Beruflich Dokumente
Kultur Dokumente
0
Platform
Smart cards
• Introduced in the 80's
• Local authentication server, stored value
• On-card PIN verification
• Storage of sensitive information
• Later, cryptography
Original photo by Mitek
http://www.flickr.com/photos/mikek/40737702/
Communication Protocols
• APDUs (serial) is the traditional card-specific protocol
• HTTP over TCP/IP for Java Card v3.0, Connected Edition, using
high speed interfaces like USB
Persistent Objects
Session Objects
void aMethod() {
someRootObject.addObject(v); // v is promoted
}
}
void aMethod() {
someRootObject.addObject(v); // v is promoted
}
}
void aMethod() {
someRootObject.addObject(v); // v is promoted
}
}
v s1
void aMethod() {
someRootObject.addObject(v); // v is promoted
}
}
v s1
s2
void aMethod() {
someRootObject.addObject(v); // v is promoted
}
} G Garbage
s1 G
Firewall Check
SIO of App1
2008 JavaOneSM Conference | java.sun.com/javaone | 18
Things to know about Java Card Platform
Atomicity and Transactions
Card Tear may happen at any time
• Card can be pulled out of the card reader at any time
• Java Card platform must guarantee the integrity of user data
Transaction Facility
• Transactions may be used to group persistent writes
• The application specifies the start and end of transactions
• Unfinished or aborted updates will be rolled back
Extended Applets
• Communication using APDU protocol
• Similar to Classic Applets, but can use all the new API, like
Threads, Strings, GCF, etc.
Servlet Applications
• Based on Servlet 2.4 API
• Communication using standard HTTP/ HTTPS protocol
2008 JavaOneSM Conference | java.sun.com/javaone | 23
Java Card 3.0 Platform vs. Java SE,
Java ME, Java EE Platforms
Java SE Platform
Application start is not main() method
• Like Java SE Applets, Java Card applications do not have main()
method
• Like Java Applet container in Java SE platform, Java Card 3.0
platform has Applet Container and Servlet Container
• Application components are either Java Card Applets or Servlets
Off-Card Installer
Ready to
Card Load deploy
Module
create
delete
Browser/Client
unload
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
<servlet>
<servlet-name>helloservlet</servlet-name>
<servlet-class>
javacard.javaone2008.samples.HelloServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>helloservlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
Packager tool
• can be used to create the final module file from raw WAR file or
folder
• can be used to validate pre-shipped application modules/WAR files
2 step process
• Delete – Deletes given persistent instance of the application
• Unload – Completely removes all class files and related resource
files from the card