContentSubmitter class will post the contents of the games.jad file to the content server over HTTP.

Stocking Content on the Server
Look at the Stocker class provided in the source code to understand the stocking process from the content server's perspective. An instance of this class divides the stocking of content into the following steps:

  1. Reading the request input stream and creating a JAD object
  2. Getting the MIDlet-Jar-URL property from an instance of the JAD object and pulling the JAR file located at that URL to the server
  3. Adding the DRM wrapper to the JAR file and setting the new JAR size (MIDlet-Jar-Size) on the JAD instance
  4. Adding the modified JAR file to the local in-memory cache
The first step in the stocking process begins after the content submitter posts the JAD file. The content server places the JAD properties within an instance of the JAD class. The JAD class contains accessor and mutator methods for each of the seven required properties, as well as some additional methods, such as the getMIDlets method, which returns a map of the MIDlet names. It's important to store this information because the content server needs to know each MIDlet class so it can instrument the class with a DRM wrapper prior to the download of the J2ME application to the mobile device.

In the second step, the Stocker object gets the JAR file containing the J2ME application from the content provider's server. The Stocker object creates an instance of JarFetcher and invokes the fetch method, using the JAD object as a parameter. The JarFetcher opens a JarUrlConnection to the JAR URL specified within the JAD and downloads the games.jar file from the content provider's server. The fetch method returns a java.util.jar.JarFile instance. Since the content server instruments the main MIDlets class files, we need to pull out specific class files. Thus we prefer using a JarFile object over the lower-level InputStream because the JarFile class has handy methods for accessing each class file within a JAR file.

In the third step, the content server instruments the class files. The Stocker object instantiates the DrmInstrumenter class and invokes the modifyJar(Jad jad, JarFile jar) method. This method invokes the getMIDletNames method on the JAD object to determine the MIDlet class names. Next, the modifyJar method pulls the byte code of the MIDlet classes from the JARFile object. The DrmInstrumenter instance then instruments the MIDlet classes, adds the DRM class (ClientAuthenticator) to the JarFile object, and returns the new JAR as a byte array.

The Stocker object expands the JAR file size when it instruments the class files. The Application Management Software (AMS) on the device is responsible for downloading and installing the J2ME application. If we don't reset the JAR size, when the AMS downloads the application it will return an error because the JAR size given in the JAD won't match the actual downloaded JAR size. Thus, the Stocker object resets the JAR size attribute by invoking jad.setJarSize(String.valueOf (drmJar.length)), where drmJar is the JAR byte array.

The final step in the stocking process involves putting the JAD object and the instrumented JAR byte array into separate HashMaps indexed with the same universally unique identifier (UUID). The UUID is important for a couple of reasons. First, when the user downloads the JAD and JAR, the content server uses the UUID to return each object from the cache. Within a production environment the content server would, of course, persist the JAD and JAR to a file system or database.

The second reason the UUID is important is that the content server will use the unique ID for authorization. The content server embeds the application UUID within the application. When the user initializes the J2ME application, the application will post the UUID to the content server. The server then matches the user's Mobile Subscriber ISDN (MSISDN) in the HTTP header to the UUID of the application to determine authorization.

DRM Instrumentation Wrapper
There are a couple of ways we can create a J2ME wrapper. We can either add all of the code directly to the MIDlet subclass, or we can create a separate class that contains the DRM code and reference that class from the MIDlet subclass. For this implementation we'll choose the second approach because processing time is faster, instrumentation is easier to code, and, most important, we avoid having to deal with the pesky stack map attribute that is unique to J2ME classes. The stack map improves the efficiency of the runtime verification of J2ME applications during runtime by recording local variables and stack items for byte-code offsets.

Note that to avoid the stack map attribute within our instrumentation, we must not include conditional if statements and try/catch blocks within the instrumented byte code. Therefore, the MIDlet subclass has only one public method (run) with a void return type. See the CLDC Spec 1.0 for more information about the stack map attribute.

Take a look at the DRM class, org.jvending.wrapper. ClientAuthenticator. This class contains only two public methods: ClientAuthenticator(MIDlet MIDlet, String id) and run(). An instance of the MIDlet subclass, e.g., TilePuzzle, invokes the constructor of the ClientAuthenticator, passing in a reference to itself (TilePuzzle) and the unique ID of the game as parameters. Next, TilePuzzle invokes the run method. View the code below:

String id = "abcd-efa3-sddaf-467sdk";
ClientAuthenticator ma = new ClientAuthenticator(this, id);
ma.run();
startNewApp();

The DRM wrapper should make an authorization call to the server upon startup of the application. Thus we embed the authorization code prior to the initial application logic within the startApp method. This requires instantiating the ClientAuthenticator class at the beginning of the startApp method. If the startApp method already contains stack map attributes, we need to change the byte offsets and references to the constant pool because we're adding byte code to the beginning of the method.

To avoid dealing with the stack map attribute, rename the startApp method to newStartApp method. This keeps the offsets and constant pool references the same. The startApp method in the MIDlet now invokes the newStartApp method, which contains a copy of the original execution code for the MIDlet subclass.

OTA Provisioning of the Application
A critical step to providing a DRM solution is to authenticate the user. Otherwise the user could forge the HTTP header and claim to be someone he or she is not, thus getting unauthorized access to the application. When users use their mobile device within a GPRS carrier environment, the request goes through a base station subsystem, through the serving GPRS support node (SGSN), onto the gateway GPRS support node (GGSN), and finally to the WAP gateway.

By this point, the system has already authenticated the user and appended a MSISDN, which is the user's phone number, to the HTTP header. Thus, by the time the HTTP request hits the content server, the server only needs to extract the MSISDN HTTP header to know the identity of the user. Before going further with the authentication and authorization of the user, let's briefly discuss how the user discovers the instrumented application.

The user can do application discovery through a WML microbrowser or an HTML browser, depending on the capabilities of the handset. After users discover the link to the JAD file, they click it. The URL will look something like http:// localhost:8080/provisioning/596162646162614A787.jad.

On the content server, any URL with a *.jad extension maps to the org.jvending.provisioning.JadDownloader servlet. The JadDownloader instance extracts the UUID and gets the JAD from the cache. Next, the JadDownloader sets the content type on the response to text/vnd.sun.j2me.app-descriptor and returns the JAD stream to the browser.

The device starts downloading the JAD file over WAP. The browser detects that there is a content type of text/vnd. sun.j2me.app-descriptor and passes control over to the AMS. The AMS on the device reads the properties of the JAD file and extracts the MIDlet-Jar-URL property, which looks like http://localhost:8080/provisioning/596162646162614 A787.jar.

The AMS hits this link over WAP or directly over TCP/IP, depending on the device. Since the URL contains a *.jar extension, it maps to the org.jvending.provisioning. JarDownloader servlet. The JarDownloader servlet extracts the UUID and looks up the instrumented JAR file from the cache. Next, the servlet sets the response content type to application/java-archive and downloads the JAR to the device.

The device knows where to post the status report by reading the MIDlet-Install-Notify attribute in the JAD. Remember, you should have added this to the games.jad file earlier. If the device successfully downloads and installs the application, it posts a 900 response code to the content server at http://localhost:8080/provisioning/InstallNotify?uuid=596162646162614A787.

When the HTTP post hits the InstallNotify servlet with a successful 900 response, the content server extracts the MSISDN from the HTTP header and the UUID from the URL. The server caches the MSISDN and UUID into an instance of AuthorizationMap using the MSISDN as the key.

After successfully downloading the application, the user clicks the application start button on the device. At this point, control passes to the startApp method of the main MIDlet. The startApp method instantiates the ClientAuthenticator class, which posts the UUID to the content server's AuthorizationServlet. The AuthorizationServlet extracts the MSISDN and UUID from the header. Using the MSISDN from the HTTP header as a key, the servlet looks up the UUID from an instance of AuthorizationMap.

If the UUID in the header doesn't match the UUID in the AuthorizationMap instance, the servlet sends an unlock response value of false. The ClientAuthenticator invokes the notifyDestroyed method on the MIDlet subclass instance, ending the application. This need to destroy the application from within the wrapper is why the ClientAuthenticator constructor signature contains a reference to the invoking MIDlet subclass.

If the UUIDs match, the servlet sends back an unlock response value of true to the J2ME application. The run method returns immediately, authorizing the user. In the MIDlet, control now goes to the newStartApp method, which contains the original MIDlet code. The application begins.

Conclusion
Digital rights management and content provisioning are two critical components of the rapid growth of applications in the mobile space. Currently, it's very easy for a user to forward content or to upload it to the Internet for others to download. Not only do we need intelligent ways for the user to discover and download applications, but we also need to protect the content from piracy. This article discusses one way - using a DRM wrapper - to protect content from unauthorized use. The source code in this article is open source. You can find updates at www.jvending.org.

More Stories By Shane Isbell

Shane Isbell works as a software architect at a wireless carrier.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Wes Biggs 04/05/04 05:13:33 PM EDT

A couple of notes:

MSISDN is not typically available in the HTTP headers unless you have a business relationship with the carrier.

The DRM solution suggested in the article is a good step, but de-instrumentation is relatively straightforward, given enough incentive (and access to the instrumenting source code, as we have here). A user with a laptop and GSM modem could spoof the MSISDN header, download the JAR, deinstrument and redistribute.

Shane Isbell 03/05/04 04:56:08 PM EST

The contact info and bio for me is out of date. You can e-mail me at [email protected]

@ThingsExpo Stories
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
What is the best strategy for selecting the right offshore company for your business? In his session at 21st Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, will discuss the things to look for - positive and negative - in evaluating your options. He will also discuss how to maximize productivity with your offshore developers. Before you start your search, clearly understand your business needs and how that impacts software choices.
There is huge complexity in implementing a successful digital business that requires efficient on-premise and cloud back-end infrastructure, IT and Internet of Things (IoT) data, analytics, Machine Learning, Artificial Intelligence (AI) and Digital Applications. In the data center alone, there are physical and virtual infrastructures, multiple operating systems, multiple applications and new and emerging business and technological paradigms such as cloud computing and XaaS. And then there are pe...
Real IoT production deployments running at scale are collecting sensor data from hundreds / thousands / millions of devices. The goal is to take business-critical actions on the real-time data and find insights from stored datasets. In his session at @ThingsExpo, John Walicki, Watson IoT Developer Advocate at IBM Cloud, will provide a fast-paced developer journey that follows the IoT sensor data from generation, to edge gateway, to edge analytics, to encryption, to the IBM Bluemix cloud, to Wa...