Future challenges and changes
Ana: 3G is the generic term used for the next generation of mobile communications systems. 3G systems will provide enhanced services to voice, text, and data but will be known for their high speeds and multimedia data services.
As 3G becomes more widely available in the United States, home banking, ecommerce, and online trading applications will be modified for the mobile environment and videoconferencing. The wireless terminal will be the personal gateway to the world of voice, data, video, mobile Internet, and interactive multimedia communications.
Tim: I agree that once 3G has reached a saturation point more users will find the wireless experience appealing. From a J2ME standpoint, adoption is already taking place, as J2ME has been chosen as the industry standard for wireless devices by the Third Generation Partnership Project, a group responsible for defining the specification for the next-generation handset application environment.
But is it secure?
Ana: WAP currently uses the Wireless Transport Layer Security (WTLS) specification, which some believe has notable holes. WTLS was specifically designed to conduct secure transactions over a low-bandwidth environment without requiring PC-level processing power or memory in the handset. For this to work, the WAP gateway acts as a translator between WTLS encryption and the Web's standard, more robust SSL (Secure Sockets Layer) security protocol. The problem occurs when the data is handed over from WTLS to SSL, a process in which the data is decrypted and then re-encrypted, meaning that for a split second the data is not secure. Even though the data translation occurs within a secure data center, it's still valuable for that split second. New versions of the WAP specification are expected to address this issue, but they will probably take awhile before they get resolved.
Tim: This is where J2ME, or more specifically Java, really shines, thanks to the fact that all Java applications, regardless of implementation, are restricted by a simple principle that untrusted code be placed in a sandbox, where it can play safely without doing any damage to the real world. When an applet or other piece of untrusted code is running in the sandbox, there are a number of restrictions on what it can do. The most obvious is that it has no access whatsoever to the local file system or system resources. Should you decide to allow access, a simple certificate is all that's required.