Live from JavaOne: Call and Pay with Java

This talk is about the Mobile Telephony API (JSR-253) and Payment API (JSR 229) that can be added to MIDP/MSA phones. These JSR’s have been defined by Siemens/BenQ, and there were left in IP limbo after the demise of the company. Apparently, this transition time is over, work has resumed on these JSR’s, and they are being updated through a maintenance release this year.

The idea of the Mobile Telephony API is that we now live in a connected world, and that we want to get applications that would allow us to control the way our device communicates, for instance to setup conference calls within an application.

In standard MSA 1.0, we get the ability to use HTTP(S), or Web Services. We also have the ability to use SATSA to communicate with a SIM card that, in turn, would have SIM Toolkit applications written in Java Card. This is interesting to work on mobile telephony and payment, but how can we do better with dedicated APIs?

The Payment API is a common front-end that is complemented by payment adapters, representing a particular payment method. It is oriented towards micropayment, and the idea is to use a simple API, and to put all the configuration information in the JAD file (that’s interesting for a security guy, because JAD files are not signed, so there may be some opportunities to get free stuff).

The Mobile Telephony is used to control calls, receive event changes of network state (YES, an application may know when we are roaming!), and a few more things. There is even a package that allows an application to get information about the money that a call costs; this is quite surprising, because this is well known for being very difficult to figure out. Like the payment API, the API is very simple, which looks quite good.

The real problem is mobile support for these optional APIs. We’ll have to see if support picks up with the maintenance release.

One Comment

  • Just a tiny rectification on 229’s JAD security aspect: actually the critical payment provisioning information is held in the JAR’s Manifest. 229 based applications then are required to be signed (hash+certificate-chain) for the 229 framework to work.

Leave a Reply

Your email is never shared.Required fields are marked *