Getting Started With Java Card™ 3.0 Platform

Getting Started With Java Card™ 3.
0
Platform
Anki R. Nelaturu, Staff Engineer, Sun Microsystems, Inc.

Bela Gangal, Staff Engineer, Sun Microsystems, Inc.
Eric Vétillard, CTO, Trusted Labs
Learn More about the Next Generation Java
Card Platform, Java Card Platform v3.0,
Connected Edition,
and,
get a sneak peak of Developing applications
for Java Card 3.0 Platform Reference
Implementation using NetBeans™ IDE.
2008 JavaOneSM Conference | java.sun.com/javaone | 2

Agenda
From plastic to Java Card 3.0 platform

Things to know about Java Card platform
Introducing Java Card Platform v3.0, Connected Edition
Java Card 3.0 Platform vs. Java™ Platform, Standard
Edition (Java SE); Java Platform, Micro Edition (Java ME);
Java Platform, Enterprise Edition (Java EE)
More About Web Applications
Java Card 3.0 Platform Reference Implementation (RI)
Say Hello using Java Card 3.0 Platform RI
NetBeans Module Plugin Demo
Q&A

From Plastic to Java Card 3.0 Platform
The Beginning
Plastic cards
• Introduced in the 50's
• Cardholder identification and authentication
• Signature, then magstripe and PIN codes
Smart cards
• Introduced in the 80's
• Local authentication server, stored value
• On-card PIN verification
• Storage of sensitive information
• Later, cryptography
Original photo by Mitek
http://www.flickr.com/photos/mikek/40737702/

The Smart in the Card
A single chip in every card
Very limited resources
• In particular, RAM

Java Card 2 platform
Introduces applications to smart cards
• Interoperability of platforms, portability of applications
• Multiple applications, with security guarantees
• Dynamic application management
Runs on low-end smart cards
• Less memory (4-8K of RAM and 32-64K of EEPROM)
• 8 Bit Processors (Slow)
Widely used technology for a decade
• It is the dominant smart card technology today
Very limited subset of Java platform
• Partial support of basic types (8/16-bit values, no float, no String)
• Very small subset of the APIs
• Specific and pre-processed binary file format (CAP file)
• Single threaded, no garbage collection
Java Card 3.0 platform
Major evolution of Java Card 2 platform
• Same principles: interoperability, security, multiple applications
• Exploitation of new hardware features
• More memory, more processing power, enhanced communication
New capabilities for new use cases
• A true personal Web server for enhanced user interaction
• Possibility to initiate an action for more flexibility
• Enhanced application model for more collaboration
Two editions
• Java Card Platform v3.o, Classic Edition
• Supports only Classic Applets
• Basically, Java Card Platform v3.0, Classic Edition, is an evolution of
Java Card 2 platform
• Java Card Platform v3.0, Connected Edition
• New and improved model, and the topic of this talk
Things to know about Java Card Platform
Basically, Java Card environment is a Server

VM never exits
Two heaps
Persistent Objects
Firewall between applications
Inter Application Communication
Atomicity and Transactions

Basically, Java Card Environment is a Server
Java Card environment is a server
• Process incoming requests, and send response back to client
Communication Protocols
• APDUs (serial) is the traditional card-specific protocol
• HTTP over TCP/IP for Java Card v3.0, Connected Edition, using
high speed interfaces like USB
Two major communication interfaces

• Contactless
• Just put the card close to the reader
• Contacted
• Inserted into Card reader
• USB

VM Never Exits
“Card Initialization” happens only once
• This is when the VM initialization happens
• All required static data structures are created at this time
• Card starts listening for Incoming requests
“Card Reset” happens every time the card loses power

• If Card is taken out (card tear) – everything stops
• When Card is inserted again into Card Reader
• RAM heap is lost
• System ensures that data is consistent across tears
• Card starts listening for incoming requests

Two Heaps
Unlike standard platform for Java, Java Card platform has
two heaps
• All Session Objects created in Volatile Memory
• Objects that are reachable from root of persistence will be in
Non-Volatile Memory
Non-Volatile Heap Volatile Heap
Persistent Objects
Session Objects

Persistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();

v.addElement(new String(“1111”)); // String s1
someRootObject.addObject(v); // v is promoted
}
}

Persistent Objects
void aMethod() {

}
}

Persistent Objects
void aMethod() {

}
}
v s1

Persistent Objects
void aMethod() {

}
}
v s1
s2

Things to know about Java Card
Persistent Objects
void aMethod() {

}
} G Garbage

s2 v G G
s1 G

Firewall between applications
All applications are running in the same VM, and exist in
the same heap
• Objects Created by one application cannot be accessed by another
application
• Every Object Access will go through the Firewall checks to see if
that object is allowed to access by the referring application
• SecurityException is thrown if access is not permitted
Firewall Check
App1 Objects App2 Objects

Things to know about Java Card
Inter Application Communication
Applications can communicate with each other using
Shared Interface Objects (SIO)
• App1 defines and implements a Shareable Interface
• App1 allows App2 to access this SIO
• Firewall allows App2 to access the SIO object
Firewall Check
App1 Objects App2 Objects
SIO of App1
Atomicity and Transactions
Card Tear may happen at any time
• Card can be pulled out of the card reader at any time
• Java Card platform must guarantee the integrity of user data
Individual persistent writes are atomic

• Every write into Non-Volatile memory is atomic
Transaction Facility
• Transactions may be used to group persistent writes
• The application specifies the start and end of transactions
• Unfinished or aborted updates will be rolled back

Introducing Java Card Platform v3.0,
Connected Edition
What's New
Runs on recent (high-end) smart card
• More Memory (Approx 24K of Volatile and 128K of Non-Volatile)
• 32 bit Processor (Fast)
Full Java Language Support

• All data types except float/double(expensive) supported
• Multi Threads Supported
• Extensive API support (java.lang, java.util, GCF, ...)
• Handles Class files directly, with all loading and linking on card
• All new Java language syntax constructs, like enums, Generics,
enhanced for loops, Auto Boxing/Unboxing, etc.
• Automatic Garbage Collection
The technology for the coming years

Connected Edition
Connectivity Layers and Protocol Stack
New In Java Card 3.0
Connected Edition

Connected Edition
High Level Architecture

Connected Edition
Application Models
Classic Applets
• Communication using APDU protocol
• For backward compatibility
• Java Card 2 platform limitations apply for these applications
Extended Applets
• Communication using APDU protocol
• Similar to Classic Applets, but can use all the new API, like
Threads, Strings, GCF, etc.
Servlet Applications
• Based on Servlet 2.4 API
• Communication using standard HTTP/ HTTPS protocol
Java Card 3.0 Platform vs. Java SE,
Java ME, Java EE Platforms
Java SE Platform
Application start is not main() method
• Like Java SE Applets, Java Card applications do not have main()
method
• Like Java Applet container in Java SE platform, Java Card 3.0
platform has Applet Container and Servlet Container
• Application components are either Java Card Applets or Servlets
Network programming using GCF API

• Connector.open(“http://.....”);
• Connector.open(“socket://host:1234”);
Not Entire API is supported

Java ME Platform
Java Card 3.0 platform is very close to CLDC
Class files compiled with JDK™ version 6

• Class file major version is 50
Class File Verification is same as in CLDC
• But no preverifier, because JDK version 6 generates
StackMapTables
• JDK version 6 Stackmaps are a little different than preverifier
generated Stackmaps, but the purpose is same
Not MIDlets, but Java Card Applets and Servlets

Java Application Descriptor (JAD) file of MIDlet suite can
be compared to Java Card Runtime Descriptor
Java EE Platform
Servlet Container with full Servlet lifecycle support
WAR file format is supported with Java Card 3.0 platform

specific information, like Java Card Runtime Descriptor
No JavaServer Pages™ (JSP™) support

• Just servlets (and static HTMLs) with listeners, filters
Transactions using Annotations

• @TransactionSupport(TransactionSuportType.REQUIRED)
Per Application SSL is new in Java Card 3.0 platform

More about Web Applications
Format of the deployment unit
Same as Standard Web Application format
No lib folder
Some additional Java Card Platform Specific Information

Java Card 3.0 platform specific information
Manifest-Version: 1.0
Java Card Runtime Descriptor Runtime-Descriptor-Version: 3.0
Application-Type: web
Web-Context-Path: /hello

Java Card 3.0 platform specific information
<javacard-app version="3.0">
Java Card Application Descriptor <security-role>
<role-name category="USER">
remote
</role-name>
</security-role>
</javacard-app>

Java Card 3.0 Platform Reference
Implementation (RI)
RI is available for JavaOneSM Conference 2008 Attendees
Only
• Not public yet
• http://java.sun.com/javacard/contest
Specs are published
• http://java.sun.com/products/javacard/3.0/
Contents of RI
• Card Emulator
• Tools to build and deploy
• Off-card installer
• Packager
• Introductory How-TO samples
• Documentation
NetBeans Module Plugin 2008 JavaOneSM Conference | java.sun.com/javaone | 30
Java Card 3.0 Platform Reference
Implementation (RI)
Developing an application
Class files and
Source Other resources
compile/build/IDE Packager
files (or)
WAR file
Off-Card Installer
Ready to
Card Load deploy
Module
create
delete
Browser/Client
unload

HelloServlet.java
package javacard.javaone2008.samples;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class HelloServlet extends HttpServlet {

public void doGet(HttpServletRequest request,
HttpServletResponse response) {
PrintWriter out = request.getPrintWriter();
out.println(“<html><body>”);
out.println(“<h1>Hello! JavaOne 2008</h1>”);
out.println(“</body></html>”);
}
}

web.xml
<web-app version="2.4">
<servlet>
<servlet-name>helloservlet</servlet-name>
<servlet-class>
javacard.javaone2008.samples.HelloServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>helloservlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>

MANIFEST.MF (Java Card Runtime Descriptor)
Manifest-Version: 1.0
Runtime-Descriptor-Version: 3.0
Application-Type: web
Web-Context-Path: /hello

Compiling Java Platform Sources
Use the NetBeans Module; easy way to build everything
Use javac to compile the source code.

• Sources must be compiled using Java Card API
• Set bootclasspath to Java Card 3.0 API
• javac -bootclasspath jcapi.jar *.java
• Use provided annotation processor to detect float and double
usages.
• javac -processorpath jcapt.jar -processor
com.sun.javacard.apt.JCAnnotationProcessor -Amode=connected
*.java
• Or -
• Simply use the java card platform compiler script
• jcc_connected.bat *.java

Building Web Application Module
Compiled class files and other resources needs to be
bundled together into WAR file format
Using NetBeans Module makes it a click away
Packager tool
• can be used to create the final module file from raw WAR file or
folder
• can be used to validate pre-shipped application modules/WAR files

Load & Create the Application Module
Deployment is a 2 step process
• Load – Loads the module onto the card
• Create – Creates a persistent instance of loaded module
Use off-card installer to load the Application Module
Use off-card installer to create the instance
Browse to the page

• Ex: http://localhost:8019/hello/

Delete & Unload the Application Module
If the application is no longer needed on the card, it can be
removed completely
2 step process
• Delete – Deletes given persistent instance of the application
• Unload – Completely removes all class files and related resource
files from the card
Use off-card installer to delete the application instance
Use off-card installer to unload the application

Java Card™ 3.0 Platform
Web Application Development
with NetBeans Module 6.x

For More Information
Visit the Java Card Platform booth# 1211

Specifications
• http://java.sun.com/products/javacard/3.0/
Blogs
• http://blogs.sun.com/javacard/
• http://javacard.vetilles.com/
• http://weblogs.java.net/blog/igormedeiros
JavaOne Conference Sessions
• (2008) BOF-5366 Java Card™ Technology Demo Internals
Unveiled
• (2007) TS-5686 Next Generation Java Card Technology For
Secure Mobile Applications
• (2007) BOF-0396 Internet Application Use Cases of Next-
Generation Java Card Technology

Q&A
Anki R. Nelaturu, Staff Engineer, Sun Microsystems,

Inc.
Bela Gangal, Staff Engineer, Sun Microsystems, Inc.
Eric Vétillard, CTO, Trusted Labs

Getting Started With Java Card™ 3.0 Platform

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Getting Started With Java Card™ 3.0 Platform

Hochgeladen von

Copyright:

Verfügbare Formate

Getting Started With Java Card™ 3.

Anki R. Nelaturu, Staff Engineer, Sun Microsystems, Inc.

2008 JavaOneSM Conference | java.sun.com/javaone | 2

From plastic to Java Card 3.0 platform

2008 JavaOneSM Conference | java.sun.com/javaone | 3

2008 JavaOneSM Conference | java.sun.com/javaone | 4

2008 JavaOneSM Conference | java.sun.com/javaone | 5

Basically, Java Card environment is a Server

2008 JavaOneSM Conference | java.sun.com/javaone | 8

Two major communication interfaces

2008 JavaOneSM Conference | java.sun.com/javaone | 9

“Card Reset” happens every time the card loses power

2008 JavaOneSM Conference | java.sun.com/javaone | 10

2008 JavaOneSM Conference | java.sun.com/javaone | 11

Vector<String> v = new Vector<String>();

Non-Volatile Heap Volatile Heap

2008 JavaOneSM Conference | java.sun.com/javaone | 12

Vector<String> v = new Vector<String>();

Non-Volatile Heap Volatile Heap

2008 JavaOneSM Conference | java.sun.com/javaone | 13

Vector<String> v = new Vector<String>();

Non-Volatile Heap Volatile Heap

2008 JavaOneSM Conference | java.sun.com/javaone | 14

Vector<String> v = new Vector<String>();

Non-Volatile Heap Volatile Heap

2008 JavaOneSM Conference | java.sun.com/javaone | 15

Vector<String> v = new Vector<String>();

Non-Volatile Heap Volatile Heap

2008 JavaOneSM Conference | java.sun.com/javaone | 16

App1 Objects App2 Objects

2008 JavaOneSM Conference | java.sun.com/javaone | 17

App1 Objects App2 Objects

Individual persistent writes are atomic

2008 JavaOneSM Conference | java.sun.com/javaone | 19

Full Java Language Support

The technology for the coming years

2008 JavaOneSM Conference | java.sun.com/javaone | 21

2008 JavaOneSM Conference | java.sun.com/javaone | 22

Network programming using GCF API

Not Entire API is supported

2008 JavaOneSM Conference | java.sun.com/javaone | 24

Class files compiled with JDK™ version 6

Not MIDlets, but Java Card Applets and Servlets

WAR file format is supported with Java Card 3.0 platform

No JavaServer Pages™ (JSP™) support

Transactions using Annotations

Per Application SSL is new in Java Card 3.0 platform

2008 JavaOneSM Conference | java.sun.com/javaone | 26

2008 JavaOneSM Conference | java.sun.com/javaone | 27

2008 JavaOneSM Conference | java.sun.com/javaone | 28

2008 JavaOneSM Conference | java.sun.com/javaone | 29

2008 JavaOneSM Conference | java.sun.com/javaone | 31

public class HelloServlet extends HttpServlet {

2008 JavaOneSM Conference | java.sun.com/javaone | 32

2008 JavaOneSM Conference | java.sun.com/javaone | 33

2008 JavaOneSM Conference | java.sun.com/javaone | 34

Use javac to compile the source code.

2008 JavaOneSM Conference | java.sun.com/javaone | 35

Using NetBeans Module makes it a click away

2008 JavaOneSM Conference | java.sun.com/javaone | 36

Use off-card installer to load the Application Module

Use off-card installer to create the instance

Browse to the page