java card word document
-
Upload
shafeer036 -
Category
Documents
-
view
2.203 -
download
2
description
Transcript of java card word document
Java Card Technology Seminar Report 2006 Admission
INTRODUCTION
Java Card technology adapts the Java platform for use on smart cards and other devices
whose environments are highly specialized, and whose memory and processing
constraints are typically more severe than those of J2ME devices. Java Card technology
is evolving. Accompanying both the technical evolution of smart card chips and the needs
of application developers, new features have been introduced recently, such as remote
method invocation (RMI), automated de-allocation of unreachable objects, and the
possibility of having several communication channels open between the card and the
card reader. In addition, version 2.2 of the Java Card specifications ([JCVM22][JCRE22]
[JCAPI22]) also introduces some of the previously mentioned card management features,
such as applet deletion. Smart cards are very useful in the areas of personal security.
They can be used to add authentication and secure access to information systems that
require a high level of security. Information stored in smart cards is portable. With Java
Card technology you can carry around valuable and sensitive personal information such
as your medical history, credit card numbers, or electronic cash balances in a medium
that is compact, yet very secure.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology1
Java Card Technology Seminar Report 2006 Admission
WHAT IS A SMART CARD ?
Identical to the size of a credit card, a smart card stores and processes information
through the electronic circuits embedded in silicon in the plastic substrate of its body.
There are two basic kinds of smart cards: An intelligent smart card contains a
microprocessor and offers read, write, and calculating capability, like a small
microcomputer. A memory card, on the other hand, does not have a microprocessor and
is meant only for information storage. A memory card uses security logic to control the
access of memory.
All smart cards contain three types of memory: persistent non-mutable memory;
persistent mutable memory; and non-persistent mutable memory. ROM, EEPROM, and
RAM are the most widely-used memory for the three respective types in the current smart
cards. Persistent memory is also called non-volatile memory. We will use the terms
persistent and non-volatile interchangeably in this article.
ISO 7816 part 1-7, defined by International Standard Organization, contains a set of
standards that covers various aspects of smart cards. ISO 7816 consists of:
Physical characteristics (part 1)
Dimensions and location of the contacts (part 2)
Electronic signals and Transmission protocols (part 3)
Inter-industry commands for interchange (part 4)
Application identifiers (Part 5)
Inter-industry data elements (Part 6)
Inter-industry commands for SCQL (Part 7)
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology2
Java Card Technology Seminar Report 2006 Admission
The following diagram illustrates the physical characteristics of a smart card, which are
defined in ISO 7816, part 1.
For more on ISO 7816 and smart cards, see "Smart cards: A primer."
Normally, a smart card does not contain a power supply, a display, or a keyboard. It
interacts with the outside world using the serial communication interface via its eight
contact points. The dimensions and location of the contacts are covered in part 2 of ISO
7816. This diagram shows the contacts on a smart card.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology3
Java Card Technology Seminar Report 2006 Admission
A smart card is inserted into a Card Acceptance Device (CAD), which may connect to
another computer. Other terms used for the Card Acceptance Device are terminal,
reader, and IFD (interface device). They all provide the same basic functions, namely to
supply the card with power and to establish a data-carrying connection.
When two computers communicate with each other, they exchange data packages, which
are constructed following a set of protocols. Similarly, smart cards speak to the outside
world using their own data packages -- called APDU (Application Protocol Data Units).
APDU contains either a command or a response message. In the card world, the master-
slave model is used whereby a smart card always plays the passive role. In other words,
a smart card always waits for a command APDU from a terminal. It then executes the
action specified in the APDU and replies to the terminal with a response APDU.
Command APDUs and response APDUs are exchanged alternatively between a card and
a terminal.
The smart cards that were introduced in the 1980s had a single chip in every card, with
very limited resources (especially RAM). The dominant smart card technology today runs
on 4 to 8 Kb of RAM and 32 to 64 Kb of EEPROM, using slow 8-bit processors, and uses
a very limited subset of Java that provides
Partial support of basic types (8/16-bit values, no float, no String)
Small subset of Java ME APIs
Specific, pre-processed binary file formats
Single threading (no garbage collection)
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology4
Java Card Technology Seminar Report 2006 Admission
Figure 1: The smart chip in a card
Java Card 3 extends the Java Card 2 support for classic applets into improved connected
features targeting less resource-constrained devices and including new network-oriented
features.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology5
Java Card Technology Seminar Report 2006 Admission
JAVA CARD SPECIFICATIONS
A Java Card is a smart card that is capable of running Java programs. The Java Card 2.0
specification was published at http://www.javasoft.com/javacard. It contains detailed
information for building the Java Card virtual machine and application programming
interface (API) in smart cards. The minimum system requirement is 16 kilobytes of read-
only memory (ROM), 8 kilobytes of EEPROM, and 256 bytes of random access memory
(RAM).
The system architecture on the Java Card is illustrated in the following figure.
As shown in the figure, the Java Card VM is built on top of a specific integrated circuit (IC)
and native operating system implementation. The JVM layer hides the manufacturer's
proprietary technology with a common language and system interface. The Java Card
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology6
Java Card Technology Seminar Report 2006 Admission
framework defines a set of Application Programming Interface (API) classes for
developing Java Card applications and for providing system services to those
applications. A specific industry or business can supply add-on libraries to provide a
service or to refine the security and system model. Java Card applications are called
applets. Multiple applets can reside on one card. Each applet is identified uniquely by its
AID (application identifier), as defined in ISO 7816, part 5.
An important point to keep in mind is what smart cards are not: They are not personal
computers. They have limited memory resources and computing power. Users should not
think of Java Card 2.0 as simply a stripped-down version of the JDK.
The lifetime of a Java Card
The Java Card lifetime starts when the native OS, Java Card VM, API classes libraries
and optionally, applets are burned into ROM. This process of writing the permanent
components into the non-mutable memory of a chip for carrying out incoming commands
is called masking.
Before it lands in your wallet, a Java Card needs to go through initialization and
personalization. Initialization refers to loading general data into a card's non-volatile
memory. This data is identical across a large number of cards and is not specific to an
individual; an example might be the issuer or manufacture's name.
The next step, personalization, involves assigning a card to a person. It can occur
through physical personalization or through electronic personalization. Physical
personalization refers to embossing or laser engraving your name and card number on
the plastic surface of a card. Electronic personalization refers to loading personal data
into a card's non-volatile memory, for example, your personal key, name, and pin number.
Initialization and Personalization vary from vendor to vendor and issuer to issuer. In both,
EEPROM (a type of non-volatile memory) is often used for storing data.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology7
Java Card Technology Seminar Report 2006 Admission
At this point, the Java Card is ready for use. You can get a Java Card from an issuer or
buy it from a retailer. Cards sold by a retailer are general-purpose, in which case
personalization is often omitted.
Now you can insert your Java Card into a reader and send APDU commands to the
applets residing on the card or download more applets or data onto the card.
A Java Card remains active until it is expired or blocked due to an unrecoverable error.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology8
Java Card Technology Seminar Report 2006 Admission
JAVA CARD VIRTUAL MACHINE
The Java Card Virtual Machine (JCVM) specification defines a
subset of the Java programming language and a Java-compatible VM for smart cards,
including binary data representations and file formats, and the JCVM instruction set. The
VM for the Java Card platform is implemented in two parts, with one part external to the
card and the other running on the card itself. The on-card Java Card VM interprets byte
code, manages classes and objects, and so on. The external Java VM part is a
development tool, typically referred to as the Java Card Converter tool, that loads,
verifies, and further prepares the Java classes in a card applet for on-card execution. The
output of the converter tool is a Converted Applet (CAP) file, a file that contains all the
classes in a Java package in a loadable, executable binary representation. The converter
verifies that the classes conform to the Java Card specification. The JCVM supports only
a restricted subset of the Java programming language, yet it preserves many of the
familiar features including objects, inheritance, packages, dynamic object creation, virtual
methods, interfaces, and exceptions.
Lifetime of a Java Card virtual machine
Unlike the Java virtual machine (JVM) in a PC or workstation, the Java Card virtual
machine runs forever.
Most of the information stored on the card must be preserved even when the power is
removed -- that is, when the card is removed from the reader. The Java Card VM creates
objects in EEPROM to hold the persistent information. The execution lifetime of the Java
Card VM is the lifetime of the card. When the power is not provided, the VM runs in an
infinite clock cycle.
The lifetime of Java Card applets and objects
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology9
Java Card Technology Seminar Report 2006 Admission
An applet's life starts when it is properly installed and registered with the system's registry
table and ends when it is removed from the table. The space of a removed applet may or
may not be reused, however, depending on whether garbage collection is implemented
on the card. An applet on a card is in an inactive stage until it is explicitly selected by the
terminal.
Objects are created in the persistent memory (for example, EEPROM). They could be lost
or garbage-collected if other persistent objects do not reference them. However, it's a
thousand times slower to write to EEPROM than to RAM.
Some objects are accessed frequently, and the contents of their fields need not be
persistent. The Java Card supports transient (temporary) objects in RAM. Once an object
has been declared as transient, its contents can not be moved back to the persistent
memory.
Java Card 2.0 language subset
Java Card programs are, of course, written in Java. They are compiled using common
Java compilers. Due to limited memory resources and computing power, not all the
language features defined in the Java Language Specification are supported on the Java
Card. Specifically, the Java Card does not support:
Dynamic class loading
Security manager
Threads and synchronization
Object cloning
Finalization
Large primitive data types (float, double, long, and char)
It's no surprise that keywords that support those features are also omitted from the
language. VM implementers may decide to support 32-bit integer type or native methods
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology10
Java Card Technology Seminar Report 2006 Admission
for post-issuance applets if they are working on a more advanced smart card with more
memory. Post-issuance applets are those applets that are installed on a Java Card after
the card is issued to a card holder.
The Java Card 2.0 framework
Smart cards have been in the market for 20 years, and most of them are generally
compatible with ISO 7816 Parts 1-7 and/or EMV. We've already looked at ISO 7816.
What's EMV? The EMV standard, defined by Europe, MasterCard, and Visa, is based on
the ISO 7816 series of standards with additional proprietary features to meet the specific
needs of the financial industry. The Java Card Framework is designed to easily support
smart card systems and applications. It hides the details of the smart card infrastructure
and provides Java Card application developers with a relatively easy and straightforward
programming interface.
Java Card security
Java applets are subject to Java security restrictions, however, the security model of Java
Card systems differs from standard Java in many ways.
The Security Manager class is not supported on Java Card. Language security policies
are implemented by the virtual machine.
Java applets create objects that store and manipulate data. An object is owned by the
applet that creates it. Even though an applet may have the reference to an object, it
cannot invoke the object's methods, unless it owns the object or the object is explicitly
shared. An applet can share any of its objects with a particular applet or with all applets.
An applet is an independent entity within a Java Card. Its selection, execution, and
functionality are not affected by other applets residing on the same card.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology11
Java Card Technology Seminar Report 2006 Admission
How things work together inside a Java Card???
Inside a Java Card, JCRE (Java Card Runtime Environment) refers to the Java Card
virtual machine and the classes in the Java Card Framework. Each applet within a Java
Card is associated with unique AID assigned by JCRE.
After an applet is correctly loaded into the card's persistent memory and linked with the
Java Card Framework and other libraries on the card, JCRE calls the applet's install
method as the last step in the applet installation process. A public static method, install,
must be implemented by an applet class to create an instance of the applet and register it
with JCRE. Because memory is limited, it's good programming practice, at this point, to
create and initialize the objects the applet will need during its lifetime.
An applet on the card remains inactive until it is explicitly selected. The terminal sends a
"SELECT APDU" command to JCRE. JCRE suspends the currently selected applet and
invokes the applet's deselect method to perform any necessary cleanup. JCRE then
marks the applet whose AID is specified in the "SELECT APDU" command as the
currently selected applet and calls the newly selected applet's select method. The select
method prepares the applet to accept APDU commands. JCRE dispatches the
subsequent APDU commands to the currently selected applet until it receives the next
"SELECT APDU" command.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology12
Java Card Technology Seminar Report 2006 Admission
INDUSTRIES
Almost any type of smart card can benefit from Java Card technology:
Subscriber Identity Module (SIM) cards, used in cell phones on most wireless
networks
Financial cards supporting both online and offline transactions
Government and health-care identity cards
Cards that provide logical access and physical access to enterprise resources
Smart tickets for mass transit
On the majority of cellular telephone networks, a subscriber uses a smart card commonly
called a SIM card to activate the telephone. The card authenticates the user and provides
encryption keys for digital voice transmission. When fitted with Java Card technology, SIM
cards can also provide transactional services such as remote banking and ticketing.
Hundreds of millions of SIM cards based on Java Card technology are already powering
innovative services in cell phones.
In the banking industry, smart cards give users secure access to a wide array of
networked financial services including cash machines, bill paying, and bridge tolls. Java
Card technology enables a single smart card to host multiple financial applications, and to
deliver third-party services such as mileage programs or secure online trading.
Other applications are available in a wide variety, wherever security and authenticated
identity are important, such as in controlling access to secure facilities and to medical
records.
Java Card technology will enhance consumer access to new, e-commerce services
through a range of connected appliances. Cellular phones and pay-TV equipment are
examples of markets where the majority of products now available already include smart
card readers.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology13
Java Card Technology Seminar Report 2006 Admission
JAVA CARD TECHNOLOGY DATASHEET
Java Card technology enables smart cards and other devices with limited memory to
securely run small applications, called applets, that utilize Java technology. It provides
smart card manufacturers with a secure and interoperable execution platform, capable
of storing and updating multiple applications on a single device. Java Card technology
is compatible with existing smart card standards.
With Java Card technology, new smart card - based applications and services can be
rapidly and securely built, tested, and deployed. This reduces development costs, adds
product differentiation, and enhances value-add for customers.
A complementary technology to the Java 2 Platform , Java Card technology makes it
easy to integrate security tokens into a complete Java software solution.
Industries Embracing the Java Card Platform
Almost any type of smart card can be fitted with Java Card technology, including:
SIM cards used in cell phones on most wireless networks
Financial cards providing both online and offline transactions
Government / Healthcare ID cards
Logical access and physical access to enterprise resources
Smart ticketing for mass transit
On the majority of cellular telephone networks, smart cards (commonly called SIM
cards) are required to activate the telephone. The card authenticates the user and
provides encryption keys for digital voice transmission. When fitted with Java Card
technology, SIM cards can also provide transactional services such as remote banking
and ticketing. Hundreds of millions of Java Card technology-based SIM cards are
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology14
Java Card Technology Seminar Report 2006 Admission
already powering next-generation services in cell phones.
In the banking industry, smart cards give users secure access to a wide array of
networked financial services including cash machines, bill paying, and bridge tolls.
Java Card-based smart cards can host multiple financial applications in a single card ,
while delivering third-party services such as mileage programs or secure, on-line
trading.
A wide variety of other applications are available wherever security and authenticated
identity are important, such as providing access to facilities and medical records.
Java Card technology will enhance consumer access to new, e-commerce services
through a range of connected appliances. Cellular phones and pay-TV equipment are
examples of markets where the majority of products now available include built-in
smart cards readers.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology15
Java Card Technology Seminar Report 2006 Admission
BENEFITS OF JAVA CARD TECHNOLOGY
There are several unique benefits of the Java Card technology for smart card vendors
and issuers:
1. Interoperable - Applets developed with Java Card technology will run on any
Java Card technology-based smart card, independently of the card vendor and
underlying hardware.
2. Secure - Java Card technology relies on the inherent security of the Java
programming language to provide a secure execution environment. It was
designed through an open process, and the platform's proven industry
deployments and security evaluations ensure that card issuers benefit from the
most capable and secure technology available today.
3. Multi-Application Capable - Java Card technology enables multiple applications
to co-exist securely on a single smart card.
4. Dynamic - New applications can be installed securely after a card has been
issued, providing card issuers with the ability to dynamically respond to their
customer's changing needs.
5. Open - Java Card application developers benefit from object-oriented
programming and design, and have access to off-the-shelf Java development
tools.
6. Compatible with Existing Standards - The Java Card API is compatible with
international standards for smart cards such as ISO7816, or EMV. It is
referenced by major industry-specific standards such as Global Platform and
ETSI.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology16
Java Card Technology Seminar Report 2006 Admission
COMPONENTS OF JAVA CARD TECHNOLOGY
Sun Microsystems publishes the Java Card Platform Specification and the Java Card
Development Kit which includes a reference implementation based on this specification.
Providing the basis for cross-platform and cross-vendor applet interoperability, the Java
Card Platform Specification in its latest 2.2.1 version includes three documents:
Virtual Machine Specification for the Java Card Platform
The Java Card Virtual Machine (VM) Specification defines the features, services,
and behavior required of an implementation of the Java Card technology. It
includes the instruction set of a Java Card Virtual Machine, the supported subset of
the Java language, and the file formats used for installing applets and libraries into
devices, like smart cards, which implement Java Card technology.
Runtime Environment Specification for the Java Card Platform
The Java Card Runtime Environment (RE) Specification complements the Java
Card API Specification and defines the necessary behavior of the runtime
environment in any implementation of the Java Card technology. Such an
implementation includes an implementation of the Java Card Virtual Machine, the
Java Card Application Programming Interface (API) classes, and runtime support
services such as the selection and deselection of applets.
API for the Java Card Platform
The Java Card API is compatible with formal international standards and industry-
specific standards. It contains the class definitions required to support the Java
Card VM and the Java Card RE.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology17
Java Card Technology Seminar Report 2006 Admission
The Java Card Development Kit is a suite of tools for designing Java Card technology-
based implementations and developing applets based on the Java Card API
Specification:
The C-JCRE is a reference implementation of the Java Card Runtime Environment
written in the C programming language. The C-JCRE also includes the Java Card
Virtual Machine interpreter.
Off-card platform components such as the Java Card Converter and the Java Card
Verifier complement the C-JCRE to provide a complete development chain.
Additional design and testing tools enable developers to prototype and test Java
Card applications.
Advantages of Developing with Java Card technology
Java Card technology offers all the advantages of developing applications in the Java
programming language:
High programmer productivity
Object-oriented programming with greater code modularity and reusability
Java language protections apply to Java Card applets, enforcing strong typing and
protection attributes
Availability of powerful off-the-shelf development tools
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology18
Java Card Technology Seminar Report 2006 Admission
LICENSING OF JAVA CARD
Java Card technology is licensed to smart card manufacturers representing more than 90
percent of the world's smart card manufacturing capacity. It provides a range of new
opportunities for original equipment manufacturers (OEMs) and their partners across
multiple industries. In particular, the applet interpretability provided by Java Card
technology allows card issuers to mix and match third-party applications, including
standard payment applications, stored value, computer authorization, data management,
and many more.
Java Card technology licensees may get access to the Java Card Technology
Compatibility Kit (TCK). The Java Card TCK can be licensed from Sun to certify a Java
Card implementation on a particular platform.
Additionally Sun provides from time to time exclusive deliverables to the licensee
community, such as the Java Card Toolkit, or the Java Card Protection Profile. The Java
Card Toolkit is a Java Card simulator and debugger. It has been designed for integration
into third-party Integrated Development Environments (IDEs). It enables Java Card
licensees to provide a realistic simulation and debugging environment within their Java
Card tools. The Java Card Protection Profile reduces the time and cost for Java Card
licensees to complete security evaluations under Common Criteria. It provides a reusable
set of security requirements specifically for the Java Card platform. Java Card products
evaluated using Common Criteria provide licensees with the ability to meet the increasing
demand by banks, governments and other card issuers for security evaluations.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology19
Java Card Technology Seminar Report 2006 Admission
CONCLUSION
This article first reviews some fundamental concepts of smart cards, and then explains
Java Card 2.0 internals and shows you how to develop a Java Card application.
A Java Card applet is compiled using a regular Java compiler. The output of the compiler
(a class file) is input into a Java Card converter which enforces Java Card 2.0 subset
compliance, performs name resolution and initial address linking, and optimizes the Java
byte code to be suitably running on a Java Card VM. The output of the converter can then
be downloaded onto a Java Card. The details of the converter and applet installation
protocols aren't discussed in this article because they haven't yet been standardized. We
hope to cover these areas in future article.
The Java Card adds a new platform to the world of Java. Widespread adoption and
deployment of the Java Card will require marketing promotion, more applications and
tools development, and time. At the same time, the number of Java Cards in existence
could easily extend into the millions within the next few years. Which means you may
soon be storing your personal information and downloading applications using a little card
you carry around in your wallet or purse.
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology20
Java Card Technology Seminar Report 2006 Admission
REFERENCES
Websites
http://www.javaworld.com/javaworld/
http://java.sun.com/developer/technicalArticles/javacard/javacard3
http://www.javaenvt.com/java cardfeatures/
Research Work
Java Card : Semantique, optimisations et securite [http://www.irisa.fr/lande/jensen/javacard.html]
LOOP subproject: applications to Java Card [http://www.cs.kun.nl/%7ebart/LOOP/javacard.html]
Reference Guides
Advance Java Appilcations (2nd Edition,Michel Shamz)
Java Applet Programming 2010 (Dennis Marshell)
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology21
Java Card Technology Seminar Report 2006 Admission
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology22
Java Card Technology Seminar Report 2006 Admission
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology23
Java Card Technology Seminar Report 2006 Admission
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology24
Java Card Technology Seminar Report 2006 Admission
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology25
Java Card Technology Seminar Report 2006 Admission
Dept.of Computer Science & Engg Veda Vyasa Institute of Technology26