Tu dresden 290404_jcop

Java CardTM
Open Platform for Smart Cards

Wolfgang Effing
Giesecke & Devrient GmbH

Java Card Open Platform
Combines tomorrow's technology and platforms

C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1

What happened in the past?
• Every company created its own proprietary standard
– E.g. a GSM smart card was not able to run a banking application
• In the PC world it's the same with WinNT, Linux or Macintosh

Platform Specific Applications

1 2 3

Operating System
Chip Card
Platform
Microprocessor

• But the internet era taught us
– The customer wants to use the same applications independent
of any platforms


What are the ideas for the future?
• Creating an operating system, which allows the
"Write once - Run anywhere" principle
– The internet with its JAVA programming language showed us the
right way
Java Applications (Applets)

1 2 3

Java Interpreter
Java Virtual
Machine
Operating System

Microprocessor

• A powerful smart card, which is able to run a GSM,
banking or ID application
– The user selects his requested application and starts


Java Card Basics (1)

• What is Java Card?
– A programmable smart card
– A multi-application smart card
– An interoperable smart card
– A smart card for secure application loading

• A programmable smart card
– Easy to program using the power of JAVA
– Object-Oriented
– Standard Language
• A lot of programmers
– Very compact code



• A multi-application smart card
– Several applications can be loaded onto the same card
– Firewall between applications
– Sharing between applications
– ISO-7816/4 compliant application selection

• An interoperable smart card
– Interoperable at the source code level
• Applications written for one card can run on any card
• Write once - Run anywhere
– Interoperable at the load file level
• Since Java Card Runtime Environment JCRE 2.1
• Converted Applet CAP file can be loaded onto any card
– Interoperable at the loader level
• Since Open Platform 2.0
• The loading APDUs and sequences are defined



• A smart card for secure application loading
– High security features of Java Card
• Allows application loading after issuance
– VM concept
• No direct hardware access
– References instead of pointers
– Bytecode verification
– Firewall
• Secured execution contexts



The Java Card Architecture - Overview



The Java Card Architecture - Hardware

• Chip features (Infineon SLE66CX320P)
– 64 kByte ROM
– 32 kByte E²PROM
• 28 kByte available for the customer
– 2 kByte RAM
• 255 Byte COD/COR per package
– Crypto-Coprocessor
• DES/3DES in Hardware
• Advanced Crypto Engine (ACE)
for RSA calculations
– UART
• Support of transport protocols



The Java Card Architecture - Native Functions

• Native Functions
– Access to the chip hardware
• Communication protocols (T=0/T=1)
• Memory Access (E²PROM writing)
– Special Card Functions
• Atomic Transaction Facility
• Transient Storage
– Crytographic services
• Symmetric Cryptography (DES, 3DES)
• Public Key Cryptography (RSA 1024 Bit key, DSA)
– Hashing (SHA-1)
– Padding (ISO 9797, PKCS#1, PKCS#5)
– Signing
– Encipher, Decipher
– Firewall control



The Java Card Architecture - JCVM (1)
• The Java Card Virtual Machine (JCVM) is responsible for
– Byte Code Interpretation
– Exception Handling
– Firewall Checks
– Object Consistency Checks

• The JCVM does not support
– Long, double and float variables
– Multithreading
– Garbage collection
– Reloadable classes
– Currently no 32 bit integer



The Java Card Architecture - JCVM (2)
• The JCVM is split into two parts

.class .cap
files Converter file Interpreter

off-card on-card

• The Converter (off-card VM)
– Class loading, resolution and linking
– Verification
– Bytecode optimization and conversion to CAP file

• The Interpreter (on-card VM)
– Bytecode execution
– Java Card firewall enforcement


The Java Card Architecture - JCRE
• Java Card Runtime Environment (JCRE)
– Card Reset Handling
– Applet Selection and APDU Dispatching
– Firewall Control and Context Switching
– Access to Application Identifiers (AIDs)
– Access to Shareable Interface Objects (SIOs)



The Java Card Architecture - API (1)
• Java Card API 2.1
– java.lang
• Language Elements
– javacard.framework
• Core Applet Functionallity
– javacard.security
• Random, Keys,
Message Digests, Signatures
– javacardx.crypto
• Cipher Services



• java.lang
– Object
– Throwable
– Exceptions

• javacard.framework
– Applet (base class for all Applets)
– AID
– APDU (high level IO)
– System (Transactions, Transient Data, JCRE requests)
– PIN
– Util (arrayCopy(NonAtomic), secure arrayCompare)
– Exceptions, Shareable Interface, ISO7816 Interface



• javacard.security
– Key Interfaces
– Key Builder
– Message Digest
– Signature
– Random Data
• javacardx.crypto
– Symmetric Cryptography
• DES, 3DES
– Public Key Cryptography
• RSA, DSA



The Java Card Architecture - Card Management
• Card Manager Applet, API and Loader
– Card Content Management
– Card Life Cycle Management
– Keyset Management
– Secure Messaging
– Applet Signature Verification
– Applet Installation and Registration
– Applet Life Cycle Management



Programming a Java Card - Overview

Java TM Source Java Compiler Java™ G&D Card Application Java Card
Code (Symantec Visual C@fe, Class File Professional Package (CAP) (On-Card VM)
Borland J-Builder, (Off-Card VM
Microsoft J++, ...) Converter-Module)

Functional Test Test with card characteristics

The Java™ source code will be converted into the class files with standard tools
Input of the G&D Java Card VM are class files, containing byte code
Some work of the JVM is done outside the card
A new simplified and smaller card class file (CAP-Format) is generated
The CAP-file with the applet is loaded onto the card
The applet will be interpreted on the smart card



Tu dresden 290404_jcop

More Related Content

Viewers also liked

Similar to Tu dresden 290404_jcop

Tu dresden 290404_jcop