J2ME High Secured app for m-commerce

Question

I am creating a j2me application for mcommerce, which uses mobile internet(gprs). I wanted make it more secured by binding the application to the SIM card and the device. That is a user should be able to login to the system, only using his/her SIM card or from the registered mobile number.

To achieve this I need to fetch the mobile number. So, on login i thought of Triggering an SMS from the server with a key, which the application reads and uses the key for the entire session. Here the challenge is, that sms should not go to the inbox. Any suggestions pls?

Answer 1

It doesn't matter if the user sees the number in his/her inbox. As long as the key is only used that session, it is her/his responsibility to not share the key with others.

The one thing you make sure is that ONLY the person who owns the SMS phonenumber gets the key and is able to log on.

This doesn't take care of the phone being stolen though.

Answer 2

Yes it can be achieved using the Wireless Messaging API. Have the MIDlet set up a server connection on a chosen port number, then send the SMS to that port number. It will go straight to your app, bypassing the inbox. If you use the Push Registry, you can even make the SMS start your app if it is not running.