Java card

Java Card is a version of the Java platform for devices with extremely limited computing resources. Compared to other versions of Java , the bytecode, requirements for the execution platform, and the composition of standard libraries have been changed.

The main purpose of the product, as the name implies, is the use in smart cards . In this regard, the main emphasis was placed on supporting standard cryptographic algorithms.

The Java Card makes it possible to safely install and execute small Java applications ( applets ) on smart cards and other devices with a very limited amount of memory . This platform allows the supplier to program the devices and make them tailored to the specific application. Java Card is widely used in SIM cards and ATMs . Developed by Schlumberger ^[1] , introduced to the public on October 29, 1996 ^{[2] by} several companies, including the then Schlumberger Smart Card Division (now Gemalto ). The Java Card software platform is described by specifications developed by Sun Microsystems ^[3] . In addition, GlobalPlatform (a standardization organization) is developing standards for the secure installation of Java Card applets on devices.

Content

Portability

The Java Card describes a standard runtime environment on smart cards in order to enable the same application to run on different devices, just as Java SE / Java EE applets run on computers with different hardware and software, and Java ME MIDlets on different phones. As in more complex Java platforms, this is achieved by a combination of a virtual machine (Java Card Virtual Machine, JCVM ) and a standardized class library, which allows the applet to significantly ignore the features of specific smart card models. However, this still does not fully guarantee the portability of the application to any smart card, since factors such as memory size, performance, or the availability of specific interfaces (for example, communication protocols or cryptographic algorithms) remain.

Java Card OpenPlatform ( JCOP )

JCOP is a set of measures for developing a single operating system standard with a Java Card virtual machine for strong identity and payment systems. Developed by IBM with wide integration with organizations GlobalPlatform , ICAO . Today is almost a synonym for JCVM .

Security

Smart card data security was one of the top priorities in developing Java Card . It is provided by various platform features:

Data hiding . Applications run in an isolated environment (Java Card virtual machine ) and can access the operating system and hardware only through specialized interfaces .
Screen (shielding) of applets ( English Application Firewall ). Several applets can be active simultaneously, but they are isolated according to the sandbox model: the application is allocated a context to the data of which it has access. Data from other applications is shielded. To ensure the collaboration of several applications, there is a context switching mechanism that runs through a process controlled by a virtual machine ^[4] .
Cryptography . Popular encryption algorithms are supported, such as DES , 3DES , AES , RSA . Other cryptographic services are also supported: digital signatures , electronic key generation and exchange.
Applet mechanism The Java Card applet is essentially a state machine that processes incoming commands and responds by sending data or returning status information.

Java Card Differences from Java

Language

At the language level, a Java Card is a subset of the more complete Java platforms: all Java Card language constructs are present in Java and behave exactly the same. Moreover, the standard compilation sequence uses the usual Java compiler (javac) without any special options, and only then the result is processed by a Java Card-specific program to get a file that can be installed on a smart card. However, many features of the Java language are not supported in the Java Card, for example, char , double , float and long types , the transient keyword, enum types , multidimensional arrays, finalizers , object cloning, streams .

Bytecode

The bytecode executed by the Java Card virtual machine is functionally a subset of the Java bytecode , but it is encoded differently to minimize application size. Thus, a Java Card applet typically takes up less space than the hypothetical Java SE applet obtained by compiling the same source code. This saving of smart card memory has a downside: the lack of support for some language features (as described above) and the applet size limit. There are ways to circumvent the size limit: for example, by dividing the application code into packages of no more than 64 kB each.

Development

The programming techniques used in a typical Java Card application are significantly different from those used in Java SE. However, the fact that the Java Card is a strict subset of the Java language greatly accelerates the learning of this technology, and also allows you to use the Java SE environment for developing and debugging applications. Moreover, you can run and debug in a single environment both the Java Card application and its server part, which is supposed to run on the PC.

However, one should periodically check that the application complies with Java Card restrictions by compiling it into the corresponding bytecode, and also check its operation on a real smart card to get an idea of the performance of a real device.

Links

Notes

↑ US provisional application Serial No. 60 / 029,057, filed Oct. 25, 1996, non-provisional application No. 957512 filed on 10/24/1997, issued as patent
↑ Sun Microsystems Announces Java Card API , Business Wire, Oct. 29, 1996
↑ Overview of the Java Card platform on Sun's website
↑ Java Card Technology FAQs

[1] US provisional application Serial No. 60 / 029,057, filed Oct. 25, 1996, non-provisional application No. 957512 filed on 10/24/1997, issued as patent

[2] Sun Microsystems Announces Java Card API , Business Wire, Oct. 29, 1996

[3] Overview of the Java Card platform on Sun's website

[4] Java Card Technology FAQs