Hi, AllIn an authenticated application, all the class files have to be authenticated.
I have some question about MHP Application
Authentication, please help me answer them, thanks
1. What's the difference or relationship between
"Application Authentication" and "File
2. For mhp specification 1.03, File AuthenticationSee 12.6.1 "General principles", the paragraph beginning "For a DVB-J application to be correctly authenticated,"
process is described in chapter 12.4.4, but no
application authentication is involved, what steps
does Application Authentication include?
3. When a DSMCC File is accessed by usingSee 12.6.1 "General principles", the paragraph beginning "For a DVB-J application to be correctly authenticated,"
java.io.FileInputStream, mhp can authenticate it, if
failed to authenticate, it is considered as an empty
file, but for Application Authentication, when will
4. For a File Authentication, mhp should search andIf the signature of a file has to be checked then there is no way to avoid it.
verify the digital signature of it, however, checking
signature is a time-consuming operation for embeded
system, in the case if check signature when load each
signed file, it may cost much time when run a Xlet.
So how to avoid the repeated checking signauture?
dear desperado, thanks for your reply,Each class file must be authenticated some time before it's loaded.
About Application authencation, quote from the mhp
"For a DVB-J application to be correctly
authenticated, all the class files that the
application consists of need to be signed,
the signatures need to verify (see 12.4.4,
"Integration" on page 160) and the application_id
needs to be from within the
range allocated to signed applications (see Table 12,
"Value ranges for application_id" on page 84). If,
during the loading
or execution of the application the MHP detects a
signed file containing a class that failed to pass
process (e.g. because its actual hash value does not
match the expected hash value), then the class shall
be considered as
But I have three questions about the description,
1. Does app authentciation inclue all class files
authencation, that is , if xlet has 10 class files,
the app authentication will do file authentiation for
2. According to spec 12.4.4, file authencationThe implementation can cache results as long as the files in the network haven't changed. If a hash file is authenticated once then as long as the files used to authenticate it haven't changed (parent hash files, the signature file and the certificate file) then that process doesn't need to be repeated.
include hash verify and signature, certficate chain
verify, Dose the applicaton authencation should
verify signatures for the times as the number of
t's not acceptable for much cost of signature
verification for embeded system.
3. If application failed to authenticated, it can'tWhich language are you refering to here?
be granted request permisions, but What's time of
the start or end for application authentication, for
start point, may be load the main class of Xlet, but
the end? Does it need to authencate all class
if yes, but the time of loading a class is not known
to us, which depend on Xlet's behaviour, that is , we
can't know what time xlet would authenticate all
if no, Could we consider the end time of
authencating the main class implementing
javax.tv.Xlet as the end of application authenction?
hope your advice, thanks