Wikipedia

Java Card: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
OAbot (talk | contribs)
Bots
643,717 edits
m Open access bot: url-access updated in citation with #oabot.
 
(48 intermediate revisions by 36 users not shown)
Line 1:
{{short description|Smart card}}
{{Multiple issues|
{{refimprovemore citations needed|date=January 2016}}
{{More footnotes|date=October 2008}}
}}
 
{{java platforms}}
 
'''Java Card''' refers tois a software technology that allows [[Java platform|Java]]-based applications ([[applet]]s) to be run securely on [[smart card]]s and more generally on similar secure small [[memory footprint]] devices.<ref name="Chen Java2000">{{cite Cardbook is| thelast=Chen tiniest of| Java platforms targeted for embedded devicesfirst=Z. | title=Java Card givesTechnology thefor userSmart theCards: ability to program the devicesArchitecture and makeProgrammer's themGuide application| specific.publisher=Addison-Wesley It| isseries=Addison-Wesley widelyJava usedSeries in| [[Subscriberyear=2000 Identity Module|SIM]] cardsisbn=978-0-201-70329-0 (used| inurl=https://archive.org/details/javacardtmtechno00zhiq [[GSM]]| mobileurl-access=registration phones) and [[Automated teller machine|ATM]] cards.{{Citation needed|access-date=9 April 20102019 }}</ref> which Theare firstcalled Java"secure Cardelements" was(SE). introducedToday, ina 1996secure byelement [[Schlumbergeris Limited|Schlumberger]]'snot card division which later merged with [[Gemplus]]limited to formits [[Gemalto]].smart Javacards Cardand productsother areremovable basedcryptographic ontokens theform Javafactors; Cardembedded PlatformSEs specificationssoldered developedonto bya [[Sundevice Microsystems]]board (laterand anew [[subsidiary]]security ofdesigns [[Oracleembedded Corporation]]).into Manygeneral Javapurpose cardchips productsare also relywidely onused. theJava [[GlobalPlatform]]Card specificationsaddresses forthis thehardware securefragmentation managementand ofspecificities applicationswhile onretaining thecode cardportability (download,brought installation,forward personalization,by deletion)Java.
 
Java Card is the tiniest of Java platforms targeted for embedded devices. Java Card gives the user the ability to program the devices and make them application specific. It is widely used in different markets: wireless telecommunications within SIM cards and embedded SIM, payment within banking cards<ref>{{Citation|last=Oracle Learning Library|title=Developing Java Card Applications|date=2013-01-30|url=https://www.youtube.com/watch?v=khgT5dwKvOo |archive-url=https://ghostarchive.org/varchive/youtube/20211213/khgT5dwKvOo |archive-date=2021-12-13 |url-status=live|access-date=2019-04-18}}{{cbignore}}</ref> and NFC mobile payment and for identity cards, healthcare cards, and passports. Several IoT products like gateways are also using Java Card based products to secure communications with a cloud service for instance.
The main design goals of the Java Card technology are portability and security.<ref>{{cite journal |author1=Ahmed Patel |author2=Kenan Kalajdzic |author3=Laleh Golafshan |author4=Mona Taghavi | year = 2011 | title = Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card | booktitle = International Journal of Information Security and Privacy | pages = 1–18 | volume = 5 | issue = 3 |publisher = IGI | url = http://www.igi-global.com/article/international-journal-information-security-privacy/58979 }}</ref>
 
The first Java Card was introduced in 1996 by [[Schlumberger Limited|Schlumberger]]'s card division which later merged with [[Gemplus]] to form [[Gemalto]]. Java Card products are based on the specifications by [[Sun Microsystems]] (later a [[subsidiary]] of [[Oracle Corporation]]). Many Java card products also rely on the GlobalPlatform specifications for the secure management of applications on the card (download, installation, personalization, deletion).
 
The main design goals of the Java Card technology are portability, security and securitybackward compatibility.<ref>{{cite journal |author1=Ahmed Patel |author2=Kenan Kalajdzic |author3=Laleh Golafshan |author4=Mona Taghavi | year = 2011 | title = Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card | booktitlejournal = International Journal of Information Security and Privacy | pages = 1–18 | volume = 5 | issue = 3 |publisher = IGI |doi=10.4018/ijisp.2011070101 | url = http://www.igi-global.com/article/international-journal-information-security-privacy/58979 | url-access = subscription }}</ref>
 
== Portability ==
Java Card aims at defining a standard [[smart card]] computing environment allowing the same Java Card applet to run on different smart cards, much like a Java applet runs on different computers. As in Java, this is accomplished using the combination of a virtual machine (the Java Card Virtual Machine), and a well-defined runtime library, which largely abstracts the applet from differences between smart cards. Portability remains mitigated by issues of memory size, performance, and runtime support (e.g. for communication protocols or cryptographic algorithms). Moreover, vendors often expose proprietary [[API]]s specific to their ecosystem, further limiting portability for applets that rely on such calls.
To address these limitations, [[Vasilios Mavroudis]] and [[Petr Svenda]] introduced JCMathLib, an open-source cryptographic wrapper library for Java Card, enabling low-level cryptographic computations not supported by the standard API.<ref>{{cite conference |last1=Mavroudis |first1=Vasilios |last2=Svenda |first2=Petr |title=JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets |book-title=2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |publisher=IEEE |year=2020 |pages=383–390 |doi=10.1109/EuroSPW51379.2020.00056|arxiv=2008.11362 }}</ref><ref>{{cite web |title=JCMathLib |url=https://github.com/OpenCryptoProject/JCMathLib |website=GitHub |access-date=2025-04-12}}</ref><ref>{{cite web |title=OpenCrypto: Unchaining the JavaCard Ecosystem |url=https://www.youtube.com/watch?v=vd0-Uhx2OoQ |website=YouTube |access-date=2025-04-12}}</ref>
 
== Security ==
Java Card technology was originally developed for the purpose of securing sensitive information stored on [[smart card]]s. Security is determined by various aspects of this technology:
; Data encapsulation: Data is stored within the application, and Java Card applications are executed in an isolated environment (the Java Card VM), separate from the underlying [[operating system]] and hardware.
; Applet Firewallfirewall: Unlike other Java VMs, a Java Card VM usually manages several applications, each one controlling sensitive data. Different applications are therefore separated from each other by an applet firewall which restricts and checks access of data elements of one applet to another.
; Cryptography: Commonly used symmetric key algorithms like [[Data Encryption Standard|DES]], [[Triple DES]], [[Advanced Encryption Standard|AES]], and asymmetric key algorithms such as [[RSA (algorithm)|RSA]], [[elliptic curve cryptography]] are supported as well as other cryptographic services like signing, key generation and key exchange.
; Applet: The applet is a state machine which processes only incoming command requests and responds by sending data or response status words back to the interface device.
Line 39 ⟶ 42:
 
=== Development ===
Coding techniques used in a practical Java Card program differ significantly from thatthose used in a Java program. Still, that Java Card uses a precise subset of the Java language speeds up the learning curve, and enables using a Java environment to develop and debug a Java Card program (caveat: even if debugging occurs with Java bytecode, make sure that the class file fits the limitation of Java Card language by converting it to Java Card bytecode; and test in a real Java Card smart card early on to get an idea of the performance); further, one can run and debug both the Java Card code for the application to be embedded in a smart card, and a Java application that will be in the host using the smart card, all working jointly in the same environment.
 
== Versions ==
Line 48 ⟶ 51:
| title = JCAlgTest - database of supported JavaCard algorithms
| url = http://www.fi.muni.cz/~xsvenda/jcsupport.html
| accessdateaccess-date = 27 January 2016}}</ref>
* Version 3.2 (30.01.2023)<ref>{{Cite web |last=Ponsini |first=Nicolas |date=30 January 2023 |title=Announcing Java Card 3.2 Release |url=https://blogs.oracle.com/java/post/announcing-java-card-32-release |access-date=6 February 2023 |website=Java Card Blog}}</ref>
 
** Introduced support for (D)TLS1.3 protocols
** Added API clarifications to help application developers and significantly increase the level of interoperability across multiple implementations
* Version 3.1 (17.12.2018)<ref>{{Cite web|url=https://blogs.oracle.com/javaiot/unveiling-java-card-31%3A-new-cryptograpic-extensions|title=Unveiling Java Card 3.1: New Cryptographic Extensions|last=Ponsini|first=Nicolas|website=blogs.oracle.com|access-date=2019-04-18}}</ref>
** Added configurable key pair generation support, named elliptic curves support, new algorithms and operations support, additional AES modes and Chinese algorithms.
* Version 3.0.5 (03.06.2015)
** Oracle SDK: Java Card Classic Development Kit 3.0.5u1 (03.06.2015)
Line 72 ⟶ 79:
 
== Java Card 3.0 ==
The version 3.0 of the Java Card specification (draft released in March 2008) is separated in two editions: the ''Classic Edition'' and the ''Connected Edition''.<ref name="Samoylov 2018 p. 13">{{cite book | last=Samoylov | first=N. | title=Introduction to Programming: Learn to program in Java with data structures, algorithms, and logic | publisher=Packt Publishing | year=2018 | isbn=978-1-78883-416-2 | url=https://books.google.com/books?id=lOpgDwAAQBAJ&pg=PA13 | access-date=9 April 2019 | page=13}}</ref>
* The ''Classic Edition'' (currently at version 3.0.5 released in June 2015) is an evolution of the Java Card Platform version 2 (which last version 2.2.2 was released in March 2006), which supports traditional card applets on resource-constrained devices such as Smart Cards. Older applets are generally compatible with newer Classic Edition devices, and applets for these newer devices can be compatible with older devices if not referring to new library functions. Smart Cards implementing Java Card Classic Edition have been security-certified by multiple vendors, and are commercially available.
* The ''Connected Edition'' (currently at version 3.0.2 released in December 2009) aims to provide a new virtual machine and an enhanced execution environment with network-oriented features. Applications can be developed as classic card applets requested by [[smart card application protocol data unit|APDU]] commands or as servlets using [[HTTP]] to support web-based schemes of communication ([[HTML]], [[REST]], [[SOAP]] ...) with the card. The runtime uses a subset of the Java (1.)6 bytecode, without Floating Point; it supports volatile objects ([[Garbage collection (computer science)|garbage collection]]), [[Thread (computer science)|multithreading]], inter-application communications facilities, [[Persistence (computer science)|persistence]], [[Transaction processing|transactions]], card management facilities ... As of 20172021, there has been little adoption in commercially available Smart Cards, so much that reference to Java Card (including in the present Wikipedia page) often implicitly excludes the ''Connected Edition''.
 
== Java Card 3.1 ==
Java Card 3.1 was released in January 2019.
 
=== New CAP file Format and Applet Deployment Model ===
* Applet functionality can be split into multiple Java packages
* CAP file sizes can exceed 64KB
 
=== New I/O Framework and Trusted Peripherals ===
* A variety of physical layers and application protocol is supported, beyond smart card protocols defined in [[ISO/IEC 7816|ISO 7816]]
* Logical access to device peripherals by secure element applications is facilitated
 
=== Core Platform Enhancements ===
* Array Views (views on a subset of an array), Static Resources embedded within a CAP file and Improved API extensibility
 
=== Security Services ===
* Certificate API, Key Derivation API, Monotonic Counter API, System Time API
 
=== New Cryptographic Extensions ===
* Configurable Key Pair generation, Named Elliptic Curves like [[Edwards curve|Edwards-Curves]], Additional AES modes ([[CFB mode|CFB]] & [[XTS mode|XTS]]), Chinese Algorithms (SM2 - SM3 - [[SM4 (cipher)|SM4]])
 
== See also ==
{{Portal|JavaComputer programming}}
* [[GlobalPlatform]]
* [[Java Card OpenPlatform]]
 
Line 85 ⟶ 111:
 
==External links==
* [httphttps://www.oracle.com/technetwork/java/embeddedtechnologies/javacard/overview/defaultjava-card-1969996tech.html Java Card overview] (Oracle)
* {{YouTube|id=31D94QOo2gY|title=Defcon 21: The Secret Life of SIM Cards}}
* [https://opensc-projectgithub.orgcom/openscOpenSC/OpenSC/wiki/JavaCardJavaCards JavacardJavaCards-OpenSC]
*
* [https://github.com/GitofAmethyst/JavaCardDevelopmentTool JavaCardDevelopmentTool]
* [http://www.globalplatform.org/ GlobalPlatform]
* [https://github.com/OpenCryptoProject/JCMathLib Cryptographic Library for JavaCard] (OpenCryptoProject)
{{Java (Sun)}}
 
 
[[Category:Java device platform]]
[[Category:Smart cards]]
[[Category:Articles with example Java code]]
Retrieved from "https://en.wikipedia.org/wiki/Java_Card"