tags:

views:

117

answers:

2
Q: 

J2ME High Secured app for m-commerce

Hi All, I am creating a j2me application for mcommerce, which uses mobile internet(gprs). I wanted make it more secured by binding the application to the SIM card and the device. That is a user should be able to login to the system, only using his/her SIM card or from the registered mobile number.

To achieve this I need to fetch the mobile number. So, on login i thought of Triggering an SMS from the server with a key, which the application reads and uses the key for the entire session. Here the challenge is, that sms should not go to the inbox. Any suggestions pls?

A: 

It doesn't matter if the user sees the number in his/her inbox. As long as the key is only used that session, it is her/his responsibility to not share the key with others.

The one thing you make sure is that ONLY the person who owns the SMS phonenumber gets the key and is able to log on.

This doesn't take care of the phone being stolen though.

Toad  2009-12-23 08:53:19
If the phone is being stolen it is the duty of the customer to call the telcom and deactivate the number. In that case mobile app will not work with any other number. There is also an additional password security. I want to make sure, the person logs in to the system only using his number.
rosarioarun  2009-12-23 12:45:17
+1  A: 

Yes it can be achieved using the Wireless Messaging API. Have the MIDlet set up a server connection on a chosen port number, then send the SMS to that port number. It will go straight to your app, bypassing the inbox. If you use the Push Registry, you can even make the SMS start your app if it is not running.

funkybro  2009-12-23 12:21:35
Thanks for your reply. But, how do i sent the sms to the specified port. I am using an SMS gateway application, it does not have any option to set the UDH header of the sms.
rosarioarun  2009-12-23 12:42:26
I have yet to find the gateways which support this feature. You don't want customers to complain that they can't get in only because they are roaming (abroad or just on a different network in the same country) and the provider filters out the portnr
Toad  2009-12-23 13:07:56
Is there any ways that i can bind my J2ME application with the phone and sim card. (that is the application should make requests only from his/her registered) number.
rosarioarun  2009-12-29 09:36:13

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security