Design and Prototyping of Web Service Security on J2ME based Mobile Phones

One of the main objectives in this paper is to investigate how to manipulate the Simple Object Access Protocol (SOAP) message and place security functions in the header of SOAP message. Here, we will present the design and implementation of web service security application on Java 2 Micro Edition (J2ME) based mobile devices. Basically this prototyping includes two-stage approach. In the first stage, we study the concept of proof in implementation of web services security on the IBM laptop using IBM WebSephere Studio Device Developer (WSDD V 5.6) IDE [1]. In addition we import kXML/kSOAP APIs to process SOAP message and use Bouncy Castle’s API [2] supporting cryptographic algorithms for security implementations. In this paper, the security functions we present here include five tasks: non-security, data digest, data encryption using symmetric key, data encryption using asymmetric key, and digital signature. At each task, we will discuss its corresponding design, SOAP header message, time performance, and return results in emulator. Based on the expected results from the first stage, in the second stage, we use Nokia 6600/3650 mobile phones as target mobile devices to test our application and evaluate performance at each task. Finally we will share our experience and lessons on this work in the conclusion and do the demonstration using Nokia 3650 mobile phone in the conference.