prev
next
out of 38

JavaCard in Smart World.v4

  • Upload
    minaoar

  • View
    37

  • Download
    2

Tags:

Embed Size (px)

DESCRIPTION

Smart Card

Citation preview

Slide 1

Java Card in Smart WorldMinaoar Hossain TanzilManager, Payment LabKona Software LabCards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletOutlineCards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletCard in Action - Diners Club Card

In USABack in 1950sExclusive Access to Diners ClubOnly with this Card

#Magnetic Stripe Card

#Communication Card1984

France

Germany

Magnetic Stripe

Optical (holographic)

Chip Based In Every Pocket Now

#Cards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletSmart Card in Todays WorldPayment SystemsEMV (Europay/MasterCard/Visa - EMVCo.) Total 1.6 billion cards (2012 Q4)Total 2.4 million terminals (2012 Q4)NFC (in plastic card and/or in USIM)TelecommunicationsSIM - >5 billion (as of 2012, SIM Alliance)USIM (for UMTS)M2M (Machine to Machine)Smart CitySmart MeterIdentificationNational IDPassport

Security- Cryptgraphy- RSA/SHA/AES

Access ControlHealth CardTransport Card

#Smart Meter - Smart Grid

#Smart City - M2M

#Cards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletInside Smart Card

Based on Chip TypeBased on Transmission Type#Smart Card Hardware ComponentsMemory Card

Processor Card#Smart Card Contactless Interface

#Cards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletCard Operating SystemsNative Cards with single application and No OS

BasicCard OSFor Running Basic Programming Language

Multos OS (ISO/IEC 7816-4 Compliant)Program in CMEL (Multos Executable Language)Hardware Independent Program Code

Java OS (ISO/IEC 7816-4 Compliant)JCVMLimited Java functionality and APIJCRE#Windows for Smart CardLinux

Multi Application Management Global Platform

#File ManagementApplication Files in ADF (Application Dedicated File)Working Files Cross application not accessibleOS FilesInternal FilesMaster FilesFile StructureTransparent (Binary)Record OrientedFixed SizeVariable SizeExtractable/SensitiveFile ID (FID)SFI (Short File ID)Accessible from external

#Cards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsThe Java CardCard Application - the AppletArchitecture of Java Card

#Four ComponentsThe Back-End Application and SystemsThe Reader-Side Host ApplicationThe Reader-Side Card Acceptance DeviceThe Card-Side Applets and Environment

Card Acceptance Device ( CAD ) - an acronym for Card Acceptance Device. The CAD is the device in which thecard is inserted.

Cards - Evolution & RevolutionSmart Card in the Smart World Smart Card ComponentsSmart Card Operating SystemsJava OS - the Java CardCard Application - the AppletApplet Installation

#Class Files Bytecodes made from Java filesExport Files a file produced by the Converter that represents the fields and methods of apackage that can be imported by classes in other packages.Converter - a piece of software that preprocesses all of the Java programming languageclass files that make up a package, and converts the package to a CAP file. TheConverter can also produces an export file.Installation Tool - the off-card mechanism that employs a card acceptance device (CAD) totransmit the executable binary in a CAP file to the installer running on the cardInstaller - the on-card mechanism to download and install CAP files. The installer receivesexecutable binary from the off-card installation program, writes the binary intothe smart card memory, links it with the other classes on the card, and createsand initializes any data structures used internally by the Java Card RuntimeEnvironment.Applet Lifecycle through JCRE

#INSTALL - when the applet is downloaded to the card and the JCRE invokes the applet's staticApplet.install()method.REGISTER - the applet registers itself with the JCRE by invokingApplet.register()SELECT/DESELECT JCRE call Applet.select() method when the applet is being selected/deselected.PROCESS JCRE call this method when there is an APDU to process.

Once the applet is installed and registered, it is in the unselected state, available for selection and APDU processing.Using The Java Card Applet Methods

#While in the unselected state, the applet is inactive. An applet gets selected for APDU processing when the host application asks the JCRE to select a specific applet in the card (by instructing the card reader to send aSELECT APDUorMANAGE CHANNEL APDU). To notify the applet that a host application has selected it, the JCRE calls itsselect()method. the applet typically performs appropriate initialization in preparation for APDU processing.

Once selection is done, the JCRE passes incoming APDU commands to the applet for processing by invoking itsprocess()method. The JCRE catches any exceptions the applet fails to catch.

Applet deselection occurs when the host application tells the JCRE to select another applet. The JCRE notifies the active applet that it has been deselected by calling itsdeselect()method, which typically performs any clean-up logic and returns the applet to the inactive, unselected state.

Applet Firewall

#Firewalls essentially partition the Java Card platforms object system into separate protected object spaces called contexts.

The firewall is the boundary between one context and another. The Java Card RE shall allocate and manage a context for each Java API package containing applets.

All applet instances within a single Java API package share the same context. There is no firewall between individual applet instances within the same package.

That is, an applet instance can freely access objects belonging to another applet instance that resides in the same package.Context Switching and Object Access

#If context 1 is the currently active context, and a method m1 in an object owned byapplet A is invoked, no context switch occurs. If method m1 invokes a method m2 inan object owned by applet B, again no context switch occurs (in spite of the objectowner change), and no firewall restrictions apply

However, if the method m2 now calls a method m0 in an object owned by applet C,firewall restrictions apply and, if access is allowed, a context switch shall occurManaging Memory and ObjectsWhen an object is created, the object and its contents are preserved in non-volatile memory, making it available across sessions

Unless it is made transient.

No transient keyword. To make transient, use javacard.framework.JCSystem methods.

For object sharing there are Shared Interface Objects (SIO)#On a Java Card device, memory is the most valuable resource. In some Java Card implementations a garbage collector may not be available. When an object is created, the object and its contents are preserved in non-volatile memory, making it available across sessions. In some cases application data doesn't need to be persistent - it is temporary ortransient. To reduce wear on a smart card's persistent memory and thus maximize its lifetime, as much as possible treat data that is frequently updated as transient.

The Java Card technology does not support thetransientkeyword. Instead the Java Card API (javacard.framework.JCSystem) defines three methods that allow you to create transient data at runtime, and a fourth that lets you check whether an object is transient:static byte[] makeTransientByteArray(short length, byte event)static Object makeTransientObjectArray(short length, byte event)static short[] makeTransientShortArray(short length, byte event)static byte isTransient(java.lang.Object theObj)

Persistent TransactionsSystem level transaction supportJCSystem.beginTransaction()JCSystem.commitTransaction()JCSystem.abortTransaction()

The JCRE does not support nested transactions#The JCRE supports atomic transactions for updating one or more persistent objects safely. Transactions ensure data integrity in the event of power loss or program error. Transactions are supported at the system level.Communicating with a Java Card AppletTwo models for communication between a host application and a Java Card appletThe Fundamental Message Passing ModelJCRMI Java Card Remote Method Invocation#The Security and Trust Services API (SATSA) lets you use either message passing or JCRMI to access the smart card through a more abstract API based on the Generic Connection Framework (GCF) APIAPDU in Message Passing Model

#Response Codes

#The Java Card RMI (JCRMI) ModelA subset of the J2SE RMI distributed-object model

StepsA server application creates and makes accessible remote objectsA client application obtains remote references to remote objectsInvokes remote methods on them

In JCRMI, the Java Card applet is the server, and the host application the client#Security & Crypto Packagesjavacard.security.MessageDigestjavacard.security.InitializedMessageDigestjavacard.security.Signaturejavacard.security.RandomDatajavacard.security.KeyAgreementjavacard.security.Checksumjavacardx.crypto.Cipher

#Java Card limitationsPackagesA package can refer to up to 128 other packagesA fully qualified package name is limited to 255 bytes.A package can have up to 255 classes.ClassesA class can directly or indirectly implement up to 15 interfaces.A class can implement up to 128 public or protected instance methods, and up to 128 with package visibility#Java Card limitationsLanguage FeaturesDynamic Class Loading, Security Manager, Threads, Object Cloning, enhanced for loop are not supportedKeywordsnative, synchronized, transient, volatile, strictfpare not supportedTypeschar, double, float,long and multidimensional arrays are not supported. int support is optional.Classes and InterfacesJava core API classes and interfaces (java.io, java.lang, java.util) are unsupported except forObjectandThrowable.ExceptionsSomeExceptionandErrorsubclasses are omitted#New in Java Card 3Supports three application models Classic Applets - Backward compatibilityExtended Applets - Similar to Classic Applets, and can use all the new APIs, like Threads, Strings, and GCFServlet Applications - Communication using standard HTTP/ HTTPS protocol

Java Card 3 offers full Java language support, including support forAll data types except float and doubleMultiple threadsExtensive API support ( java.lang, java.util, GCF, and so on)Direct handling of class files, with all loading and linking on cardAll new Java language syntax constructs, like enums, generics, enhanced for loops, auto boxing/unboxing, and so onAutomatic garbage collection

#Generic Connection Framework (GCF) 36Its the Beginning of Java Cardthe most sold computer in the world#ReferencesAn Introduction to Java Card Technology by C. Enrique OrtizRuntime Environment Specification, Java Card Platform, Version 2.2.2 by OracleVirtual Machine Specification, Java Card Platform, Version 2.2.2 by OracleLatest JAVA CARD SPECIFICATIONhttp://www.emvco.com/about_emvco.aspx?id=202http://www.simalliance.org/en/news__events/press_releases/simalliance-reports-6-increase-in-global-sim-shipm_hfb7k6r1.htmlhttp://www.oracle.com/us/technologies/java/smartersmartgrid-352168.pdfhttp://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6698780https://www.globalplatform.org/specificationscard.asphttp://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-1.aspx

#


Static program analysis of multi-applet JavaCard applicationsdelab.csd.auth.gr/~katsaros/IGI-BookChapter-JavaCardSecurity.pdf · communication between the three applets does not imply

Static program analysis of multi-applet JavaCard applicationsdelab.csd.auth.gr/~katsaros/IGI-BookChapter-JavaCardSecurity.pdf · communication between the three applets does not imply

Documents
Development of an European-wide Citizen Javacard to · PDF file60 Development of an European-wide Citizen Javacard to Support Administrative Processes by the U se of the Electronic

Development of an European-wide Citizen Javacard to · PDF file60 Development of an European-wide Citizen Javacard to Support Administrative Processes by the U se of the Electronic

Documents
MULTOS & JAVACARD White Paper JJAANN …jkremer.com/White Papers/MULTOS and JAVACARD White Paper JKC… · Jan Kremer Consulting Services (JKCS) MULTOS & JAVACARD White Paper Page

MULTOS & JAVACARD White Paper JJAANN …jkremer.com/White Papers/MULTOS and JAVACARD White Paper JKC… · Jan Kremer Consulting Services (JKCS) MULTOS & JAVACARD White Paper Page

Documents
T7 Smart Cards - C Y P H E R P U N K Speter/T7_Smart_Cards.pdf · •General Information Systems OSCAR: ... JavaCard Standard smart card with an interpreter for a Java-like language

T7 Smart Cards - C Y P H E R P U N K Speter/T7_Smart_Cards.pdf · •General Information Systems OSCAR: ... JavaCard Standard smart card with an interpreter for a Java-like language

Documents
Javacard as Govtid 100206130505 Phpapp01

Javacard as Govtid 100206130505 Phpapp01

Documents
Sustainability in Building Design...Sustainability in Smart Cities Smart Energy Smart Building Smart Healthcare Smart Mobility Smart Infrastructure Smart Governance & Education Smart

Sustainability in Building Design...Sustainability in Smart Cities Smart Energy Smart Building Smart Healthcare Smart Mobility Smart Infrastructure Smart Governance & Education Smart

Documents
Developing and Applying to SET with Java-cardcaislab.kaist.ac.kr/lecture/2001/spring/ice525/... · JAVACARD 4.1 Smart Card Hardware????? 23 4.1.1 Smart Card Contact Points ????? 23

Developing and Applying to SET with Java-cardcaislab.kaist.ac.kr/lecture/2001/spring/ice525/... · JAVACARD 4.1 Smart Card Hardware????? 23 4.1.1 Smart Card Contact Points ????? 23

Documents
MultiApp v4.1 Javacard Platform · Date:04/03/2019 Rev : 1.13p Page : 1 / 127 MultiApp v4.1 Javacard Platform Common Criteria / ISO 15408 Security Target – Public version EAL5 +

MultiApp v4.1 Javacard Platform · Date:04/03/2019 Rev : 1.13p Page : 1 / 127 MultiApp v4.1 Javacard Platform Common Criteria / ISO 15408 Security Target – Public version EAL5 +

Documents
MultiApp v4.1 Javacard Platform - Common Criteria · MultiApp v4.1 Javacard Platform Common Criteria / ISO 15408 Security Target

MultiApp v4.1 Javacard Platform - Common Criteria · MultiApp v4.1 Javacard Platform Common Criteria / ISO 15408 Security Target

Documents
Jean-Pierre Tual 30/04/404 - robertponge · OCF: Environnement Java et API pour applications smart-cards JavaCard (2:1 et 2:2) pour programmation des smart-cards PKCS #15: Stockage

Jean-Pierre Tual 30/04/404 - robertponge · OCF: Environnement Java et API pour applications smart-cards JavaCard (2:1 et 2:2) pour programmation des smart-cards PKCS #15: Stockage

Documents
Sistema de Gestión Sanitaria mediante tarjetas JavaCard

Sistema de Gestión Sanitaria mediante tarjetas JavaCard

Documents
G Javacard Fort

G Javacard Fort

Documents
SMART MOBILITY IN SMART CITIES

SMART MOBILITY IN SMART CITIES

Environment
Introduction to JavaCard Dynamic Logiclfm.iti.kit.edu/download/javaDL.pdfIntroduction to JavaCard Dynamic Logic December 10, 2008 5 / 13 Side Effects and Complex Expressions, Cont’d

Introduction to JavaCard Dynamic Logiclfm.iti.kit.edu/download/javaDL.pdfIntroduction to JavaCard Dynamic Logic December 10, 2008 5 / 13 Side Effects and Complex Expressions, Cont’d

Documents
Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll

Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll

Documents
Static program analysis of multi-applet JavaCard applications

Static program analysis of multi-applet JavaCard applications

Documents
Perspectives of Interoperable Card Content Management …Klaus_Gungl-Perspectives_of... · RTE API JavaCard API JavaCard API C API JavaCard support, Multos support Dual interface

Perspectives of Interoperable Card Content Management …Klaus_Gungl-Perspectives_of... · RTE API JavaCard API JavaCard API C API JavaCard support, Multos support Dual interface

Documents
MultiApp v4.2 Javacard Platform Security Target

MultiApp v4.2 Javacard Platform Security Target

Documents
Tool-Assisted Specification and Verification of the JavaCard …pszgmh/appsem-slides/barthe.pdf · Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Tool-Assisted Specification and Verification of the JavaCard …pszgmh/appsem-slides/barthe.pdf · Tool-Assisted Specification and Verification of the JavaCard Platform Gilles

Documents
Overview B. Memory: JavaCard Memory ModelB. Memory: JavaCard Object Model ¥Java programming rules for objects Ðall objects are instances of classes or array types w/ root java.lang.Object

Overview B. Memory: JavaCard Memory ModelB. Memory: JavaCard Object Model ¥Java programming rules for objects Ðall objects are instances of classes or array types w/ root java.lang.Object

Documents
CERTIFICATION REPORT - Common Criteria...MultiApp Essential v1.1: AGD_PRE document - Javacard Platform D1462570, Rev 1.8 April 9, 2019 MultiApp Essential v1.1: AGD_OPE document - Javacard

CERTIFICATION REPORT - Common Criteria...MultiApp Essential v1.1: AGD_PRE document - Javacard Platform D1462570, Rev 1.8 April 9, 2019 MultiApp Essential v1.1: AGD_OPE document - Javacard

Documents
Bringing Smart Cards into 2015, whether they like it or …€“ MIFARE Classic – JavaCard – GlobalPlatform – Mobile NFC Agenda Part Two: Enter Fidesmo – The Fidesmo Card

Bringing Smart Cards into 2015, whether they like it or …€“ MIFARE Classic – JavaCard – GlobalPlatform – Mobile NFC Agenda Part Two: Enter Fidesmo – The Fidesmo Card

Documents
Context-Aware User Authentication — Supporting Proximity ...ciae.cs.uiuc.edu/SRG/context-aware-auth.pdf · context-aware user authentication protocol, which (1) uses a JavaCard

Context-Aware User Authentication — Supporting Proximity ...ciae.cs.uiuc.edu/SRG/context-aware-auth.pdf · context-aware user authentication protocol, which (1) uses a JavaCard

Documents
- Java Community Processjcp.org/aboutJava/communityprocess/ec-public/materials/2011-05... · JavaCard •National ID card •From

- Java Community Processjcp.org/aboutJava/communityprocess/ec-public/materials/2011-05... · JavaCard •National ID card •From

Documents
Mavroudis-Opencrypto-Unchaining-The-JavaCard · PDF fileOpenCrypto Unchaining the JavaCard Ecosystem Vasilios Mavroudis Doctoral Researcher, UCL

Mavroudis-Opencrypto-Unchaining-The-JavaCard · PDF fileOpenCrypto Unchaining the JavaCard Ecosystem Vasilios Mavroudis Doctoral Researcher, UCL

Documents
IMPLEMENTASI APLIKASI SMART HEALTH PADA SMART …lib.ui.ac.id/file?file=digital/20248862-R030815.pdf · mengatur proses komunikasi data. Salah satu jenis Smart Card adalah JavaCard

IMPLEMENTASI APLIKASI SMART HEALTH PADA SMART …lib.ui.ac.id/file?file=digital/20248862-R030815.pdf · mengatur proses komunikasi data. Salah satu jenis Smart Card adalah JavaCard

Documents
JAVACARD 32K Common Criteria / ISO 15408 Security Target ...commoncriteriaportal.org/files/epfiles/cible2002_12.pdf · Other smart card product elements, (such as holograms, magnetic

JAVACARD 32K Common Criteria / ISO 15408 Security Target ...commoncriteriaportal.org/files/epfiles/cible2002_12.pdf · Other smart card product elements, (such as holograms, magnetic

Documents
Javacard Campus Party

Javacard Campus Party

Technology
MultiApp V4.0.1 Javacard Platform - Common Criteria · 2018-10-24 · MultiApp V4.0.1 Javacard Platform - Security Target . MultiApp V4.0.1 Javacard Platform - Security Target

MultiApp V4.0.1 Javacard Platform - Common Criteria · 2018-10-24 · MultiApp V4.0.1 Javacard Platform - Security Target . MultiApp V4.0.1 Javacard Platform - Security Target

Documents
About the world-first smart card certificate with EAL7 ... · Card manager (U)SIM A SIM card embedding a Java Card System, JavaCard System Applet 1 Applet N Applet 2 ADV_SPM.3, ADV_FSP.4,

About the world-first smart card certificate with EAL7 ... · Card manager (U)SIM A SIM card embedding a Java Card System, JavaCard System Applet 1 Applet N Applet 2 ADV_SPM.3, ADV_FSP.4,

Documents