This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Smart cards are very useful in the areas of personal security. They are used world-wide to add authentication and secure access to information systems requiring a high level of security. The combination of smart cards and Java Card can provide millions of consumers with useful applications in terms of confidentiality, authentication, non-repudiation and integrity. Using Java Card technology once can carry around valuable and sensitive personal information such as ones credit card numbers, medical history, contact numbers or electronic cash balances in a medium that is compact and secure.
What is a Java Card?
Java Card is a new generation smartcard Operating System and programming language.
In loose words, It can be said that-
* Java + Card = Java Card !
* i,e. Java Platform used on Smart Cards
A credit card sized plastic card that processes information through electronic circuit integrated in it.
Membership cards for club
Logic of Smart Cards
In terms of their logic, smart cards can be divided into memory cards and microprocessor cards.
- Memory Cards
Advantage over magnetic-strip cards is that they are secure,
For example they allow access to memory only after correct password has been entered.
- Microprocessor Cards
Contains a full micro computer consisting of a CPU (8 to 16 bits), ROM, EEPROM, RAM and I/O peripheral unit
Because all these elements are combined in one integrated circuit, this IC is also called a microcontroller.
Smart Card External Structure
Internal architecture of a smart card
Smart Cards Comes in two forms:
Contact and contact less smart cards.
Contact based smart cards work through physical contact between card reader and smart card.
Contact-less smart cards communicate through radio frequency signal, typical range of within 2 feet.
Smart Card Hardware
ROM: Stores program code of Virtual Machine (VM), API, and preinstalled applets.
EEPROM: Used for persistent storage of the data, includes objects with their fields, and program code of downloaded applets
RAM: Used for transient storage of data, e.g. stack.
One of the main ideas that encouraged the development of java card technology was to make smart card applications portable across various platforms.The advantages of java such as platform independence and language-level security, were known to the world and appreciated and so plan to bring the power of java to the world of smart-cards came out and was implemented.
Java Card is a platform for developing java applications for smart cards. In other words it enables java programs to run on smart cards. Java Card is a combination of customized subset of features of java language and a Java run-time environment dedicated to smart cards.
Following are the Features of Java Cards compared to Java:
¿½ Subset of Java (due to resource constraints)
¿½ No multithreading.
¿½ No dynamic class loading.
¿½ No object cloning
¿½ No object serialization.
¿½ No Double, string data-types.
¿½ Single dimension array only.
¿½ No garbage collection, and very restricted API
¿½ Strict type-casting rules.
¿½ No file handling API or support (due to security reasons).
¿½ With some extras (due to hardware peculiarities)
¿½ communication via APDUs or RMI
¿½ Persistent & transient data in EEPROM &RAM
¿½ Transaction mechanism
Java Card architecture
The smart card operating system is layered on the top of a smart card microcontroller and is meant for providing common services like file and data management, communication and command execution.
The Java Card run-time environment (JCRE) is layered on the top of the smart card OS and consists of Java Card Virtual Machine (JVCM), Java Card API and Native Methods. Native methods are required to implement certain special platform-dependent operations.
The main purpose of Java Card Virtual Machine (JVCM) is to execute application byte code on a card and to provide the java language support. JCVM is implemented as two separate pieces, The on-card portion of the Java Card virtual machine includes the Java Card byte-code interpreter. The Java Card converter runs on a PC or a workstation. The converter is the off-card piece of the virtual machine.
Java Card Architecture
[Figure referred from- Java Card for E-Payment Applications Artech House]
Java Card Converter:
The converter prepares a card application byte-code (class files) for uploading to a card. The result of conversion is a converted applet (CAP) file. CAP file then can be uploaded to a card.
Java Card Interpreter:
The Java Card interpreter provides runtime support of the Java language model and thus allows hardware independence of applet code. The interpreter executes byte-code instructions and ultimately executes applets. It Controls memory allocation and object creation. Also it plays a crucial role in ensuring runtime security. Java Card technology smart card contains an application called installation program, capable of loading a CAP file and storing it on the card.
Java card APIs contain some manufacturer specific extension. A specific industry or business can supply add-on libraries to provide a service or to refine the security. But they decrease cross platform portability of java card applications. Java card applications, called applet, written in java programming language are located on the top level of java card architecture.
This was about card side now about reader side
Smart card is inserted into a Card Acceptance Device (CAD), which may connect to another computer. Other term used for the Card Acceptance Device is reader. Reader provides basic functions like supplying power to the card and to establish connection.
1. Communication via APDUs or message passing model
Smart cards speak to the outside world using their own data packages called APDU (Application Protocol Data Units). APDU contains either a command or a response message. In terms of master/slave approach smart card always plays the passive role. It always waits for a command APDU from a terminal. It then executes the action specified in the APDU and replies to the terminal with a response APDU.
The Command APDU
CLA : Byte that identifies an application-specific class of instructions
INS: It is an instruction byte that indicates instruction code.
P1, P2: parameters
Lc: the number of bytes in the data field of the command.
Data: it holds command data
Le: length of expected response
Data : conatins data bytes returned by applet (optional field)
SW1, SW2 : are special words that denote the processing status of the command APDU (required fields)
2. RMI (Remote Method Invocation)
Dealing with APDUs is cumbersome so Java Card 2.2 introduced Java Card RMI (JCRMI)
A server application creates and makes accessible remote objects then references of these objects are created and terminal invokes methods on applet on the smartcard.
Platform translates this method invocation into APDUs.
Lifetime of a Java Card virtual machine
Unlike the Java virtual machine (JVM) in a PC or workstation, the Java Card virtual machine runs forever.
Information stored on the card had to be preserved even when the power is removed -- that is, when the card is dispatched from the reader. The Java Card VM creates objects in EEPROM to hold the persistent information so when the power is reapplied, the VM becomes active again, and states of the VM and of objects are restored.
Lifetime of Java Card applets and objects
An applet's life starts when it is downloaded to the card and the JCRE invokes Applet.install() method. Then applet registers itself with JCRE by invoking Applet.register() method. An applet on a card is in an inactive stage until it is explicitly selected by the terminal. An applet is selected by SELECT APDU command. The data field of the APDU contains an AID of applet to select. To notify the applet that host application has selected it, JCRE calls its select() method. After selection is done, the JCRE passes incoming APDU commands to the applet for processing by invoking its process() method, also it catches any exceptions the applet fails to catch.
The applet method deselect(), which typically performs any clean-up logic and returns the applet to the inactive state is called by JCRE when applet other than currently selected gets selected.
Use of transient and persistent types in Java Card Programming
The power supply of a smartcard can be interrupted at any instance, by a so-called card tear. To cope with this, the API offers support for persistent or transient allocation of fields and transactions.
The fields of Java Card objects are stored in EEPROM, accessing which is far slower than RAM. So API offers methods that allow fields that to be allocated in RAM.
The API offers methods to join several assignments to fields into one atomic action that is atomic update of the EEPROM, called a transaction. If the power supply stops halfway during a transaction, all assignments of that transaction are rolled back/undone.
private int balance;
private int record;
JCSystem.beginTransaction(); // now even if card or terminal tear occurs, consistency is preserved.
// update record
record[k++] = balance;
// update balance
balance = balance ¿½ amount;
A Challenge in Java Card Programming
Java Cards have very restricted resources in terms of limited memory and limited computing power. So one way through which this problem can be overcome is by using terminal¿½s resources. But there is restriction that terminals are potentially un-trusted. At Penn (A university in Philadelphia, Pennsylvania) terminal¿½s memory was used to overcome the first restriction.
It is widely known that passwords are certainly the weakest element in any security system. Smart cards prove to be the best bet to strengthen this first defense perimeter. Since smart cards are secure devices for storing valuable information, they therefore prove as a convenient solution in many other desirable areas. As anything can not be expected to be 100 percent hack-proof, it¿½s a community requirement to perform extensive testing and analysis of the complete smart card prototype on the continuous basis.
Thus Smart cards with Java Card technology are the portable and secure way of carrying personal information in digital form; a very powerful and useful technology in modern digital world.