High-level

Low-level Features Benefits References

Features
Built-in language security
features enforced by the Provides a safe and
Java compiler and virtual secure platform for
machine: developing and
running applications.
 Strong data typing Compile-time data
 Automatic type checking and
memory automatic memory
management management leads to
more robust code
The Java
 Bytecode and reduces memory
Language
verification corruption and
Specification
vulnerabilities.
Platform
 Secure class Bytecode
Security The Java Virtual
loading verification ensures
Machine
code conforms to the
Specification
JVM specification
and prevents hostile
code from corrupting
the runtime
environment. Class
loaders ensure that
untrusted code
cannot interfere with
the running of other
Java programs.
 Comprehensive Provides an
Cryptography API with support extensible, full Java
for a wide range of featured API for Cryptography
cryptographic building secure Architecture(JCA
services including applications: ) (includes the
digital signatures, Java
message digests,  Algorithm Cryptographic
ciphers and Extension (JCE))
(symmetric, implementati
asymmetric, on
stream & block), independent
message
authentication  Provider-
codes, key based
generators and key (pluggable)
architecture
 factories

 Support for a wide

range of standard
algorithms
including RSA,
DSA, AES, Triple
DES, SHA,
PKCS#5, RC2,
and RC4.

 PKCS#11
cryptographic
token support
 Abstract
authentication
APIs that can Enables single sign- Java Security
incorporate a wide on of multiple Architecture
range of login authentication
mechanisms mechanisms and Java
through a fine-grained access Authentication
pluggable to resources based on and Authorization
architecture. the identity of the Service (JAAS)
user or code signer.
Authentication
 A comprehensive Recent support (in Policy
and Access
policy and JDK 5) for Implementation
Control
permissions API timestamped and Syntax
that allows the signatures makes it
developer to create easier to deploy Signature
and administer signed code by Timestamp
applications avoiding the need to Support
requiring fine- re-sign code when
grained access to the signer's
security-sensitive certificate expires.
resources.
Java Secure
Secure APIs and implementations Authenticates peers Socket Extension
Communication for the following over an untrusted (JSSE)
s standards-based secure network and protects
communications the integrity and Java GSS-API
protocols: Transport privacy of data (JGSS)
Layer Security (TLS), transmitted between
Secure Sockets Layer them. Java SASL API
(SSL), Kerberos
(accessible through GSS-
 API), and the Simple
Authentication and
Security Layer (SASL).
Full support for HTTPS
over SSL/TLS is also
included.
Tools for managing keys
and certificates and
comprehensive, abstract
APIs with support for the
following features and
algorithms:

 Certificates and X.509 Certificate

Certificate Eases the and Certificate
Revocation Lists development and Revocations Lists
(CRLs): X.509 deployment of (CRLs)
 Certification Path complex PKI
Validators and applications. Recent Java CertPath API
Public Key
Builders: PKIX support (in JDK 5)
Infrastructure
(RFC 3280), On- for OCSP provides a On-Line
(PKI)
line Certificate more scalable and Certificate Status
Status Protocol timely method for Protocol (OCSP)
(OCSP) applications to check
certificate revocation Java PKCS#11
 KeyStores: status. Reference Guide
PKCS#11,
PKCS#12

 Certificate Stores
(Repositories):
LDAP,
java.util.Collection