smart card application development using the java card · pdf filesmart card application...
TRANSCRIPT
2
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A
3
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A
4
Smart Card OverviewSmall, plastic card with embedded integrated circuitrySame size as magnetic stripe cardPortable, tamper-proof computerHigh level of securityPhysical and electronic characteristicsdefined by ISO 7816Contact or contactless communicationNo internal power source
5
Memory Cards vs. Microprocessor Cards
Memory Cards Microprocessor Cards
Most common typeContain only memory chipOptionally with protected memory accessMain advantage: low costAreas used: prepaid phone cards, etc.
Contain a microprocessorTamper-proofMore expensiveAreas used: financial cards,electronic purses, access control,etc.
6
Smart Card Memory TypesROM
Read Only MemoryPersistent and nonmutable
EEPROMElectrical Erasable Programmable Read Only MemoryPersistent and mutable
RAMRandom Access MemoryNonpersistent and mutable
7
Typical Smart Card Hardware
8-32 bit CPU2 kB RAM32-64 kB ROM8-32 kB EEPROMExternal Power: 5VExternal Clock: 1-5 MhzHalf duplex serial I/O: 420 KbpsCrypto Coprocessor
8
Contact Cards vs. Contactless Cards
Contact Cards Contactless Cards
Most common typeRequire insertion into the readerHave 8 gold plated contactsDisadvantages: can get worn or damaged
No insertion requiredData/Power transfer via RFUsed when only limited amountof data has to be exchangedAdvantages: higher reliability, longer lifetimeDisadvantages: more expensive, not suitable when large amountof data has to be transferredUsage: transport systems, access control
9
Smart Card Contact Points
VCC – power supplyRST – reset signalCLK – clock signalGND – reference voltageVPP – write voltageI/O – data transfer
10
Card Acceptance DeviceSmart Card Readers
Basic connector between PC and smart cardNo intelligence to process transmitted dataAttached to serial, parallel, or USB portOptionally equipped with display and PIN-pad
Smart Card TerminalsSmall computer on its ownIntegrates smart card reader asone of its componentsUsually has also a small display,keypad and printer
11
Smart Card Communication ModelHalf-duplex, master-slave modelApplication Protocol Data Unit (APDU)
Top level protocolSpecified in ISO 7816-4Defines two types of messages
Command APDUResponse APDU
Transmission Protocol Data Unit (TPDU)Specified in ISO 7813-3Transmits APDUsTwo common variations:
T=0 (byte oriented)T=1 (block oriented)
Answer to Reset (ATR)Byte sequence returned by the card to the reader on power-on
12
Command APDU
CLA – Class of instructionINS – Instruction codeP1, P1 – ParametersLc – Length of the optional dataLe – Expected length of data returned
13
Response APDU
Optional data – sent only if Le was specifiedin Command APDUSW1, SW2 – two status word bytes containing status information
15
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A
16
Java Card TechnologySubset of Java SE platform and Java programming language for smart cardsBrings smart card application development into mainstreamEnables multiple applications from different vendors to run on the same card1 Billion cards deployedThree specifications (currently in version 2.2.1):
Java Card Virtual Machine specificationJava Card Runtime Environment specificationJava Card API specification
18
Java Card Language SubsetSupported Java Features Unsupported Java Features
Small primitive data types: boolean, byte, shortOne-dimensional arraysJava packages, classes, interfaces, and exceptionsJava object-oriented features: inheritance, virtual methods, overloading and dynamic object creation, access scope, and binding rulesThe int keyword and 32-bit integer data type support are optional
Large primitive data types: long, double, float
Characters and strings
Multidimensional arrays
Dynamic class loading
Security manager
Garbage collection and finalization
Threads
Object serialization
Object cloning
19
Java Card Virtual MachineSplit Architecture
Off-card converterChecks compliance with Java Card VM specificationPerforms security checksOptimizes bytecodeInitializes static variablesOutputs Converted Applet (CAP) file
On-card installerCommunicates with the off-card installation programWrites the CAP file into smart card memoryLinks it with other classes that are already on the card
On-card interpreterExecutes code found in the CAP file
21
Java Card API
java.langjava.rmijava.iojavacard.frameworkjavacard.framework.servicejavacard.securityjavacardx.cryptojavacardx.rmi
22
Java Card Runtime EnvironmentInitialized at card initialization timeResponsible for resource management, network communication, applet execution, on-card system and applet security enforcementSpecial features include:
Persistent and transient objectsAtomic operations and transactionsApplet firewall and the sharing mechanisms
23
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A
24
Java Card Applet Development
Message-passing modelDesigned around the APDU protocolSet of APDU instructions is the interface betweenthe applet and the host application
Java Card Remote Method InvocationSubset of Java SE RMIProvides distributed object model mechanismon top of APDU-based messaging model
Two different programming models
27
Applet Methodsinstall()
Called by the card installer when it installs the a new applet on the cardMust instantiate the appletMust call the register() method to notify
the JCRE that a new applet has been instantiated
28
Applet Methodsselect()
Invoked by the JCRE to notify the applet that it has been selected for APDU processing
deselect()Invoked by the JCRE to notify the applet that has been deselected, before another applet gets selectedUsed for session cleanupIs not guaranteed to be called
29
Applet Methodsprocess()
Every time an APDU is received and an applet is selected, JCRE invokes its process method, passing it the incoming APDU as parameterApplet then takes appropriate actions and generates and sends back response data or throws an exceptionJCRE sends back any data received from applet together with appropriate status word
30
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A
31
SummarySmart cards represent nowadays the most portable and secure computing platform availableJava Card technology brings smart card application development into mainstream while preserving smart card security
32
References
1. Z. Chen. Java Card Technology for Smart Cards. Addison-Wesley Professional, 1st edition, 2000.
2. C. E. Ortiz. An Introduction to Java Card Technology -Part 1. Sun Developer Network, 2003. http://developers.sun.com/techtopics/mobility/javacard/articles/javacard1/
3. C. E. Ortiz. An Introduction to Java Card Technology -Part 2, The Java Card Applet. Sun Developer Network, 2003.http://developers.sun.com/techtopics/mobility/javacard/articles/javacard2/
33
AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A