SPECSA: a scalable, policy-driven, extensible, and customizable security architecture for wireless enterprise applications

This paper presents SPECSA, a new, optimized, policy-driven security architecture for wireless enterprise applications. SPECSA is scalable, extensible, flexible, and customizable. It supports end-to-end client authentication, data integrity and confidentiality between wireless clients and enterprise servers. The security services provided by SPECSA are customized and controlled by an easily configurable security policy that specifies several security-related attributes, classifies network data based on sensitivity and content, and provides an abstraction for the communication and messaging between the client and the server. In addition, SPECSA provides an application programming interface (API) that conceals to a great extent the complexity of security operations and programming from the application. SPECSA was designed in a platform-neutral manner and can be implemented on a wide range of wireless clients ranging from low-end platforms such as the Java 2 mobile edition/connected limited device configuration (J2ME/CLDC) on limited-memory mobile devices to Personal Java and the .Net compact framework on PDAs. On the server side, SPECSA can be implemented on any of the available enterprise server platforms. A sample implementation of SPECSA was developed for J2ME on the client-side and Java 2 enterprise edition (J2EE) on the server-side.