Java CardTM

Open Platform for Smart Cards

Wolfgang Effing
Giesecke & Devrient GmbH

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1

What happened in the past?
• Every company created its own proprietary standard
– E.g. a GSM smart card was not able to run a banking application
• In the PC world it's the same with WinNT, Linux or Macintosh

Platform Specific Applications

1 2 3

Operating System
Chip Card
Platform
Microprocessor

• But the internet era taught us

– The customer wants to use the same applications independent
of any platforms
Java Card Open Platform
Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 2

What are the ideas for the future?
• Creating an operating system, which allows the
"Write once - Run anywhere" principle
– The internet with its JAVA programming language showed us the
right way
Java Applications (Applets)

1 2 3

Java Interpreter
Java Virtual
Machine
Operating System

Microprocessor

• A powerful smart card, which is able to run a GSM,

banking or ID application
– The user selects his requested application and starts
Java Card Open Platform
Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 3

Java Card Basics (1)

• What is Java Card?

– A programmable smart card
– A multi-application smart card
– An interoperable smart card
– A smart card for secure application loading

• A programmable smart card

– Easy to program using the power of JAVA
– Object-Oriented
– Standard Language
• A lot of programmers
– Very compact code

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 4

Java Card Basics (2)
• A multi-application smart card
– Several applications can be loaded onto the same card
– Firewall between applications
– Sharing between applications
– ISO-7816/4 compliant application selection

• An interoperable smart card

– Interoperable at the source code level
• Applications written for one card can run on any card
• Write once - Run anywhere
– Interoperable at the load file level
• Since Java Card Runtime Environment JCRE 2.1
• Converted Applet CAP file can be loaded onto any card
– Interoperable at the loader level
• Since Open Platform 2.0
• The loading APDUs and sequences are defined

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 5

Java Card Basics (3)
• A smart card for secure application loading
– High security features of Java Card
• Allows application loading after issuance
– VM concept
• No direct hardware access
– References instead of pointers
– Bytecode verification
– Firewall
• Secured execution contexts

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 6

The Java Card Architecture - Overview

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 7

 The Java Card Architecture - Hardware

• Chip features (Infineon SLE66CX320P)

– 64 kByte ROM
– 32 kByte E²PROM
• 28 kByte available for the customer
– 2 kByte RAM
• 255 Byte COD/COR per package
– Crypto-Coprocessor
• DES/3DES in Hardware
• Advanced Crypto Engine (ACE)
for RSA calculations
– UART
• Support of transport protocols

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 8

The Java Card Architecture - Native Functions

• Native Functions
– Access to the chip hardware
• Communication protocols (T=0/T=1)
• Memory Access (E²PROM writing)
– Special Card Functions
• Atomic Transaction Facility
• Transient Storage
– Crytographic services
• Symmetric Cryptography (DES, 3DES)
• Public Key Cryptography (RSA 1024 Bit key, DSA)
– Hashing (SHA-1)
– Padding (ISO 9797, PKCS#1, PKCS#5)
– Signing
– Encipher, Decipher
– Firewall control

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 9

The Java Card Architecture - JCVM (1)
• The Java Card Virtual Machine (JCVM) is responsible for
– Byte Code Interpretation
– Exception Handling
– Firewall Checks
– Object Consistency Checks

• The JCVM does not support

– Long, double and float variables
– Multithreading
– Garbage collection
– Reloadable classes
– Currently no 32 bit integer

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 10

The Java Card Architecture - JCVM (2)
• The JCVM is split into two parts

.class .cap
files Converter file Interpreter

off-card on-card

• The Converter (off-card VM)

– Class loading, resolution and linking
– Verification
– Bytecode optimization and conversion to CAP file

• The Interpreter (on-card VM)

– Bytecode execution
– Java Card firewall enforcement
Java Card Open Platform
Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 11

The Java Card Architecture - JCRE
• Java Card Runtime Environment (JCRE)
– Card Reset Handling
– Applet Selection and APDU Dispatching
– Firewall Control and Context Switching
– Access to Application Identifiers (AIDs)
– Access to Shareable Interface Objects (SIOs)

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 12

 The Java Card Architecture - API (1)
• Java Card API 2.1
– java.lang
• Language Elements
– javacard.framework
• Core Applet Functionallity
– javacard.security
• Random, Keys,
Message Digests, Signatures
– javacardx.crypto
• Cipher Services

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 13

The Java Card Architecture - API (2)
• java.lang
– Object
– Throwable
– Exceptions

• javacard.framework
– Applet (base class for all Applets)
– AID
– APDU (high level IO)
– System (Transactions, Transient Data, JCRE requests)
– PIN
– Util (arrayCopy(NonAtomic), secure arrayCompare)
– Exceptions, Shareable Interface, ISO7816 Interface

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 14

The Java Card Architecture - API (3)
• javacard.security
– Key Interfaces
– Key Builder
– Message Digest
– Signature
– Random Data
• javacardx.crypto
– Symmetric Cryptography
• DES, 3DES
– Public Key Cryptography
• RSA, DSA

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 15

The Java Card Architecture - Card Management
• Card Manager Applet, API and Loader
– Card Content Management
– Card Life Cycle Management
– Keyset Management
– Secure Messaging
– Applet Signature Verification
– Applet Installation and Registration
– Applet Life Cycle Management

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 16

 Programming a Java Card - Overview

Java TM Source Java Compiler Java™ G&D Card Application Java Card
Code (Symantec Visual C@fe, Class File Professional Package (CAP) (On-Card VM)
Borland J-Builder, (Off-Card VM
Microsoft J++, ...) Converter-Module)

Functional Test Test with card characteristics

z The Java™ source code will be converted into the class files with standard tools
z Input of the G&D Java Card VM are class files, containing byte code
z Some work of the JVM is done outside the card
z A new simplified and smaller card class file (CAP-Format) is generated
z The CAP-file with the applet is loaded onto the card
z The applet will be interpreted on the smart card

Java Card Open Platform

Combines tomorrow's technology and platforms

C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 17