java card word document

Java Card Technology Seminar Report 2006 Admission

INTRODUCTION

Java Card technology adapts the Java platform for use on smart cards and other devices

whose environments are highly specialized, and whose memory and processing

constraints are typically more severe than those of J2ME devices. Java Card technology

is evolving. Accompanying both the technical evolution of smart card chips and the needs

of application developers, new features have been introduced recently, such as remote

method invocation (RMI), automated de-allocation of unreachable objects, and the

possibility of having several communication channels open between the card and the

card reader. In addition, version 2.2 of the Java Card specifications ([JCVM22][JCRE22]

[JCAPI22]) also introduces some of the previously mentioned card management features,

such as applet deletion. Smart cards are very useful in the areas of personal security.

They can be used to add authentication and secure access to information systems that

require a high level of security. Information stored in smart cards is portable. With Java

Card technology you can carry around valuable and sensitive personal information such

as your medical history, credit card numbers, or electronic cash balances in a medium

that is compact, yet very secure.

Dept.of Computer Science & Engg Veda Vyasa Institute of Technology1


WHAT IS A SMART CARD ?

Identical to the size of a credit card, a smart card stores and processes information

through the electronic circuits embedded in silicon in the plastic substrate of its body.

There are two basic kinds of smart cards: An intelligent smart card contains a

microprocessor and offers read, write, and calculating capability, like a small

microcomputer. A memory card, on the other hand, does not have a microprocessor and

is meant only for information storage. A memory card uses security logic to control the

access of memory.

All smart cards contain three types of memory: persistent non-mutable memory;

persistent mutable memory; and non-persistent mutable memory. ROM, EEPROM, and

RAM are the most widely-used memory for the three respective types in the current smart

cards. Persistent memory is also called non-volatile memory. We will use the terms

persistent and non-volatile interchangeably in this article.

ISO 7816 part 1-7, defined by International Standard Organization, contains a set of

standards that covers various aspects of smart cards. ISO 7816 consists of:

Physical characteristics (part 1)

Dimensions and location of the contacts (part 2)

Electronic signals and Transmission protocols (part 3)

Inter-industry commands for interchange (part 4)

Application identifiers (Part 5)

Inter-industry data elements (Part 6)

Inter-industry commands for SCQL (Part 7)



The following diagram illustrates the physical characteristics of a smart card, which are

defined in ISO 7816, part 1.

For more on ISO 7816 and smart cards, see "Smart cards: A primer."

Normally, a smart card does not contain a power supply, a display, or a keyboard. It

interacts with the outside world using the serial communication interface via its eight

contact points. The dimensions and location of the contacts are covered in part 2 of ISO

7816. This diagram shows the contacts on a smart card.


http://www.javaworld.com/javaworld/jw-12-1997/jw-12-javadev.html


A smart card is inserted into a Card Acceptance Device (CAD), which may connect to

another computer. Other terms used for the Card Acceptance Device are terminal,

reader, and IFD (interface device). They all provide the same basic functions, namely to

supply the card with power and to establish a data-carrying connection.

When two computers communicate with each other, they exchange data packages, which

are constructed following a set of protocols. Similarly, smart cards speak to the outside

world using their own data packages -- called APDU (Application Protocol Data Units).

APDU contains either a command or a response message. In the card world, the master-

slave model is used whereby a smart card always plays the passive role. In other words,

a smart card always waits for a command APDU from a terminal. It then executes the

action specified in the APDU and replies to the terminal with a response APDU.

Command APDUs and response APDUs are exchanged alternatively between a card and

a terminal.

The smart cards that were introduced in the 1980s had a single chip in every card, with

very limited resources (especially RAM). The dominant smart card technology today runs

on 4 to 8 Kb of RAM and 32 to 64 Kb of EEPROM, using slow 8-bit processors, and uses

a very limited subset of Java that provides

Partial support of basic types (8/16-bit values, no float, no String)

Small subset of Java ME APIs

Specific, pre-processed binary file formats

Single threading (no garbage collection)



Figure 1: The smart chip in a card

Java Card 3 extends the Java Card 2 support for classic applets into improved connected

features targeting less resource-constrained devices and including new network-oriented

features.



JAVA CARD SPECIFICATIONS

A Java Card is a smart card that is capable of running Java programs. The Java Card 2.0

specification was published at http://www.javasoft.com/javacard. It contains detailed

information for building the Java Card virtual machine and application programming

interface (API) in smart cards. The minimum system requirement is 16 kilobytes of read-

only memory (ROM), 8 kilobytes of EEPROM, and 256 bytes of random access memory

(RAM).

The system architecture on the Java Card is illustrated in the following figure.

As shown in the figure, the Java Card VM is built on top of a specific integrated circuit (IC)

and native operating system implementation. The JVM layer hides the manufacturer's

proprietary technology with a common language and system interface. The Java Card


http://www.javasoft.com/javacard


framework defines a set of Application Programming Interface (API) classes for

developing Java Card applications and for providing system services to those

applications. A specific industry or business can supply add-on libraries to provide a

service or to refine the security and system model. Java Card applications are called

applets. Multiple applets can reside on one card. Each applet is identified uniquely by its

AID (application identifier), as defined in ISO 7816, part 5.

An important point to keep in mind is what smart cards are not: They are not personal

computers. They have limited memory resources and computing power. Users should not

think of Java Card 2.0 as simply a stripped-down version of the JDK.

The lifetime of a Java Card

The Java Card lifetime starts when the native OS, Java Card VM, API classes libraries

and optionally, applets are burned into ROM. This process of writing the permanent

components into the non-mutable memory of a chip for carrying out incoming commands

is called masking.

Before it lands in your wallet, a Java Card needs to go through initialization and

personalization. Initialization refers to loading general data into a card's non-volatile

memory. This data is identical across a large number of cards and is not specific to an

individual; an example might be the issuer or manufacture's name.

The next step, personalization, involves assigning a card to a person. It can occur

through physical personalization or through electronic personalization. Physical

personalization refers to embossing or laser engraving your name and card number on

the plastic surface of a card. Electronic personalization refers to loading personal data

into a card's non-volatile memory, for example, your personal key, name, and pin number.

Initialization and Personalization vary from vendor to vendor and issuer to issuer. In both,

EEPROM (a type of non-volatile memory) is often used for storing data.



At this point, the Java Card is ready for use. You can get a Java Card from an issuer or

buy it from a retailer. Cards sold by a retailer are general-purpose, in which case

personalization is often omitted.

Now you can insert your Java Card into a reader and send APDU commands to the

applets residing on the card or download more applets or data onto the card.

A Java Card remains active until it is expired or blocked due to an unrecoverable error.



JAVA CARD VIRTUAL MACHINE

The Java Card Virtual Machine (JCVM) specification defines a

subset of the Java programming language and a Java-compatible VM for smart cards,

including binary data representations and file formats, and the JCVM instruction set. The

VM for the Java Card platform is implemented in two parts, with one part external to the

card and the other running on the card itself. The on-card Java Card VM interprets byte

code, manages classes and objects, and so on. The external Java VM part is a

development tool, typically referred to as the Java Card Converter tool, that loads,

verifies, and further prepares the Java classes in a card applet for on-card execution. The

output of the converter tool is a Converted Applet (CAP) file, a file that contains all the

classes in a Java package in a loadable, executable binary representation. The converter

verifies that the classes conform to the Java Card specification. The JCVM supports only

a restricted subset of the Java programming language, yet it preserves many of the

familiar features including objects, inheritance, packages, dynamic object creation, virtual

methods, interfaces, and exceptions.

Lifetime of a Java Card virtual machine

Unlike the Java virtual machine (JVM) in a PC or workstation, the Java Card virtual

machine runs forever.

Most of the information stored on the card must be preserved even when the power is

removed -- that is, when the card is removed from the reader. The Java Card VM creates

objects in EEPROM to hold the persistent information. The execution lifetime of the Java

Card VM is the lifetime of the card. When the power is not provided, the VM runs in an

infinite clock cycle.

The lifetime of Java Card applets and objects



An applet's life starts when it is properly installed and registered with the system's registry

table and ends when it is removed from the table. The space of a removed applet may or

may not be reused, however, depending on whether garbage collection is implemented

on the card. An applet on a card is in an inactive stage until it is explicitly selected by the

terminal.

Objects are created in the persistent memory (for example, EEPROM). They could be lost

or garbage-collected if other persistent objects do not reference them. However, it's a

thousand times slower to write to EEPROM than to RAM.

Some objects are accessed frequently, and the contents of their fields need not be

persistent. The Java Card supports transient (temporary) objects in RAM. Once an object

has been declared as transient, its contents can not be moved back to the persistent

memory.

Java Card 2.0 language subset

Java Card programs are, of course, written in Java. They are compiled using common

Java compilers. Due to limited memory resources and computing power, not all the

language features defined in the Java Language Specification are supported on the Java

Card. Specifically, the Java Card does not support:

Dynamic class loading

Security manager

Threads and synchronization

Object cloning

Finalization

Large primitive data types (float, double, long, and char)

It's no surprise that keywords that support those features are also omitted from the

language. VM implementers may decide to support 32-bit integer type or native methods



for post-issuance applets if they are working on a more advanced smart card with more

memory. Post-issuance applets are those applets that are installed on a Java Card after

the card is issued to a card holder.

The Java Card 2.0 framework

Smart cards have been in the market for 20 years, and most of them are generally

compatible with ISO 7816 Parts 1-7 and/or EMV. We've already looked at ISO 7816.

What's EMV? The EMV standard, defined by Europe, MasterCard, and Visa, is based on

the ISO 7816 series of standards with additional proprietary features to meet the specific

needs of the financial industry. The Java Card Framework is designed to easily support

smart card systems and applications. It hides the details of the smart card infrastructure

and provides Java Card application developers with a relatively easy and straightforward

programming interface.

Java Card security

Java applets are subject to Java security restrictions, however, the security model of Java

Card systems differs from standard Java in many ways.

The Security Manager class is not supported on Java Card. Language security policies

are implemented by the virtual machine.

Java applets create objects that store and manipulate data. An object is owned by the

applet that creates it. Even though an applet may have the reference to an object, it

cannot invoke the object's methods, unless it owns the object or the object is explicitly

shared. An applet can share any of its objects with a particular applet or with all applets.

An applet is an independent entity within a Java Card. Its selection, execution, and

functionality are not affected by other applets residing on the same card.



How things work together inside a Java Card???

Inside a Java Card, JCRE (Java Card Runtime Environment) refers to the Java Card

virtual machine and the classes in the Java Card Framework. Each applet within a Java

Card is associated with unique AID assigned by JCRE.

After an applet is correctly loaded into the card's persistent memory and linked with the

Java Card Framework and other libraries on the card, JCRE calls the applet's install

method as the last step in the applet installation process. A public static method, install,

must be implemented by an applet class to create an instance of the applet and register it

with JCRE. Because memory is limited, it's good programming practice, at this point, to

create and initialize the objects the applet will need during its lifetime.

An applet on the card remains inactive until it is explicitly selected. The terminal sends a

"SELECT APDU" command to JCRE. JCRE suspends the currently selected applet and

invokes the applet's deselect method to perform any necessary cleanup. JCRE then

marks the applet whose AID is specified in the "SELECT APDU" command as the

currently selected applet and calls the newly selected applet's select method. The select

method prepares the applet to accept APDU commands. JCRE dispatches the

subsequent APDU commands to the currently selected applet until it receives the next

"SELECT APDU" command.



INDUSTRIES

Almost any type of smart card can benefit from Java Card technology:

Subscriber Identity Module (SIM) cards, used in cell phones on most wireless

networks

Financial cards supporting both online and offline transactions

Government and health-care identity cards

Cards that provide logical access and physical access to enterprise resources

Smart tickets for mass transit

On the majority of cellular telephone networks, a subscriber uses a smart card commonly

called a SIM card to activate the telephone. The card authenticates the user and provides

encryption keys for digital voice transmission. When fitted with Java Card technology, SIM

cards can also provide transactional services such as remote banking and ticketing.

Hundreds of millions of SIM cards based on Java Card technology are already powering

innovative services in cell phones.

In the banking industry, smart cards give users secure access to a wide array of

networked financial services including cash machines, bill paying, and bridge tolls. Java

Card technology enables a single smart card to host multiple financial applications, and to

deliver third-party services such as mileage programs or secure online trading.

Other applications are available in a wide variety, wherever security and authenticated

identity are important, such as in controlling access to secure facilities and to medical

records.

Java Card technology will enhance consumer access to new, e-commerce services

through a range of connected appliances. Cellular phones and pay-TV equipment are

examples of markets where the majority of products now available already include smart

card readers.



JAVA CARD TECHNOLOGY DATASHEET

Java Card technology enables smart cards and other devices with limited memory to

securely run small applications, called applets, that utilize Java technology. It provides

smart card manufacturers with a secure and interoperable execution platform, capable

of storing and updating multiple applications on a single device. Java Card technology

is compatible with existing smart card standards.

With Java Card technology, new smart card - based applications and services can be

rapidly and securely built, tested, and deployed. This reduces development costs, adds

product differentiation, and enhances value-add for customers.

A complementary technology to the Java 2 Platform , Java Card technology makes it

easy to integrate security tokens into a complete Java software solution.

Industries Embracing the Java Card Platform

Almost any type of smart card can be fitted with Java Card technology, including:

SIM cards used in cell phones on most wireless networks

Financial cards providing both online and offline transactions

Government / Healthcare ID cards

Logical access and physical access to enterprise resources

Smart ticketing for mass transit

On the majority of cellular telephone networks, smart cards (commonly called SIM

cards) are required to activate the telephone. The card authenticates the user and

provides encryption keys for digital voice transmission. When fitted with Java Card

technology, SIM cards can also provide transactional services such as remote banking

and ticketing. Hundreds of millions of Java Card technology-based SIM cards are



already powering next-generation services in cell phones.

In the banking industry, smart cards give users secure access to a wide array of

networked financial services including cash machines, bill paying, and bridge tolls.

Java Card-based smart cards can host multiple financial applications in a single card ,

while delivering third-party services such as mileage programs or secure, on-line

trading.

A wide variety of other applications are available wherever security and authenticated

identity are important, such as providing access to facilities and medical records.

Java Card technology will enhance consumer access to new, e-commerce services

through a range of connected appliances. Cellular phones and pay-TV equipment are

examples of markets where the majority of products now available include built-in

smart cards readers.



BENEFITS OF JAVA CARD TECHNOLOGY

There are several unique benefits of the Java Card technology for smart card vendors

and issuers:

1. Interoperable - Applets developed with Java Card technology will run on any

Java Card technology-based smart card, independently of the card vendor and

underlying hardware.

2. Secure - Java Card technology relies on the inherent security of the Java

programming language to provide a secure execution environment. It was

designed through an open process, and the platform's proven industry

deployments and security evaluations ensure that card issuers benefit from the

most capable and secure technology available today.

3. Multi-Application Capable - Java Card technology enables multiple applications

to co-exist securely on a single smart card.

4. Dynamic - New applications can be installed securely after a card has been

issued, providing card issuers with the ability to dynamically respond to their

customer's changing needs.

5. Open - Java Card application developers benefit from object-oriented

programming and design, and have access to off-the-shelf Java development

tools.

6. Compatible with Existing Standards - The Java Card API is compatible with

international standards for smart cards such as ISO7816, or EMV. It is

referenced by major industry-specific standards such as Global Platform and

ETSI.



COMPONENTS OF JAVA CARD TECHNOLOGY

Sun Microsystems publishes the Java Card Platform Specification and the Java Card

Development Kit which includes a reference implementation based on this specification.

Providing the basis for cross-platform and cross-vendor applet interoperability, the Java

Card Platform Specification in its latest 2.2.1 version includes three documents:

Virtual Machine Specification for the Java Card Platform

The Java Card Virtual Machine (VM) Specification defines the features, services,

and behavior required of an implementation of the Java Card technology. It

includes the instruction set of a Java Card Virtual Machine, the supported subset of

the Java language, and the file formats used for installing applets and libraries into

devices, like smart cards, which implement Java Card technology.

Runtime Environment Specification for the Java Card Platform

The Java Card Runtime Environment (RE) Specification complements the Java

Card API Specification and defines the necessary behavior of the runtime

environment in any implementation of the Java Card technology. Such an

implementation includes an implementation of the Java Card Virtual Machine, the

Java Card Application Programming Interface (API) classes, and runtime support

services such as the selection and deselection of applets.

API for the Java Card Platform

The Java Card API is compatible with formal international standards and industry-

specific standards. It contains the class definitions required to support the Java

Card VM and the Java Card RE.



The Java Card Development Kit is a suite of tools for designing Java Card technology-

based implementations and developing applets based on the Java Card API

Specification:

The C-JCRE is a reference implementation of the Java Card Runtime Environment

written in the C programming language. The C-JCRE also includes the Java Card

Virtual Machine interpreter.

Off-card platform components such as the Java Card Converter and the Java Card

Verifier complement the C-JCRE to provide a complete development chain.

Additional design and testing tools enable developers to prototype and test Java

Card applications.

Advantages of Developing with Java Card technology

Java Card technology offers all the advantages of developing applications in the Java

programming language:

High programmer productivity

Object-oriented programming with greater code modularity and reusability

Java language protections apply to Java Card applets, enforcing strong typing and

protection attributes

Availability of powerful off-the-shelf development tools



LICENSING OF JAVA CARD

Java Card technology is licensed to smart card manufacturers representing more than 90

percent of the world's smart card manufacturing capacity. It provides a range of new

opportunities for original equipment manufacturers (OEMs) and their partners across

multiple industries. In particular, the applet interpretability provided by Java Card

technology allows card issuers to mix and match third-party applications, including

standard payment applications, stored value, computer authorization, data management,

and many more.

Java Card technology licensees may get access to the Java Card Technology

Compatibility Kit (TCK). The Java Card TCK can be licensed from Sun to certify a Java

Card implementation on a particular platform.

Additionally Sun provides from time to time exclusive deliverables to the licensee

community, such as the Java Card Toolkit, or the Java Card Protection Profile. The Java

Card Toolkit is a Java Card simulator and debugger. It has been designed for integration

into third-party Integrated Development Environments (IDEs). It enables Java Card

licensees to provide a realistic simulation and debugging environment within their Java

Card tools. The Java Card Protection Profile reduces the time and cost for Java Card

licensees to complete security evaluations under Common Criteria. It provides a reusable

set of security requirements specifically for the Java Card platform. Java Card products

evaluated using Common Criteria provide licensees with the ability to meet the increasing

demand by banks, governments and other card issuers for security evaluations.



CONCLUSION

This article first reviews some fundamental concepts of smart cards, and then explains

Java Card 2.0 internals and shows you how to develop a Java Card application.

A Java Card applet is compiled using a regular Java compiler. The output of the compiler

(a class file) is input into a Java Card converter which enforces Java Card 2.0 subset

compliance, performs name resolution and initial address linking, and optimizes the Java

byte code to be suitably running on a Java Card VM. The output of the converter can then

be downloaded onto a Java Card. The details of the converter and applet installation

protocols aren't discussed in this article because they haven't yet been standardized. We

hope to cover these areas in future article.

The Java Card adds a new platform to the world of Java. Widespread adoption and

deployment of the Java Card will require marketing promotion, more applications and

tools development, and time. At the same time, the number of Java Cards in existence

could easily extend into the millions within the next few years. Which means you may

soon be storing your personal information and downloading applications using a little card

you carry around in your wallet or purse.



REFERENCES

Websites

http://www.javaworld.com/javaworld/

http://java.sun.com/developer/technicalArticles/javacard/javacard3

http://www.javaenvt.com/java cardfeatures/

Research Work

Java Card : Semantique, optimisations et securite [http://www.irisa.fr/lande/jensen/javacard.html]

LOOP subproject: applications to Java Card [http://www.cs.kun.nl/%7ebart/LOOP/javacard.html]

Reference Guides

Advance Java Appilcations (2nd Edition,Michel Shamz)

Java Applet Programming 2010 (Dennis Marshell)


http://www.cs.kun.nl/~bart/LOOP/javacard.html

http://www.irisa.fr/lande/jensen/javacard.html

http://www.javaenvt.com/java

http://java.sun.com/developer/technicalArticles/javacard/javacard3

http://www.javaworld.com/javaworld/

java card word document

Documents

Transcript of java card word document