GeoTrust To Secure Mobile Java Apps

Members of the Sun Microsystems-led Unified Testing Initiative (UTI) now have GeoTrust in their corner. GeoTrust, arguably the world’s second largest certificate authority, said it would provide digital signing services for the Java Verified program on J2ME-enabled devices .

A cooperative effort of Sun as well as mobile device manufacturers Motorola, Nokia, Siemens, and Sony Ericsson, UTI is program that enables streamlined application testing, promotion and distribution for developers.

“The continued, rapid, widespread adoption of mobile Java-based applications and the growth of the mobile industry on a global scale are dependent upon ensuring the integrity and security of the many applications on the market today and newer applications in the development phase,” said Juan Dewar, senior director, consumer and mobile systems group for Sun Microsystems .

The program works like this: Developers for mobile devices that want to get their applications “signed” have to register at the Java Verified site, where it is then tested for a variety of compliance and security capabilities. Pending the successful result of the testing, a GeoTrust cryptographic digital signature is issued, which would be included with the developers’ distributed code.

The signature is verifiable at all times in order to guarantee the authenticity and integrity of the application code. From the end user’s point of view, the whole process is expected to be transparent.

“As SSL works for you when you try to buy something online and your transactions are encrypted you see a lock symbol (in the browser), that’s really what we’re trying to do here,” Chris Bailey, GeoTrust’s vice president of technology alliances, told “We’re trying to let the user know that they are safe without putting too much on understanding what it’s actually doing.”

Bailey argued that GeoTrust’s digital signing technology, though based on PKI is unlike traditional PKI that in the past may not have been as successful. He said the difference, in his opinion, is that it’s all hidden. “If it hasn’t been signed by our specific technology it just won’t run,” Bailey said. “It is running strong PKI behind the scenes.”

Bailey said the industry could use some more “evangelizing” about mobile application authentication. “The security architecture will be built in and will be able to stop potential viruses like the Cabir virus that we saw a few weeks ago,” he said.

In February, when Sun first announced its J2ME Java Verified initiative, it claimed that more than 1.5 billion devices currently run the language.

GeoTrust is also working with Baltimore Technologies PKI in a deal with Microsoft’s as part of the effort known as “SmartPhone Credentials.”

News Around the Web