SlideShare a Scribd company logo

Technical Overview of Java Card

Anshuman Sinha
Anshuman Sinha

This document provides a technical overview of Java for smartcards. It discusses why Java is used for smartcards, the Java Card architecture including applets, runtime environment and global platform specifications. It also summarizes key aspects of the Java Card toolchain, development process and security features.

1 of 32
Technical Overview of Java for Smartcards Anshuman Sinha
Presentation Java Card Global Platform Java Card Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
Why Java for Smartcards? Popular High level language, Object-oriented, large programmer base … Write once and run anywhere Any vendor ’ s smart card (Interoperability) Any vendor ’ s secure controller (Portability) Open programmable platform for third party application development Java Card is the winner … SIM, PIV, TWIC etc. Anshuman Sinha <anshuman.sinha2@gmail.com>
Java Platforms Anshuman Sinha <anshuman.sinha2@gmail.com> Java Platform Size Machine Size
Java Card Tool Chain Anshuman Sinha <anshuman.sinha2@gmail.com> .Java Files .class Files .jca Files .exp Files Converter Java Smartcard Loader Use any Java compiler Use favorite development environment Loader is specific Compiler . exp Files .cap Files
Java Card Block Diagram Anshuman Sinha <anshuman.sinha2@gmail.com> Card Operating System Java Card VM Java Card Runtime Environment (JCRE) Java Card API APDU Response Card Manager Smartcard Controller + Cryptography Co-processor Applet 3 Applet 2 Applet 1 Currently Selected Applet Vertical API(s)
Hardware Anshuman Sinha <anshuman.sinha2@gmail.com> R / F Interface Memory Chip Controller Antenna Coil Clk I/O Reset Vcc GND Clk I/O Reset Vcc GND Clk Mod Demod EEPROM Security & Address Logic EEPROM ROM CPU NPU Smartcard Contacts ROM RAM
Java Card Operating System Anshuman Sinha <anshuman.sinha2@gmail.com> Process Loop Terminal Command Process Loop File System File context Crypto algorithms Data Integrity Memory Management Hardware Interfaces Memory write/erase Anti-Tearing Access Controller EEPROM/Flash Memory Write Log If no tear clear the transaction buffer If tear, roll back the update as if no write occurred ISO Commands ISO File System Anti-Tearing Tear Begin Transaction EF 1 EF 2 DF1 DF2 MF
Java Card Runtime Environment Anshuman Sinha <anshuman.sinha2@gmail.com> Java Applet Storage Java Heap Storage Java Native Interface Applet Selection Applet Instantiation Applet Context Exception Handling Session Anti-tearing Random security checks Firewalling Applet Data and Code Applet Firewall Java Bytecode Storage Java Object Store Applet 3 Applet 2 Applet 1 Currently Selected Applet
Applet Firewalling On Java Card the applets are firewalled, which means one applet can ’ t access the objects of the other at runtime. Each applet has its own Context . Applet firewall is separation of one context from another. JCRE has global context. It has access privileges to objects / fields of any applet. Anshuman Sinha <anshuman.sinha2@gmail.com>
Smartcard Protocols Anshuman Sinha <anshuman.sinha2@gmail.com> 7816 – 4 Inter-Industry commands for interchanges 7816 - 1 Physical Characteristics 7816 - 2 Dimension and locations of the contacts 14443 - 1 Physical Characteristics 7816 - 3 Electronic Signals and Transmission Protocol 14443 - 2 RF power and Signal I/F 14443 - 3 Initialization and anticollision 14443 - 4 Transmission protocol 7816 - 3 T=1/T=0 Transmission protocol Contact stack Contactless stack
Java Card 2.2.2 API Java.io Java.lang Java.rmi service Javacard.framework Applet AID APDU … Javacard.security DESKey AESKey Checksum … Javacard.framework.service Javacardx.crypto DES Algorithm AES Algorithm RSA … and ECC Javacardx.apdu Javacardx.biometry Javacardx.external Javacardx.framework.math Javacardx.framework.util Javacardx.framework.util.intx Anshuman Sinha <anshuman.sinha2@gmail.com> Core Packages
Java Subsetting Multi-Threading String handling Dynamic Class loading Security Manager Card Manager Garbage Collection and finalization Object cloning Access control in Java packages Anshuman Sinha <anshuman.sinha2@gmail.com>
Fully Supported Features packages dynamic object creation transient objects virtual methods / inheritance interfaces Exceptions Pseudo-Garbage Collection Anshuman Sinha <anshuman.sinha2@gmail.com>
Partially supported features Object class is the root class of all the objects but not all methods are supported. Throwable class is not supported fully but is available as the root class of all exceptions thrown. Anshuman Sinha <anshuman.sinha2@gmail.com>
Token-based Linking Items are referenced as opaque tokens. Linking can be either on-card or off card. No need to know internal implementation details of on card API to link off-card cardlets. Works efficiently with limited resources (RAM) on card. Converter refers to export file of the package to link to external items It picks the external token from export file and puts in the CAP file of the a package Since name-to-token mapping is published in export file, the tokens can be assigned any order Anshuman Sinha <anshuman.sinha2@gmail.com>
Java Execution Engine Anshuman Sinha <anshuman.sinha2@gmail.com> Runtime Applet Context Applet (package) JCRE Context Operands Frame 16 bit Word 1. 2. Bytecode Handlers Native Table Function Locals Execute 3. Increment Fetch Update Java Heap
Security Exception Instructions which throw securityException. All invokes (static/special/interface) getfields and putfields checkcast instanceof athrow arraylength Anshuman Sinha <anshuman.sinha2@gmail.com> Security is built in the bytecodes Java Card virtual machine can throw runtime exception on these bytecodes
Exceptions Exception object has 2 byte reason code instead of message string as a parameter to the exception class. Exceptions are of two types - Checked and Unchecked. Checked exceptions must be caught and declared by keyword throws in the method body. Anshuman Sinha <anshuman.sinha2@gmail.com>
Exceptions Unchecked exceptions or runtime exceptions are runtime errors thrown by JCVM or JCRE Known Exception objects are pre-created and an application supplies the reason code and calls the throwIt method Anshuman Sinha <anshuman.sinha2@gmail.com>
Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
Global Platform Global Platform specifies secure, dynamic card and application management using commands, policies, transaction sequences and interfaces that are hardware neutral System, Terminal and Card Specifications Card Specifications Defines the loading of applets to card both pre and post issuance Registers Applets to Security Domain Verifies source of application code by validating signature Opening and closing of (SSL like) secure channel Application Management – Install and Delete Card Management and life cycle Anshuman Sinha <anshuman.sinha2@gmail.com>
Card Manager Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> OP_Ready Initialised Secured CM_Locked Terminated Card manager acts as default selected application Initialisation key controls access At least one key set loaded Post-issuance mode (at least MACing required) All applications locked Only Card Manager is available End of card life cycle (card is mute) APDU Set Status API lockCardManager API terminateCardManager
Applet Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> Installed Selectable Personalized Blocked Locked Application is installed (instantiated) but not available yet Application is available (activated) Application has been personalized Application is blocked, but behaviour is application-dependent Application is locked (not available) Only Card Manager can unlock APDU Set Status API setCardContentState Deleted APDU Install APDU Delete
Applet Loading Anshuman Sinha <anshuman.sinha2@gmail.com> Security Domain B Card Manager Security Domain A Applet Applet Application Provider B Card Issuer OPEN NETWORK Application Provider A HOST CARD Application Provider A Application Provider B Java Card Applet Applet chunks Secure Channel
Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
Java Card Applets [1/2] Extension of javacard.framework.applet Applet has following methods … deselect() getShareableInterfaceObject(..) Install(..) Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE before selection of another applet . Called by JCRE on behalf of client applet to get all methods which are shared … Called by JCRE on behalf of client applet to get all methods which are shared …
Java Card Applets [2/2] Process(APDU) Register(..) Select() SelectingApplet() Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE to process application specific commands Called by JCRE to process application specific commands Called by JCRE when this applet is selected Called by JCRE to return any data back to terminal while the applet is being selected
Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
Client Software Java Client Software PCSC / JPCSC – Reader Connections Card Detection Service Registry Applet Loading Splits Applet into chunks Loading and Verification Application Based Commands For e.g. PIV – Reading Image of Cardholder Test Suites Visual Basic Scripting Java Client Anshuman Sinha <anshuman.sinha2@gmail.com>
PCSC/JPCSC Design Anshuman Sinha <anshuman.sinha2@gmail.com> ICC Aware Application Service Providers ICC Resource Manager IFD IFD IFD RS232 PS/2 IFD Handler ICC ICC ICC IFD Handler IFD Handler
References Java Card specifications Global Platform specifications ISO 7816 and 14443 standards PC/SC specifications NIST SP 800-73 specifications for PIV … and Others Anshuman Sinha <anshuman.sinha2@gmail.com>
Ad

Recommended

Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
jCardSim - development platform for Java Card Applications
jCardSim - development platform for Java Card ApplicationsjCardSim - development platform for Java Card Applications
jCardSim - development platform for Java Card Applications
Mikhail Dudarev
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Storage spaces
Storage spaces Storage spaces
Storage spaces
Najmul Hossain Nayan
 
1. JUNOS_Fundamentals.ppt
1. JUNOS_Fundamentals.ppt1. JUNOS_Fundamentals.ppt
1. JUNOS_Fundamentals.ppt
ThanhTrungBui5
 
Interrupts
InterruptsInterrupts
Interrupts
Anil Kumar Pugalia
 
Semantic similarity between two sentences in arabic
Semantic similarity between two sentences in arabicSemantic similarity between two sentences in arabic
Semantic similarity between two sentences in arabic
Khadija Mohamad
 
CISA-Certificate (1)
CISA-Certificate (1)CISA-Certificate (1)
CISA-Certificate (1)
Chandra Gangadharan
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Java card
Java cardJava card
Java card
rcrahul01
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Riscure
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
RajKumar Rampelli
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARM
National Cheng Kung University
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
Julien SIMON
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
Hossain Md Shakhawat
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
Overview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit MicrocontrollersOverview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit Microcontrollers
Premier Farnell
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
Elasticsearch
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Types of Operating System-converted.pdf
Types of Operating System-converted.pdfTypes of Operating System-converted.pdf
Types of Operating System-converted.pdf
Omid695066
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!
Mikhail Dudarev
 
Java card technology
Java card technologyJava card technology
Java card technology
Keerthi Thomas
 
Ad

More Related Content

What's hot (20)

CISA-Certificate (1)
CISA-Certificate (1)CISA-Certificate (1)
CISA-Certificate (1)
Chandra Gangadharan
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Java card
Java cardJava card
Java card
rcrahul01
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Riscure
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
RajKumar Rampelli
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARM
National Cheng Kung University
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
Julien SIMON
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
Hossain Md Shakhawat
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
Overview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit MicrocontrollersOverview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit Microcontrollers
Premier Farnell
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
Elasticsearch
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Types of Operating System-converted.pdf
Types of Operating System-converted.pdfTypes of Operating System-converted.pdf
Types of Operating System-converted.pdf
Omid695066
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
CISA-Certificate (1)
CISA-Certificate (1)CISA-Certificate (1)
CISA-Certificate (1)
Chandra Gangadharan
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
Java card
Java cardJava card
Java card
rcrahul01
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Riscure
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
RajKumar Rampelli
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARM
National Cheng Kung University
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
Julien SIMON
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
Hossain Md Shakhawat
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Fortinet
FortinetFortinet
Fortinet
ABEP123
 
Overview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit MicrocontrollersOverview of ST7 8-bit Microcontrollers
Overview of ST7 8-bit Microcontrollers
Premier Farnell
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
Elasticsearch
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
Cisco Canada
 
Types of Operating System-converted.pdf
Types of Operating System-converted.pdfTypes of Operating System-converted.pdf
Types of Operating System-converted.pdf
Omid695066
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 

Viewers also liked (20)

jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!
Mikhail Dudarev
 
Java card technology
Java card technologyJava card technology
Java card technology
Keerthi Thomas
 
Java card technology
Java card technologyJava card technology
Java card technology
Amol Kamble
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java card
Java cardJava card
Java card
Ravi Jakashania
 
Javacard
Javacard Javacard
Javacard
Samiksha90
 
Seminar
SeminarSeminar
Seminar
virtualsimcard
 
Rapid Fat Loss Program part2
Rapid Fat Loss Program part2Rapid Fat Loss Program part2
Rapid Fat Loss Program part2
Sonya
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
FIPS 201 / PIV
FIPS 201 / PIVFIPS 201 / PIV
FIPS 201 / PIV
Anshuman Sinha
 
AES for Java Card 2.2.x
AES for Java Card 2.2.xAES for Java Card 2.2.x
AES for Java Card 2.2.x
Anshuman Sinha
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
Olivier Potonniée
 
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
Nexgen Technology
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
Pvrtechnologies Nellore
 
e-Sim Sharing (extract)
e-Sim Sharing (extract)e-Sim Sharing (extract)
e-Sim Sharing (extract)
BearingPoint
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
jpstudcorner
 
Programmable SIM cards, SoftSIMs and eSIMs
Programmable SIM cards, SoftSIMs and eSIMsProgrammable SIM cards, SoftSIMs and eSIMs
Programmable SIM cards, SoftSIMs and eSIMs
Gerry O'Prey
 
jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!
Mikhail Dudarev
 
Java card technology
Java card technologyJava card technology
Java card technology
Keerthi Thomas
 
Java card technology
Java card technologyJava card technology
Java card technology
Amol Kamble
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java card
Java cardJava card
Java card
Ravi Jakashania
 
Javacard
Javacard Javacard
Javacard
Samiksha90
 
Seminar
SeminarSeminar
Seminar
virtualsimcard
 
Rapid Fat Loss Program part2
Rapid Fat Loss Program part2Rapid Fat Loss Program part2
Rapid Fat Loss Program part2
Sonya
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
FIPS 201 / PIV
FIPS 201 / PIVFIPS 201 / PIV
FIPS 201 / PIV
Anshuman Sinha
 
AES for Java Card 2.2.x
AES for Java Card 2.2.xAES for Java Card 2.2.x
AES for Java Card 2.2.x
Anshuman Sinha
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
Olivier Potonniée
 
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
DISCOVERY OF RANKING FRAUD FOR MOBILE APPS - IEEE PROJECTS IN PONDICHERRY,BUL...
Nexgen Technology
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
Pvrtechnologies Nellore
 
e-Sim Sharing (extract)
e-Sim Sharing (extract)e-Sim Sharing (extract)
e-Sim Sharing (extract)
BearingPoint
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
Eric Larcheveque
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
jpstudcorner
 
Programmable SIM cards, SoftSIMs and eSIMs
Programmable SIM cards, SoftSIMs and eSIMsProgrammable SIM cards, SoftSIMs and eSIMs
Programmable SIM cards, SoftSIMs and eSIMs
Gerry O'Prey
 
Ad

Similar to Technical Overview of Java Card (20)

Java Card Security
Java Card SecurityJava Card Security
Java Card Security
Riscure
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009
Sebastian Hans
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
Java-Unit-I.ppt
Java-Unit-I.pptJava-Unit-I.ppt
Java-Unit-I.ppt
RameswarGprec
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
崇倍 洪
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
Vivek Bajpai
 
Security's Once and Future King
Security's Once and Future KingSecurity's Once and Future King
Security's Once and Future King
Kapil Sachdeva
 
Research Paper
Research PaperResearch Paper
Research Paper
poongkuzhali
 
Core java day1
Core java day1Core java day1
Core java day1
Soham Sengupta
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
Aadarsh N
 
Android dev
Android devAndroid dev
Android dev
yincan sheng
 
Introduction java programming
Introduction java programmingIntroduction java programming
Introduction java programming
Nanthini Kempaiyan
 
Java
Java Java
Java
Aashish Jain
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
amiable_indian
 
1.introduction to java
1.introduction to java1.introduction to java
1.introduction to java
Madhura Bhalerao
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
 
Erlang OTP
Erlang OTPErlang OTP
Erlang OTP
Zvi Avraham
 
Applet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java AppletsApplet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java Applets
amitksaha
 
Java/Servlet/JSP/JDBC
Java/Servlet/JSP/JDBCJava/Servlet/JSP/JDBC
Java/Servlet/JSP/JDBC
FAKHRUN NISHA
 
When Web Services Go Bad
When Web Services Go BadWhen Web Services Go Bad
When Web Services Go Bad
Steve Loughran
 
Java Card Security
Java Card SecurityJava Card Security
Java Card Security
Riscure
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009
Sebastian Hans
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
Java-Unit-I.ppt
Java-Unit-I.pptJava-Unit-I.ppt
Java-Unit-I.ppt
RameswarGprec
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
崇倍 洪
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
Vivek Bajpai
 
Security's Once and Future King
Security's Once and Future KingSecurity's Once and Future King
Security's Once and Future King
Kapil Sachdeva
 
Research Paper
Research PaperResearch Paper
Research Paper
poongkuzhali
 
Core java day1
Core java day1Core java day1
Core java day1
Soham Sengupta
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
Aadarsh N
 
Android dev
Android devAndroid dev
Android dev
yincan sheng
 
Introduction java programming
Introduction java programmingIntroduction java programming
Introduction java programming
Nanthini Kempaiyan
 
Java
Java Java
Java
Aashish Jain
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
amiable_indian
 
1.introduction to java
1.introduction to java1.introduction to java
1.introduction to java
Madhura Bhalerao
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
 
Erlang OTP
Erlang OTPErlang OTP
Erlang OTP
Zvi Avraham
 
Applet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java AppletsApplet Architecture - Introducing Java Applets
Applet Architecture - Introducing Java Applets
amitksaha
 
Java/Servlet/JSP/JDBC
Java/Servlet/JSP/JDBCJava/Servlet/JSP/JDBC
Java/Servlet/JSP/JDBC
FAKHRUN NISHA
 
When Web Services Go Bad
When Web Services Go BadWhen Web Services Go Bad
When Web Services Go Bad
Steve Loughran
 
Ad

Recently uploaded (20)

DevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptxDevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
Justin Reock
 
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier VroomAI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
UXPA Boston
 
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptxTop 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
mkubeusa
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Smart Investments Leveraging Agentic AI for Real Estate Success.pptx
Smart Investments Leveraging Agentic AI for Real Estate Success.pptxSmart Investments Leveraging Agentic AI for Real Estate Success.pptx
Smart Investments Leveraging Agentic AI for Real Estate Success.pptx
Seasia Infotech
 
IT484 Cyber Forensics_Information Technology
IT484 Cyber Forensics_Information TechnologyIT484 Cyber Forensics_Information Technology
IT484 Cyber Forensics_Information Technology
SHEHABALYAMANI
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
 
AsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API DesignAsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API Design
leonid54
 
fennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solutionfennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solution
shallal2
 
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
CSUC - Consorci de Serveis Universitaris de Catalunya
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Wonjun Hwang
 
Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?
Eric Torreborre
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptxDevOpsDays SLC - Platform Engineers are Product Managers.pptx
DevOpsDays SLC - Platform Engineers are Product Managers.pptx
Justin Reock
 
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier VroomAI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
UXPA Boston
 
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptxTop 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
mkubeusa
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Smart Investments Leveraging Agentic AI for Real Estate Success.pptx
Smart Investments Leveraging Agentic AI for Real Estate Success.pptxSmart Investments Leveraging Agentic AI for Real Estate Success.pptx
Smart Investments Leveraging Agentic AI for Real Estate Success.pptx
Seasia Infotech
 
IT484 Cyber Forensics_Information Technology
IT484 Cyber Forensics_Information TechnologyIT484 Cyber Forensics_Information Technology
IT484 Cyber Forensics_Information Technology
SHEHABALYAMANI
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
 
AsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API DesignAsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API Design
leonid54
 
fennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solutionfennec fox optimization algorithm for optimal solution
fennec fox optimization algorithm for optimal solution
shallal2
 
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
CSUC - Consorci de Serveis Universitaris de Catalunya
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Kit-Works Team Study_아직도 Dockefile.pdf_김성호
Wonjun Hwang
 
Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?Shoehorning dependency injection into a FP language, what does it take?
Shoehorning dependency injection into a FP language, what does it take?
Eric Torreborre
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
Top-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptxTop-AI-Based-Tools-for-Game-Developers (1).pptx
Top-AI-Based-Tools-for-Game-Developers (1).pptx
BR Softech
 

Technical Overview of Java Card

  • 1. Technical Overview of Java for Smartcards Anshuman Sinha
  • 2. Presentation Java Card Global Platform Java Card Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 3. Why Java for Smartcards? Popular High level language, Object-oriented, large programmer base … Write once and run anywhere Any vendor ’ s smart card (Interoperability) Any vendor ’ s secure controller (Portability) Open programmable platform for third party application development Java Card is the winner … SIM, PIV, TWIC etc. Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 4. Java Platforms Anshuman Sinha <anshuman.sinha2@gmail.com> Java Platform Size Machine Size
  • 5. Java Card Tool Chain Anshuman Sinha <anshuman.sinha2@gmail.com> .Java Files .class Files .jca Files .exp Files Converter Java Smartcard Loader Use any Java compiler Use favorite development environment Loader is specific Compiler . exp Files .cap Files
  • 6. Java Card Block Diagram Anshuman Sinha <anshuman.sinha2@gmail.com> Card Operating System Java Card VM Java Card Runtime Environment (JCRE) Java Card API APDU Response Card Manager Smartcard Controller + Cryptography Co-processor Applet 3 Applet 2 Applet 1 Currently Selected Applet Vertical API(s)
  • 7. Hardware Anshuman Sinha <anshuman.sinha2@gmail.com> R / F Interface Memory Chip Controller Antenna Coil Clk I/O Reset Vcc GND Clk I/O Reset Vcc GND Clk Mod Demod EEPROM Security & Address Logic EEPROM ROM CPU NPU Smartcard Contacts ROM RAM
  • 8. Java Card Operating System Anshuman Sinha <anshuman.sinha2@gmail.com> Process Loop Terminal Command Process Loop File System File context Crypto algorithms Data Integrity Memory Management Hardware Interfaces Memory write/erase Anti-Tearing Access Controller EEPROM/Flash Memory Write Log If no tear clear the transaction buffer If tear, roll back the update as if no write occurred ISO Commands ISO File System Anti-Tearing Tear Begin Transaction EF 1 EF 2 DF1 DF2 MF
  • 9. Java Card Runtime Environment Anshuman Sinha <anshuman.sinha2@gmail.com> Java Applet Storage Java Heap Storage Java Native Interface Applet Selection Applet Instantiation Applet Context Exception Handling Session Anti-tearing Random security checks Firewalling Applet Data and Code Applet Firewall Java Bytecode Storage Java Object Store Applet 3 Applet 2 Applet 1 Currently Selected Applet
  • 10. Applet Firewalling On Java Card the applets are firewalled, which means one applet can ’ t access the objects of the other at runtime. Each applet has its own Context . Applet firewall is separation of one context from another. JCRE has global context. It has access privileges to objects / fields of any applet. Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 11. Smartcard Protocols Anshuman Sinha <anshuman.sinha2@gmail.com> 7816 – 4 Inter-Industry commands for interchanges 7816 - 1 Physical Characteristics 7816 - 2 Dimension and locations of the contacts 14443 - 1 Physical Characteristics 7816 - 3 Electronic Signals and Transmission Protocol 14443 - 2 RF power and Signal I/F 14443 - 3 Initialization and anticollision 14443 - 4 Transmission protocol 7816 - 3 T=1/T=0 Transmission protocol Contact stack Contactless stack
  • 12. Java Card 2.2.2 API Java.io Java.lang Java.rmi service Javacard.framework Applet AID APDU … Javacard.security DESKey AESKey Checksum … Javacard.framework.service Javacardx.crypto DES Algorithm AES Algorithm RSA … and ECC Javacardx.apdu Javacardx.biometry Javacardx.external Javacardx.framework.math Javacardx.framework.util Javacardx.framework.util.intx Anshuman Sinha <anshuman.sinha2@gmail.com> Core Packages
  • 13. Java Subsetting Multi-Threading String handling Dynamic Class loading Security Manager Card Manager Garbage Collection and finalization Object cloning Access control in Java packages Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 14. Fully Supported Features packages dynamic object creation transient objects virtual methods / inheritance interfaces Exceptions Pseudo-Garbage Collection Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 15. Partially supported features Object class is the root class of all the objects but not all methods are supported. Throwable class is not supported fully but is available as the root class of all exceptions thrown. Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 16. Token-based Linking Items are referenced as opaque tokens. Linking can be either on-card or off card. No need to know internal implementation details of on card API to link off-card cardlets. Works efficiently with limited resources (RAM) on card. Converter refers to export file of the package to link to external items It picks the external token from export file and puts in the CAP file of the a package Since name-to-token mapping is published in export file, the tokens can be assigned any order Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 17. Java Execution Engine Anshuman Sinha <anshuman.sinha2@gmail.com> Runtime Applet Context Applet (package) JCRE Context Operands Frame 16 bit Word 1. 2. Bytecode Handlers Native Table Function Locals Execute 3. Increment Fetch Update Java Heap
  • 18. Security Exception Instructions which throw securityException. All invokes (static/special/interface) getfields and putfields checkcast instanceof athrow arraylength Anshuman Sinha <anshuman.sinha2@gmail.com> Security is built in the bytecodes Java Card virtual machine can throw runtime exception on these bytecodes
  • 19. Exceptions Exception object has 2 byte reason code instead of message string as a parameter to the exception class. Exceptions are of two types - Checked and Unchecked. Checked exceptions must be caught and declared by keyword throws in the method body. Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 20. Exceptions Unchecked exceptions or runtime exceptions are runtime errors thrown by JCVM or JCRE Known Exception objects are pre-created and an application supplies the reason code and calls the throwIt method Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 21. Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 22. Global Platform Global Platform specifies secure, dynamic card and application management using commands, policies, transaction sequences and interfaces that are hardware neutral System, Terminal and Card Specifications Card Specifications Defines the loading of applets to card both pre and post issuance Registers Applets to Security Domain Verifies source of application code by validating signature Opening and closing of (SSL like) secure channel Application Management – Install and Delete Card Management and life cycle Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 23. Card Manager Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> OP_Ready Initialised Secured CM_Locked Terminated Card manager acts as default selected application Initialisation key controls access At least one key set loaded Post-issuance mode (at least MACing required) All applications locked Only Card Manager is available End of card life cycle (card is mute) APDU Set Status API lockCardManager API terminateCardManager
  • 24. Applet Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> Installed Selectable Personalized Blocked Locked Application is installed (instantiated) but not available yet Application is available (activated) Application has been personalized Application is blocked, but behaviour is application-dependent Application is locked (not available) Only Card Manager can unlock APDU Set Status API setCardContentState Deleted APDU Install APDU Delete
  • 25. Applet Loading Anshuman Sinha <anshuman.sinha2@gmail.com> Security Domain B Card Manager Security Domain A Applet Applet Application Provider B Card Issuer OPEN NETWORK Application Provider A HOST CARD Application Provider A Application Provider B Java Card Applet Applet chunks Secure Channel
  • 26. Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 27. Java Card Applets [1/2] Extension of javacard.framework.applet Applet has following methods … deselect() getShareableInterfaceObject(..) Install(..) Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE before selection of another applet . Called by JCRE on behalf of client applet to get all methods which are shared … Called by JCRE on behalf of client applet to get all methods which are shared …
  • 28. Java Card Applets [2/2] Process(APDU) Register(..) Select() SelectingApplet() Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE to process application specific commands Called by JCRE to process application specific commands Called by JCRE when this applet is selected Called by JCRE to return any data back to terminal while the applet is being selected
  • 29. Presentation Java Card Design Global / Open Platform Applets Client Software Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 30. Client Software Java Client Software PCSC / JPCSC – Reader Connections Card Detection Service Registry Applet Loading Splits Applet into chunks Loading and Verification Application Based Commands For e.g. PIV – Reading Image of Cardholder Test Suites Visual Basic Scripting Java Client Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 31. PCSC/JPCSC Design Anshuman Sinha <anshuman.sinha2@gmail.com> ICC Aware Application Service Providers ICC Resource Manager IFD IFD IFD RS232 PS/2 IFD Handler ICC ICC ICC IFD Handler IFD Handler
  • 32. References Java Card specifications Global Platform specifications ISO 7816 and 14443 standards PC/SC specifications NIST SP 800-73 specifications for PIV … and Others Anshuman Sinha <anshuman.sinha2@gmail.com>
  翻译: