1.
Java CardTM
Open Platform for Smart Cards
Wolfgang Effing
Giesecke & Devrient GmbH
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1

2.
What happened in the past?
• Every company created its own proprietary standard
– E.g. a GSM smart card was not able to run a banking application
• In the PC world it's the same with WinNT, Linux or Macintosh
Platform Specific Applications
1 2 3
Operating System
Chip Card
Platform
Microprocessor
• But the internet era taught us
– The customer wants to use the same applications independent
of any platforms
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 2

3.
What are the ideas for the future?
• Creating an operating system, which allows the
"Write once - Run anywhere" principle
– The internet with its JAVA programming language showed us the
right way
Java Applications (Applets)
1 2 3
Java Interpreter
Java Virtual
Machine
Operating System
Microprocessor
• A powerful smart card, which is able to run a GSM,
banking or ID application
– The user selects his requested application and starts
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 3

4.
Java Card Basics (1)
• What is Java Card?
– A programmable smart card
– A multi-application smart card
– An interoperable smart card
– A smart card for secure application loading
• A programmable smart card
– Easy to program using the power of JAVA
– Object-Oriented
– Standard Language
• A lot of programmers
– Very compact code
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 4

5.
Java Card Basics (2)
• A multi-application smart card
– Several applications can be loaded onto the same card
– Firewall between applications
– Sharing between applications
– ISO-7816/4 compliant application selection
• An interoperable smart card
– Interoperable at the source code level
• Applications written for one card can run on any card
• Write once - Run anywhere
– Interoperable at the load file level
• Since Java Card Runtime Environment JCRE 2.1
• Converted Applet CAP file can be loaded onto any card
– Interoperable at the loader level
• Since Open Platform 2.0
• The loading APDUs and sequences are defined
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 5

6.
Java Card Basics (3)
• A smart card for secure application loading
– High security features of Java Card
• Allows application loading after issuance
– VM concept
• No direct hardware access
– References instead of pointers
– Bytecode verification
– Firewall
• Secured execution contexts
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 6

7.
The Java Card Architecture - Overview
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 7

8.
The Java Card Architecture - Hardware
• Chip features (Infineon SLE66CX320P)
– 64 kByte ROM
– 32 kByte E²PROM
• 28 kByte available for the customer
– 2 kByte RAM
• 255 Byte COD/COR per package
– Crypto-Coprocessor
• DES/3DES in Hardware
• Advanced Crypto Engine (ACE)
for RSA calculations
– UART
• Support of transport protocols
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 8

9.
The Java Card Architecture - Native Functions
• Native Functions
– Access to the chip hardware
• Communication protocols (T=0/T=1)
• Memory Access (E²PROM writing)
– Special Card Functions
• Atomic Transaction Facility
• Transient Storage
– Crytographic services
• Symmetric Cryptography (DES, 3DES)
• Public Key Cryptography (RSA 1024 Bit key, DSA)
– Hashing (SHA-1)
– Padding (ISO 9797, PKCS#1, PKCS#5)
– Signing
– Encipher, Decipher
– Firewall control
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 9

10.
The Java Card Architecture - JCVM (1)
• The Java Card Virtual Machine (JCVM) is responsible for
– Byte Code Interpretation
– Exception Handling
– Firewall Checks
– Object Consistency Checks
• The JCVM does not support
– Long, double and float variables
– Multithreading
– Garbage collection
– Reloadable classes
– Currently no 32 bit integer
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 10

11.
The Java Card Architecture - JCVM (2)
• The JCVM is split into two parts
.class .cap
files Converter file Interpreter
off-card on-card
• The Converter (off-card VM)
– Class loading, resolution and linking
– Verification
– Bytecode optimization and conversion to CAP file
• The Interpreter (on-card VM)
– Bytecode execution
– Java Card firewall enforcement
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 11

12.
The Java Card Architecture - JCRE
• Java Card Runtime Environment (JCRE)
– Card Reset Handling
– Applet Selection and APDU Dispatching
– Firewall Control and Context Switching
– Access to Application Identifiers (AIDs)
– Access to Shareable Interface Objects (SIOs)
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 12

13.
The Java Card Architecture - API (1)
• Java Card API 2.1
– java.lang
• Language Elements
– javacard.framework
• Core Applet Functionallity
– javacard.security
• Random, Keys,
Message Digests, Signatures
– javacardx.crypto
• Cipher Services
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 13

14.
The Java Card Architecture - API (2)
• java.lang
– Object
– Throwable
– Exceptions
• javacard.framework
– Applet (base class for all Applets)
– AID
– APDU (high level IO)
– System (Transactions, Transient Data, JCRE requests)
– PIN
– Util (arrayCopy(NonAtomic), secure arrayCompare)
– Exceptions, Shareable Interface, ISO7816 Interface
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 14

15.
The Java Card Architecture - API (3)
• javacard.security
– Key Interfaces
– Key Builder
– Message Digest
– Signature
– Random Data
• javacardx.crypto
– Symmetric Cryptography
• DES, 3DES
– Public Key Cryptography
• RSA, DSA
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 15

16.
The Java Card Architecture - Card Management
• Card Manager Applet, API and Loader
– Card Content Management
– Card Life Cycle Management
– Keyset Management
– Secure Messaging
– Applet Signature Verification
– Applet Installation and Registration
– Applet Life Cycle Management
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 16

17.
Programming a Java Card - Overview
Java TM Source Java Compiler Java™ G&D Card Application Java Card
Code (Symantec Visual C@fe, Class File Professional Package (CAP) (On-Card VM)
Borland J-Builder, (Off-Card VM
Microsoft J++, ...) Converter-Module)
Functional Test Test with card characteristics
The Java™ source code will be converted into the class files with standard tools
Input of the G&D Java Card VM are class files, containing byte code
Some work of the JVM is done outside the card
A new simplified and smaller card class file (CAP-Format) is generated
The CAP-file with the applet is loaded onto the card
The applet will be interpreted on the smart card
Java Card Open Platform
Combines tomorrow's technology and platforms
C:Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 17