javacard bouzefrane dec11 anglais

7/25/2019 JavaCard Bouzefrane Dec11 Anglais

1/79

[email protected] - CEDRIC ( CNAM) -11

Java Card TechnologyJava Card Technology

Samia Bouzefrane

Associate Professor

CEDRIC CNAM

[email protected]

http://cedric.cnam.fr/~bouzefra


2/79


Java Card technology: introduction and principles

Java Card technology: introduction and principles


3/79


Java Card - IntroductionJava Card - Introduction

Need to programmable systems

Need to evolutive solution (exceed the R!"

#pplications : Long to develop

#ttemps1st version: october 1996, startup and actual product in 1998, an industrialreality since 2000. In 2004, the nuber !ava "ards sold has reached one billion.


4/79


$tages o% industry development$tages o% industry development

&he smart card and the main stages o% development technology:

#he pioneers $19%&'198&(: )irst thoughts$the technological basis established(

198&'199&: the technology is iproved' *ar+ets and large deployents: ", -*' Liits: need ore )le/ibility

199&'200& : e/plosion o) the ar+et, ith ne paradig' cards based on calable !ava "ard

2006: 1.2 billion obile phones using I* cards !ava "ard1.6& billion sart cards !ava "ard $un source site(

2008: 90 o) I* cards are !ava "ard in 3urope, erica.6 billion !ava "ard $ccording to un(

200&'555: the card becoes an eleent o) the netor+

' " $art "ard eb erver(' .7et, !ava "ard .0


5/79


&he beginning o% Java Card technology&he beginning o% Java Card technology

November ')* the %irst proposed use o% Java %or cards is made by a team o%$chlumberger (#ustin"

!ava "ard I proposal )or prograing in !ava "ard

!ava "ard 1.0

+ull* ,emplus and $chlumberger create the Java Card orum the !" discusses and proposes speci)ications to ;racleun

November '.* publication o% the Java Card /01-eplus deonstrates in ;ctober 7oveber ""


6/79


2volution to Java Card /0x2volution to Java Card /0x

&he version /01 o% Java Card $peci%ication :

a runtie environent

#he ability to rite applets ith an ob?ect'oriented approach$although the loading )orat as not speci)ied(

!arch '* version /0' that includes 3 parts:

!ava "ard I peci)ication

!ava "ard =untie 3nvironent peci)ication

!ava "ard @irtual *achine peci)ication


7/79


#n element o% Java technology#n element o% Java technology


8/79


#bout the license model 4 '#bout the license model 4 '

&he speci%ication is available at:

http:?ava.sun.coproducts?avacard

$ell cards (5ith or 5ithout logo" and display compatibility5ith technology means being licensed Java Card &echnology

6hich provides access to :

re)erence ipleentation

olloing copatibility testing

peci)ic support


9/79


Java #uthori7ed 8icensees o% Java Card &echnology

the copanies listed belo licensed !ava "ard technology )rothe un *icroystes. ;nly !ava "ard licensees can ship products thatbear the A !ava oered B logo and clai copatibility ith the !ava "ardlat)or speci)ication and !ava "ard #"C.

=*, spects, ""LI#=L, u?itsu, -eplus, -3*,;berthur "ard ystes, #rusted Logic, etc.

ource : http:?ava.sun.coproducts?avacardlicensees.htl

#bout the license model 4 /#bout the license model 4 /


10/79


Java Card orumJava Card orum

#ssociation o% manu%acturers o% silicon* embedders and customers

roote !ava "ard technology

et o) technology choices and then o))er it the ;racle >tandard>.

!" : http:.?avacard)oru.org


11/79


# Java Card plat%orm# Java Card plat%orm

is a smart card

5ith a virtual machine

able to execute applications 5ritten in Java

Java Card plat%orms are standardi7ed by racle and Java Card orum

Java is the programming language the most used in the application developementdedicated to smart cards


12/79


Java Card 9 Java smart CardJava Card 9 Java smart Card


13/79


# standard smart card# standard smart card

#pplication* $ and hard5are lin;ed together

&he application is developed only by the o5ner o% the $

&he application is developed in a lo5-level language (C* #ssembler"


14/79


# Java Card plat%orm# Java Card plat%orm

#pplication* $ and hard5are are independent

&he application is developed by any Java programmer

&he application is developed in a standard language (high level"


15/79


Java Card technology advantagesJava Card technology advantages

easy development

Interoperability o% applets (%or use on di%%erent plat%orms"

$a%ety (o% language* optimi7ation* etc0"0

!ulti-application

dynamicity

penness and compatibility (addition and update applications"

#bility to post-personali7ation


16/79


Java Card languageJava Card language


17/79


Java Card actorsJava Card actors


18/79


Java Card characteristicsJava Card characteristics

Card architectures 5ith very small si7es:- less than 1C o) =*, 24'28 C o) =;* and 8 to 16 C 7@*

$33=;*(.

&o integrate Java technology into a card* the choices are:' =educe language )eatures' *iniu reDuired to run a !ava "ard progra are:

'24 C o) =;*, 33=;* and 16 C o) 1 C o) =*.'


19/79


$upported &ypes$upported &ypes


20/79


Not supported %eaturesNot supported %eatures

No &hreads

No dynamic loading

No ,arbage Collector until version /0/"

no cloning

no multi-dimension arrays


21/79


$upported %eatures Non $upported %eatures

boolean, byte, short long, double, )loat, char, tring

;ne'diension array *ulti'diension array

!ava pac+age, classes, inter)ace

and e/ceptions

#hreads, serialiGation

3/tension, abstract ethod,

;verload and ob?ect creation$instantiation(


22/79


>ey 5ords>ey 5ords

$upported ;ey 5ordsabstract, boolean, brea+, byte, case, catch, class, const, continue, de)ault, do, else,e/tends, )alse, )inal,goto null, pac+age, private, protected, public, return, static,super, sitch, this, i), ipleents, iport, instanceo), int, inter)ace, ne, null,pac+age, private, protected, public, return, short, static, super, sitch, this, thro,true, try, void, hile.

Non supported ;ey-5ordschar, double, )loat, long, native, synchroniGed, transient, threadsa)e, volatile, )inaliGe


23/79


$peci%ic characteristics o% Java Card$peci%ic characteristics o% Java Card

&ransient ob?ects (#@


24/79


&ransient b?ects&ransient b?ects


25/79


#tomicity 4 &ransaction#tomicity 4 &ransaction


26/79


$haring$haring


27/79


Card 2xceptionCard 2xception


28/79


Runtime 2xceptionRuntime 2xception

R


29/79


2xception in Java2xception in Java

I% a method can thro5 an exception* it must be encapsulated by atry catch bloc;0

2xample

try

{

operationWhichThrowsAnException();

}catch (Exception e)

{

.

}


30/79


2xception in Java Card2xception in Java Card

Exception.throwIt(value)

Non authori7ed example

if (erreur) throw new ArithmeticException((short)0);


31/79


Java Card #@I /0'Java Card #@I /0'

3 re%erence pac;ages

?ava.lang

?avacard.)raeor+

?avacard.security

2xtension

!avacard/.crypto


32/79


Class JCSystem

!ethods to manage atomicity:beginTransaction$(: begins transaction commitTransaction$(: saves data o) the transaction into the 33=;* abortTransaction$(: cancels the transaction

!ethod to manage transient ob?ects isTransient(Object(makeTransientXArray(short, byte( H Boolean, Short, Object

!ethods to manage sharing

!ethods to manage the in%ormation system: getVersion("

javacard.framework packagejavacard.framework package


33/79


Contains the card speci%icities

Applet class:rovides a )raeor+ )or ipleentation and interaction ith the !"=3pples ust e/tend this class

APDU class

or e/changing data ith the terinal

PIN class

*anages the secret code

javacard.framework @ac;agejavacard.framework @ac;age


34/79


+ased on java.security pac;age

#llo5s ;ey management and cryptographic %unctions

In addition to the conventional algorithms* it also includes the generation%unction random number* signature and the calculation o% compression %unctions

javacard.security @ac;agejavacard.security @ac;age


35/79


#pplet development process#pplet development process

" )ile

;))'"ard

;n'"ard


36/79


&he C#@ ile contains:

In)oration on classes

3/ecutable " $yte "ode(

in)oration necessary to lin+ing

In)oration )or veri)ication

It has the %ormat o% J#R (Java #rchive"

C#@ ileC#@ ile


37/79


Convertor4InterpretorConvertor4Interpretor

ource: ebastian Jans, !ava "ard lat)or overvie, un *icrosystes Inc., 2008


38/79


&he 2xport %ile is used by the convertor

In%ormation used %or lin;ing and veri%ication

Contains in%ormation on #@Is7ae o) the classes

ignature o) ethods

In)oration )or lin+ing beteen pac+ages

It does not contain +C* it can be published 5ith an applet allo5ing the applet

ave re-usable ob?ects (shareable"

2xport ile2xport ile


39/79


ConvertorConvertor

class)ile

3/port)ile

"onvertor

3/port)ile

"

)ile


40/79


$upports the %ollo5ing operations:

"opliance veri)ication o) the "lass ile orat

#esting copliance aspects o) the !ava language

InitialiGation o) static variables

=e)erence resolution $classes, ethods and )ields( and placed undercopact to be ore e))ective in a sall syste

;ptiiGe the byte code

llocation and creation o) structures that represent the classes in the !@*

ConvertorConvertor


41/79


It provides a runtime environment to run +C o% the C#@ %ile0 It allo5s to theapplets loaded in a card run to be run on any plat%orm0

It per%orms:

#he e/ecution o) the "

#he control o) the eory allocation

and ensures sa)ety

&he installation o% applets is per%ormed than;s to an applet loader that is

distributed bet5een the terminal and the card

InterpreterInterpreter


42/79


Java Card #rchitectureJava Card #rchitecture

ource: ebastian Jans, !ava "ard lat)or overvie, un *icrosystes Inc., 2008


43/79


In 5or;station environment* the JD! is a process* it is initiali7ed at the begin andthen stopped at the end o% the process0 b?ects in R#! are lost0

In order that in%ormation is retained %rom one session to another:

In case o) a card, the initialiGation o) the !@* is done only once: at the>beginning o) li)e o) the card,> the ob?ects and data are stored in a non'volatileeory $33=;*, lash, etc.(.

t each session ith the card:

' oer: the !"=3 is >reactivated>

' #he card receives and processes


44/79


@ersistent ob?ects and temporary

!ava "ard ob?ects are by de)ault persistent

or reasons o) e))iciency $speed o) =ead rite in 7@*( andsecurity $+ey, interediate results(, applets can create teporary ob?ects

#tomic operation and transaction

#he !"@* ensures atoicity o) the updates hen odi)ying ob?ect values

#he !"=3 provides an I to allo applets group several rerites and

to provide consistency o) these updates $egin #ransaction, "oit, =oll'ac+(

JCR2 characteristicsJCR2 characteristics


45/79


2ach applet runs in its o5n space

pplications separated by an applet )ireall to prevent intrusion

#here is a sharing echanis that allos an applet to access

services o))ered by an applet or by the !"=3.

#pplet %ire5all sharing mechanism#pplet %ire5all sharing mechanism


46/79


o5 to 5rite an applet Eo5 to 5rite an applet E


47/79


#n application dedicated to a card

"ode in the card: server application !ava "ard pplet

"ode in the terinal: client application

#n application built in 3 steps

riting the server application $applet(

Installation o) the !ava "ard applet

riting the client application

+uilding Java Card applets+uilding Java Card applets


48/79


Java Card #@I /0'

$tages o% development o% an applet

peci)y the )unctions o) the applet:

' speci)y the I


49/79


peci)y the )unctions o) the applet

ssign an I< to the applet and an I


50/79


#pplication 5ritten in Java Card

#pplet on the card

' is selected

' receives essages )ro the reader

' processes these essages

' returns data to the reader

' is de'selected.

#pplet behaviour#pplet behaviour


51/79


8oads applets on the card

$elect the applet to activate

andles messages (#@


52/79


8i%e cycle o% an applet8i%e cycle o% an applet

nce the applet is loaded on the card* itmust be:- Installed* registered (identi%ied by theJCR2 through its #I


53/79


2xample o% 2cho applet:

Role: tore a data that it receives and returns it to the terinal.

$peci%ying the %unctions o% the applet$peci%ying the %unctions o% the applet


54/79


Java Card and the #@


55/79


#@


56/79


@ac;age #I

javacard bouzefrane dec11 anglais

Documents