Content deleted Content added
m Open access bot: url-access updated in citation with #oabot. |
|||
| (20 intermediate revisions by 13 users not shown) | |||
Line 4:
{{java platforms}}
'''Java Card''' is a software technology that allows [[Java platform|Java]]-based applications ([[applet]]s) to be run securely on [[smart card]]s and more generally on similar secure small [[memory footprint]] devices
Java Card is the tiniest of Java platforms targeted for embedded devices. Java Card gives the user the ability to program the devices and make them application specific. It is widely used in different markets: wireless telecommunications within SIM cards and embedded SIM, payment within banking cards<ref>{{Citation|last=Oracle Learning Library|title=Developing Java Card Applications|date=2013-01-30|url=https://www.youtube.com/watch?v=khgT5dwKvOo |archive-url=https://ghostarchive.org/varchive/youtube/20211213/khgT5dwKvOo |archive-date=2021-12-13 |url-status=live|access-date=2019-04-18}}{{cbignore}}</ref> and NFC mobile payment and for identity cards, healthcare cards, and passports. Several IoT products like gateways are also using Java Card based products to secure communications with a cloud service for instance.
The main design goals of the Java Card technology are portability and security.<ref>{{cite journal |author1=Ahmed Patel |author2=Kenan Kalajdzic |author3=Laleh Golafshan |author4=Mona Taghavi | year = 2011 | title = Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card | journal = International Journal of Information Security and Privacy | pages = 1–18 | volume = 5 | issue = 3 |publisher = IGI | url = http://www.igi-global.com/article/international-journal-information-security-privacy/58979 }}</ref>▼
The first Java Card was introduced in 1996 by [[Schlumberger Limited|Schlumberger]]'s card division which later merged with [[Gemplus]] to form [[Gemalto]]. Java Card products are based on the specifications by [[Sun Microsystems]] (later a [[subsidiary]] of [[Oracle Corporation]]). Many Java card products also rely on the GlobalPlatform specifications for the secure management of applications on the card (download, installation, personalization, deletion).
▲The main design goals of the Java Card technology are portability, security and
== Portability ==
Java Card aims at defining a standard [[smart card]] computing environment allowing the same Java Card applet to run on different smart cards, much like a Java applet runs on different computers. As in Java, this is accomplished using the combination of a virtual machine (the Java Card Virtual Machine), and a well-defined runtime library, which largely abstracts the applet from differences between smart cards. Portability remains mitigated by issues of memory size, performance, and runtime support (e.g. for communication protocols or cryptographic algorithms). Moreover, vendors often expose proprietary [[API]]s specific to their ecosystem, further limiting portability for applets that rely on such calls.
To address these limitations, [[Vasilios Mavroudis]] and [[Petr Svenda]] introduced JCMathLib, an open-source cryptographic wrapper library for Java Card, enabling low-level cryptographic computations not supported by the standard API.<ref>{{cite conference |last1=Mavroudis |first1=Vasilios |last2=Svenda |first2=Petr |title=JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets |book-title=2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |publisher=IEEE |year=2020 |pages=383–390 |doi=10.1109/EuroSPW51379.2020.00056|arxiv=2008.11362 }}</ref><ref>{{cite web |title=JCMathLib |url=https://github.com/OpenCryptoProject/JCMathLib |website=GitHub |access-date=2025-04-12}}</ref><ref>{{cite web |title=OpenCrypto: Unchaining the JavaCard Ecosystem |url=https://www.youtube.com/watch?v=vd0-Uhx2OoQ |website=YouTube |access-date=2025-04-12}}</ref>
== Security ==
Line 47 ⟶ 52:
| url = http://www.fi.muni.cz/~xsvenda/jcsupport.html
| access-date = 27 January 2016}}</ref>
* Version 3.2 (30.01.2023)<ref>{{Cite web |last=Ponsini |first=Nicolas |date=30 January 2023 |title=Announcing Java Card 3.2 Release |url=https://blogs.oracle.com/java/post/announcing-java-card-32-release |access-date=6 February 2023 |website=Java Card Blog}}</ref>
** Introduced support for (D)TLS1.3 protocols
** Added API clarifications to help application developers and significantly increase the level of interoperability across multiple implementations
* Version 3.1 (17.12.2018)<ref>{{Cite web|url=https://blogs.oracle.com/javaiot/unveiling-java-card-31%3A-new-cryptograpic-extensions|title=Unveiling Java Card 3.1: New Cryptographic Extensions|last=Ponsini|first=Nicolas|website=blogs.oracle.com|access-date=2019-04-18}}</ref>
** Added configurable key pair generation support, named elliptic curves support, new algorithms and operations support, additional AES modes and Chinese algorithms.
* Version 3.0.5 (03.06.2015)
** Oracle SDK: Java Card Classic Development Kit 3.0.5u1 (03.06.2015)
** Added support for Diffie-Hellman modular exponentiation, Domain Data Conservation for Diffie-Hellman, Elliptic Curve and DSA keys, RSA-3072, SHA3, plain ECDSA, AES CMAC, AES CTR.
Line 75 ⟶ 82:
* The ''Classic Edition'' (currently at version 3.0.5 released in June 2015) is an evolution of the Java Card Platform version 2 (which last version 2.2.2 was released in March 2006), which supports traditional card applets on resource-constrained devices such as Smart Cards. Older applets are generally compatible with newer Classic Edition devices, and applets for these newer devices can be compatible with older devices if not referring to new library functions. Smart Cards implementing Java Card Classic Edition have been security-certified by multiple vendors, and are commercially available.
* The ''Connected Edition'' (currently at version 3.0.2 released in December 2009) aims to provide a new virtual machine and an enhanced execution environment with network-oriented features. Applications can be developed as classic card applets requested by [[smart card application protocol data unit|APDU]] commands or as servlets using [[HTTP]] to support web-based schemes of communication ([[HTML]], [[REST]], [[SOAP]] ...) with the card. The runtime uses a subset of the Java (1.)6 bytecode, without Floating Point; it supports volatile objects ([[Garbage collection (computer science)|garbage collection]]), [[Thread (computer science)|multithreading]], inter-application communications facilities, [[Persistence (computer science)|persistence]], [[Transaction processing|transactions]], card management facilities ... As of 2021, there has been little adoption in commercially available Smart Cards, so much that reference to Java Card (including in the present Wikipedia page) often implicitly excludes the ''Connected Edition''.
== Java Card 3.1 ==
Java Card 3.1 was released in January 2019.
=== New CAP file Format and Applet Deployment Model ===
* Applet functionality can be split into multiple Java packages
* CAP file sizes can exceed 64KB
=== New I/O Framework and Trusted Peripherals ===
* A variety of physical layers and application protocol is supported, beyond smart card protocols defined in [[ISO/IEC 7816|ISO 7816]]
* Logical access to device peripherals by secure element applications is facilitated
=== Core Platform Enhancements ===
* Array Views (views on a subset of an array), Static Resources embedded within a CAP file and Improved API extensibility
=== Security Services ===
* Certificate API, Key Derivation API, Monotonic Counter API, System Time API
=== New Cryptographic Extensions ===
* Configurable Key Pair generation, Named Elliptic Curves like [[Edwards curve|Edwards-Curves]], Additional AES modes ([[CFB mode|CFB]] & [[XTS mode|XTS]]), Chinese Algorithms (SM2 - SM3 - [[SM4 (cipher)|SM4]])
== See also ==
| |||