Smart Card Application Development Using the Java Card Technology

Milan Fort

27.01.2006

SeWeS 2006

2

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

3

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

4

Smart Card OverviewSmall, plastic card with embedded integrated circuitrySame size as magnetic stripe cardPortable, tamper-proof computerHigh level of securityPhysical and electronic characteristicsdefined by ISO 7816Contact or contactless communicationNo internal power source

5

Memory Cards vs. Microprocessor Cards

Memory Cards Microprocessor Cards

Most common typeContain only memory chipOptionally with protected memory accessMain advantage: low costAreas used: prepaid phone cards, etc.

Contain a microprocessorTamper-proofMore expensiveAreas used: financial cards,electronic purses, access control,etc.

6

Smart Card Memory TypesROM

Read Only MemoryPersistent and nonmutable

EEPROMElectrical Erasable Programmable Read Only MemoryPersistent and mutable

RAMRandom Access MemoryNonpersistent and mutable

7

Typical Smart Card Hardware

8-32 bit CPU2 kB RAM32-64 kB ROM8-32 kB EEPROMExternal Power: 5VExternal Clock: 1-5 MhzHalf duplex serial I/O: 420 KbpsCrypto Coprocessor

8

Contact Cards vs. Contactless Cards

Contact Cards Contactless Cards

Most common typeRequire insertion into the readerHave 8 gold plated contactsDisadvantages: can get worn or damaged

No insertion requiredData/Power transfer via RFUsed when only limited amountof data has to be exchangedAdvantages: higher reliability, longer lifetimeDisadvantages: more expensive, not suitable when large amountof data has to be transferredUsage: transport systems, access control

9

Smart Card Contact Points

VCC – power supplyRST – reset signalCLK – clock signalGND – reference voltageVPP – write voltageI/O – data transfer

10

Card Acceptance DeviceSmart Card Readers

Basic connector between PC and smart cardNo intelligence to process transmitted dataAttached to serial, parallel, or USB portOptionally equipped with display and PIN-pad

Smart Card TerminalsSmall computer on its ownIntegrates smart card reader asone of its componentsUsually has also a small display,keypad and printer

11

Smart Card Communication ModelHalf-duplex, master-slave modelApplication Protocol Data Unit (APDU)

Top level protocolSpecified in ISO 7816-4Defines two types of messages

Command APDUResponse APDU

Transmission Protocol Data Unit (TPDU)Specified in ISO 7813-3Transmits APDUsTwo common variations:

T=0 (byte oriented)T=1 (block oriented)

Answer to Reset (ATR)Byte sequence returned by the card to the reader on power-on

12

Command APDU

CLA – Class of instructionINS – Instruction codeP1, P1 – ParametersLc – Length of the optional dataLe – Expected length of data returned

13

Response APDU

Optional data – sent only if Le was specifiedin Command APDUSW1, SW2 – two status word bytes containing status information

14

Smart Card System Development

15

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

16

Java Card TechnologySubset of Java SE platform and Java programming language for smart cardsBrings smart card application development into mainstreamEnables multiple applications from different vendors to run on the same card1 Billion cards deployedThree specifications (currently in version 2.2.1):

Java Card Virtual Machine specificationJava Card Runtime Environment specificationJava Card API specification

17

Java Card Technology

18

Java Card Language SubsetSupported Java Features Unsupported Java Features

Small primitive data types: boolean, byte, shortOne-dimensional arraysJava packages, classes, interfaces, and exceptionsJava object-oriented features: inheritance, virtual methods, overloading and dynamic object creation, access scope, and binding rulesThe int keyword and 32-bit integer data type support are optional

Large primitive data types: long, double, float

Characters and strings

Multidimensional arrays

Dynamic class loading

Security manager

Garbage collection and finalization

Threads

Object serialization

Object cloning

19

Java Card Virtual MachineSplit Architecture

Off-card converterChecks compliance with Java Card VM specificationPerforms security checksOptimizes bytecodeInitializes static variablesOutputs Converted Applet (CAP) file

On-card installerCommunicates with the off-card installation programWrites the CAP file into smart card memoryLinks it with other classes that are already on the card

On-card interpreterExecutes code found in the CAP file

20

Applet Installation Process

21

Java Card API

java.langjava.rmijava.iojavacard.frameworkjavacard.framework.servicejavacard.securityjavacardx.cryptojavacardx.rmi

22

Java Card Runtime EnvironmentInitialized at card initialization timeResponsible for resource management, network communication, applet execution, on-card system and applet security enforcementSpecial features include:

Persistent and transient objectsAtomic operations and transactionsApplet firewall and the sharing mechanisms

23

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

24

Java Card Applet Development

Message-passing modelDesigned around the APDU protocolSet of APDU instructions is the interface betweenthe applet and the host application

Java Card Remote Method InvocationSubset of Java SE RMIProvides distributed object model mechanismon top of APDU-based messaging model

Two different programming models

25

Typical Java Card Applet Structure

26

Life-cycle of a Java Card Applet

27

Applet Methodsinstall()

Called by the card installer when it installs the a new applet on the cardMust instantiate the appletMust call the register() method to notify

the JCRE that a new applet has been instantiated

28

Applet Methodsselect()

Invoked by the JCRE to notify the applet that it has been selected for APDU processing

deselect()Invoked by the JCRE to notify the applet that has been deselected, before another applet gets selectedUsed for session cleanupIs not guaranteed to be called

29

Applet Methodsprocess()

Every time an APDU is received and an applet is selected, JCRE invokes its process method, passing it the incoming APDU as parameterApplet then takes appropriate actions and generates and sends back response data or throws an exceptionJCRE sends back any data received from applet together with appropriate status word

30

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

31

SummarySmart cards represent nowadays the most portable and secure computing platform availableJava Card technology brings smart card application development into mainstream while preserving smart card security

32

References

1. Z. Chen. Java Card Technology for Smart Cards. Addison-Wesley Professional, 1st edition, 2000.

2. C. E. Ortiz. An Introduction to Java Card Technology -Part 1. Sun Developer Network, 2003. http://developers.sun.com/techtopics/mobility/javacard/articles/javacard1/

3. C. E. Ortiz. An Introduction to Java Card Technology -Part 2, The Java Card Applet. Sun Developer Network, 2003.http://developers.sun.com/techtopics/mobility/javacard/articles/javacard2/

33

AgendaOverview of Smart CardsIntroduction to Java Card TechnologyDeveloping a Java Card AppletSummaryQ&A

34