Java Card TM Open Platform for Smart Cards Wolfgang Effing Giesecke & Devrient GmbH C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1
What happened in the past? Every company created its own proprietary standard E.g. a GSM smart card was not able to run a banking application In the PC world it's the same with WinNT, Linux or Macintosh Platform Specific Applications 1 2 3 Operating System Microprocessor Chip Card Platform But the internet era taught us The customer wants to use the same applications independent of any platforms C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 2
What are the ideas for the future? Creating an operating system, which allows the "Write once - Run anywhere" principle The internet with its JAVA programming language showed us the right way Java Applications (Applets) 1 2 3 Java Interpreter Operating System Java Virtual Machine Microprocessor A powerful smart card, which is able to run a GSM, banking or ID application The user selects his requested application and starts C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 3
Java Card Basics (1) What is Java Card? A programmable smart card A multi-application smart card An interoperable smart card A smart card for secure application loading A programmable smart card Easy to program using the power of JAVA Object-Oriented Standard Language A lot of programmers Very compact code C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 4
Java Card Basics (2) A multi-application smart card Several applications can be loaded onto the same card Firewall between applications Sharing between applications ISO-7816/4 compliant application selection An interoperable smart card Interoperable at the source code level Applications written for one card can run on any card Write once - Run anywhere Interoperable at the load file level Since Java Card Runtime Environment JCRE 2.1 Converted Applet CAP file can be loaded onto any card Interoperable at the loader level Since Open Platform 2.0 The loading APDUs and sequences are defined C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 5
Java Card Basics (3) A smart card for secure application loading High security features of Java Card Allows application loading after issuance VM concept No direct hardware access References instead of pointers Bytecode verification Firewall Secured execution contexts C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 6
The Java Card Architecture - Overview C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 7
The Java Card Architecture - Hardware Chip features (Infineon SLE66CX320P) 64 kbyte ROM 32 kbyte E²PROM 28 kbyte available for the customer 2 kbyte RAM 255 Byte COD/COR per package Crypto-Coprocessor UART DES/3DES in Hardware Advanced Crypto Engine (ACE) for RSA calculations Support of transport protocols C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 8
The Java Card Architecture - Native Functions Native Functions Access to the chip hardware Communication protocols (T=0/T=1) Memory Access (E²PROM writing) Special Card Functions Atomic Transaction Facility Transient Storage Crytographic services Symmetric Cryptography (DES, 3DES) Public Key Cryptography (RSA 1024 Bit key, DSA) Hashing (SHA-1) Padding (ISO 9797, PKCS#1, PKCS#5) Signing Encipher, Decipher Firewall control C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 9
The Java Card Architecture - JCVM (1) The Java Card Virtual Machine (JCVM) is responsible for Byte Code Interpretation Exception Handling Firewall Checks Object Consistency Checks The JCVM does not support Long, double and float variables Multithreading Garbage collection Reloadable classes Currently no 32 bit integer C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 10
The Java Card Architecture - JCVM (2) The JCVM is split into two parts.class files Converter.cap file Interpreter off-card on-card The Converter (off-card VM) Class loading, resolution and linking Verification Bytecode optimization and conversion to CAP file The Interpreter (on-card VM) Bytecode execution Java Card firewall enforcement C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 11
The Java Card Architecture - JCRE Java Card Runtime Environment (JCRE) Card Reset Handling Applet Selection and APDU Dispatching Firewall Control and Context Switching Access to Application Identifiers (AIDs) Access to Shareable Interface Objects (SIOs) C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 12
The Java Card Architecture - API (1) Java Card API 2.1 java.lang Language Elements javacard.framework Core Applet Functionallity javacard.security Random, Keys, Message Digests, Signatures javacardx.crypto Cipher Services C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 13
The Java Card Architecture - API (2) java.lang Object Throwable Exceptions javacard.framework Applet (base class for all Applets) AID APDU (high level IO) System (Transactions, Transient Data, JCRE requests) PIN Util (arraycopy(nonatomic), secure arraycompare) Exceptions, Shareable Interface, ISO7816 Interface C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 14
The Java Card Architecture - API (3) javacard.security Key Interfaces Key Builder Message Digest Signature Random Data javacardx.crypto Symmetric Cryptography DES, 3DES Public Key Cryptography RSA, DSA C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 15
The Java Card Architecture - Card Management Card Manager Applet, API and Loader Card Content Management Card Life Cycle Management Keyset Management Secure Messaging Applet Signature Verification Applet Installation and Registration Applet Life Cycle Management C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 16
Programming a Java Card - Overview Java TM Source Java Compiler Code (Symantec Visual C@fe, Borland J-Builder, Microsoft J++,...) Java Class File G&D Professional (Off-Card VM Converter-Module) Card Application Package (CAP) Java Card (On-Card VM) Functional Test Test with card characteristics The Java source code will be converted into the class files with standard tools Input of the G&D Java Card VM are class files, containing byte code Some work of the JVM is done outside the card A new simplified and smaller card class file (CAP-Format) is generated The CAP-file with the applet is loaded onto the card The applet will be interpreted on the smart card C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 17