• Save
Technical Overview of Java Card
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Technical Overview of Java Card

on

  • 5,693 views

 

Statistics

Views

Total Views
5,693
Views on SlideShare
5,693
Embed Views
0

Actions

Likes
12
Downloads
13
Comments
6

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

15 of 6 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for liking my presentation. I will appreciate your comments. I will be happy to offer helping hand on any of the Java Card projects. I invented this technology and also developed it from ground up.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for liking my presentation. I will appreciate your comments. I will be happy to offer helping hand on any of the Java Card projects. I invented this technology and also developed it from ground up.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for liking my presentation. I will appreciate your comments. I will be happy to offer helping hand on any of the Java Card projects. I invented this
    technology and also developed it from ground up.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for liking my presentation. I will appreciate your comments. I will be happy to offer helping hand on any of the Java Card projects. I invented this technology and also developed it from ground up.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks for the same. Your comments are welcome; I can be reached at anshuman.sinha2@gmail.com
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Technical Overview of Java Card Presentation Transcript

  • 1. Technical Overview of Java for Smartcards Anshuman Sinha
  • 2. Presentation
    • Java Card
    • Global Platform
    • Java Card Applets
    • Client Software
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 3. Why Java for Smartcards?
    • Popular High level language, Object-oriented, large programmer base …
    • Write once and run anywhere
      • Any vendor ’ s smart card (Interoperability)
      • Any vendor ’ s secure controller (Portability)
    • Open programmable platform for third party application development
    • Java Card is the winner … SIM, PIV, TWIC etc.
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 4. Java Platforms Anshuman Sinha <anshuman.sinha2@gmail.com> Java Platform Size Machine Size
  • 5. Java Card Tool Chain Anshuman Sinha <anshuman.sinha2@gmail.com> .Java Files .class Files .jca Files .exp Files Converter Java Smartcard Loader
    • Use any Java compiler
    • Use favorite development environment
    • Loader is specific
    Compiler . exp Files .cap Files
  • 6. Java Card Block Diagram Anshuman Sinha <anshuman.sinha2@gmail.com> Card Operating System Java Card VM Java Card Runtime Environment (JCRE) Java Card API APDU Response Card Manager Smartcard Controller + Cryptography Co-processor Applet 3 Applet 2 Applet 1 Currently Selected Applet Vertical API(s)
  • 7. Hardware Anshuman Sinha <anshuman.sinha2@gmail.com> R / F Interface Memory Chip Controller Antenna Coil Clk I/O Reset Vcc GND Clk I/O Reset Vcc GND Clk Mod Demod EEPROM Security & Address Logic EEPROM ROM CPU NPU Smartcard Contacts ROM RAM
  • 8. Java Card Operating System Anshuman Sinha <anshuman.sinha2@gmail.com> Process Loop Terminal Command
    • Process Loop
    • File System
    • File context
    • Crypto algorithms
    • Data Integrity
    • Memory Management
    • Hardware Interfaces
    • Memory write/erase
    • Anti-Tearing
    • Access Controller
    EEPROM/Flash Memory Write Log
    • If no tear clear the transaction buffer
    • If tear, roll back the update as if no write occurred
    ISO Commands ISO File System Anti-Tearing Tear Begin Transaction EF 1 EF 2 DF1 DF2 MF
  • 9. Java Card Runtime Environment Anshuman Sinha <anshuman.sinha2@gmail.com>
    • Java Applet Storage
    • Java Heap Storage
    • Java Native Interface
    • Applet Selection
    • Applet Instantiation
    • Applet Context
    • Exception Handling
    • Session Anti-tearing
    • Random security checks
    • Firewalling
    Applet Data and Code Applet Firewall Java Bytecode Storage Java Object Store Applet 3 Applet 2 Applet 1 Currently Selected Applet
  • 10. Applet Firewalling
    • On Java Card the applets are firewalled, which means one applet can ’ t access the objects of the other at runtime.
    • Each applet has its own Context . Applet firewall is separation of one context from another.
    • JCRE has global context. It has access privileges to objects / fields of any applet.
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 11. Smartcard Protocols Anshuman Sinha <anshuman.sinha2@gmail.com> 7816 – 4 Inter-Industry commands for interchanges 7816 - 1 Physical Characteristics 7816 - 2 Dimension and locations of the contacts 14443 - 1 Physical Characteristics 7816 - 3 Electronic Signals and Transmission Protocol 14443 - 2 RF power and Signal I/F 14443 - 3 Initialization and anticollision 14443 - 4 Transmission protocol 7816 - 3 T=1/T=0 Transmission protocol Contact stack Contactless stack
  • 12. Java Card 2.2.2 API
    • Java.io
    • Java.lang
    • Java.rmi
          • service
    • Javacard.framework
          • Applet
          • AID
          • APDU …
    • Javacard.security
          • DESKey
          • AESKey
          • Checksum …
    • Javacard.framework.service
    • Javacardx.crypto
          • DES Algorithm
          • AES Algorithm
          • RSA … and ECC
    • Javacardx.apdu
    • Javacardx.biometry
    • Javacardx.external
    • Javacardx.framework.math
    • Javacardx.framework.util
    • Javacardx.framework.util.intx
    Anshuman Sinha <anshuman.sinha2@gmail.com> Core Packages
  • 13. Java Subsetting
    • Multi-Threading
    • String handling
    • Dynamic Class loading
    • Security Manager Card Manager
    • Garbage Collection and finalization
    • Object cloning
    • Access control in Java packages
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 14. Fully Supported Features
    • packages
    • dynamic object creation
    • transient objects
    • virtual methods / inheritance
    • interfaces
    • Exceptions
    • Pseudo-Garbage Collection
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 15. Partially supported features
    • Object class is the root class of all the objects but not all methods are supported.
    • Throwable class is not supported fully but is available as the root class of all exceptions thrown.
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 16. Token-based Linking
    • Items are referenced as opaque tokens.
    • Linking can be either on-card or off card.
    • No need to know internal implementation details of on card API to link off-card cardlets.
    • Works efficiently with limited resources (RAM) on card.
    • Converter refers to export file of the package to link to external items
    • It picks the external token from export file and puts in the CAP file of the a package
    • Since name-to-token mapping is published in export file, the tokens can be assigned any order
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 17. Java Execution Engine Anshuman Sinha <anshuman.sinha2@gmail.com> Runtime Applet Context Applet (package) JCRE Context Operands Frame 16 bit Word 1. 2. Bytecode Handlers Native Table Function Locals Execute 3. Increment Fetch Update Java Heap
  • 18. Security Exception
    • Instructions which throw securityException.
      • All invokes (static/special/interface)
      • getfields and putfields
      • checkcast
      • instanceof
      • athrow
      • arraylength
    Anshuman Sinha <anshuman.sinha2@gmail.com>
    • Security is built in the bytecodes
    • Java Card virtual machine can throw runtime exception on these bytecodes
  • 19. Exceptions
    • Exception object has 2 byte reason code instead of message string as a parameter to the exception class.
    • Exceptions are of two types - Checked and Unchecked.
    • Checked exceptions must be caught and declared by keyword throws in the method body.
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 20. Exceptions
    • Unchecked exceptions or runtime exceptions are runtime errors thrown by JCVM or JCRE
    • Known Exception objects are pre-created and an application supplies the reason code and calls the throwIt method
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 21. Presentation
    • Java Card Design
    • Global / Open Platform
    • Applets
    • Client Software
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 22. Global Platform
    • Global Platform specifies secure, dynamic card and application management using commands, policies, transaction sequences and interfaces that are hardware neutral
      • System, Terminal and Card Specifications
    • Card Specifications
      • Defines the loading of applets to card both pre and post issuance
      • Registers Applets to Security Domain
      • Verifies source of application code by validating signature
      • Opening and closing of (SSL like) secure channel
      • Application Management – Install and Delete
      • Card Management and life cycle
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 23. Card Manager Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> OP_Ready Initialised Secured CM_Locked Terminated Card manager acts as default selected application Initialisation key controls access At least one key set loaded Post-issuance mode (at least MACing required) All applications locked Only Card Manager is available End of card life cycle (card is mute) APDU Set Status API lockCardManager API terminateCardManager
  • 24. Applet Life Cycle Anshuman Sinha <anshuman.sinha2@gmail.com> Installed Selectable Personalized Blocked Locked Application is installed (instantiated) but not available yet Application is available (activated) Application has been personalized Application is blocked, but behaviour is application-dependent Application is locked (not available) Only Card Manager can unlock APDU Set Status API setCardContentState Deleted APDU Install APDU Delete
  • 25. Applet Loading Anshuman Sinha <anshuman.sinha2@gmail.com> Security Domain B Card Manager Security Domain A Applet Applet Application Provider B Card Issuer OPEN NETWORK Application Provider A HOST CARD Application Provider A Application Provider B Java Card Applet Applet chunks Secure Channel
  • 26. Presentation
    • Java Card Design
    • Global / Open Platform
    • Applets
    • Client Software
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 27. Java Card Applets [1/2]
    • Extension of javacard.framework.applet
    • Applet has following methods …
      • deselect()
      • getShareableInterfaceObject(..)
      • Install(..)
    Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE before selection of another applet . Called by JCRE on behalf of client applet to get all methods which are shared … Called by JCRE on behalf of client applet to get all methods which are shared …
  • 28. Java Card Applets [2/2]
      • Process(APDU)
      • Register(..)
      • Select()
      • SelectingApplet()
    Anshuman Sinha <anshuman.sinha2@gmail.com> Called by JCRE to process application specific commands Called by JCRE to process application specific commands Called by JCRE when this applet is selected Called by JCRE to return any data back to terminal while the applet is being selected
  • 29. Presentation
    • Java Card Design
    • Global / Open Platform
    • Applets
    • Client Software
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 30. Client Software
    • Java Client Software
      • PCSC / JPCSC – Reader Connections
      • Card Detection
      • Service Registry
    • Applet Loading
      • Splits Applet into chunks
      • Loading and Verification
    • Application Based Commands
      • For e.g. PIV – Reading Image of Cardholder
    • Test Suites
      • Visual Basic Scripting
      • Java Client
    Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 31. PCSC/JPCSC Design Anshuman Sinha <anshuman.sinha2@gmail.com> ICC Aware Application Service Providers ICC Resource Manager IFD IFD IFD RS232 PS/2 IFD Handler ICC ICC ICC IFD Handler IFD Handler
  • 32. References
    • Java Card specifications
    • Global Platform specifications
    • ISO 7816 and 14443 standards
    • PC/SC specifications
    • NIST SP 800-73 specifications for PIV
    • … and Others
    Anshuman Sinha <anshuman.sinha2@gmail.com>