Open Platform for Smart Cards

Document Sample
Open Platform for Smart Cards Powered By Docstoc
					             Java CardTM
    Open Platform for Smart Cards




                                                            Wolfgang Effing
                                                            Giesecke & Devrient GmbH


Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1
What happened in the past?
• Every company created its own proprietary standard
             – E.g. a GSM smart card was not able to run a banking application
                            • In the PC world it's the same with WinNT, Linux or Macintosh

                                                    Platform Specific Applications



                                                                        1       2         3

                                                                        Operating System
                                                                                              Chip Card
                                                                                              Platform
                                                                         Microprocessor

 • But the internet era taught us
               – The customer wants to use the same applications independent
                 of any platforms
Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 2
What are the ideas for the future?
• Creating an operating system, which allows the
  "Write once - Run anywhere" principle
             – The internet with its JAVA programming language showed us the
               right way
                                                      Java Applications (Applets)


                                                                        1         2        3

                                                                            Java Interpreter
                                                                                               Java Virtual
                                                                                                 Machine
                                                                        Operating System

                                                                         Microprocessor

    • A powerful smart card, which is able to run a GSM,
      banking or ID application
                 – The user selects his requested application and starts
Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 3
Java Card Basics (1)

• What is Java Card?
             –        A programmable smart card
             –        A multi-application smart card
             –        An interoperable smart card
             –        A smart card for secure application loading


• A programmable smart card
             – Easy to program using the power of JAVA
             – Object-Oriented
             – Standard Language
                           • A lot of programmers
             – Very compact code




Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 4
Java Card Basics (2)
• A multi-application smart card
             –       Several applications can be loaded onto the same card
             –       Firewall between applications
             –       Sharing between applications
             –       ISO-7816/4 compliant application selection

• An interoperable smart card
             – Interoperable at the source code level
                          • Applications written for one card can run on any card
                          • Write once - Run anywhere
             – Interoperable at the load file level
                          • Since Java Card Runtime Environment JCRE 2.1
                          • Converted Applet CAP file can be loaded onto any card
             – Interoperable at the loader level
                          • Since Open Platform 2.0
                          • The loading APDUs and sequences are defined

Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 5
Java Card Basics (3)
       • A smart card for secure application loading
                     – High security features of Java Card
                                  • Allows application loading after issuance
                     – VM concept
                                  • No direct hardware access
                                                – References instead of pointers
                     – Bytecode verification
                     – Firewall
                                  • Secured execution contexts




Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 6
The Java Card Architecture - Overview




Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 7
  The Java Card Architecture - Hardware

• Chip features (Infineon SLE66CX320P)
    – 64 kByte ROM
    – 32 kByte E²PROM
                  • 28 kByte available for the customer
    – 2 kByte RAM
                  • 255 Byte COD/COR per package
    – Crypto-Coprocessor
                  • DES/3DES in Hardware
                  • Advanced Crypto Engine (ACE)
                    for RSA calculations
    – UART
                  • Support of transport protocols




  Java Card Open Platform
  Combines tomorrow's technology and platforms


  C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 8
The Java Card Architecture - Native Functions

• Native Functions
         – Access to the chip hardware
                      • Communication protocols (T=0/T=1)
                      • Memory Access (E²PROM writing)
         – Special Card Functions
                      • Atomic Transaction Facility
                      • Transient Storage
         – Crytographic services
                      • Symmetric Cryptography (DES, 3DES)
                      • Public Key Cryptography (RSA 1024 Bit key, DSA)
                                   – Hashing (SHA-1)
                                   – Padding (ISO 9797, PKCS#1, PKCS#5)
                                   – Signing
                                   – Encipher, Decipher
         – Firewall control

 Java Card Open Platform
 Combines tomorrow's technology and platforms


 C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 9
The Java Card Architecture - JCVM (1)
• The Java Card Virtual Machine (JCVM) is responsible for
             – Byte Code Interpretation
             – Exception Handling
             – Firewall Checks
             – Object Consistency Checks


• The JCVM does not support
             – Long, double and float variables
             – Multithreading
             – Garbage collection
             – Reloadable classes
             – Currently no 32 bit integer



Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 10
The Java Card Architecture - JCVM (2)
• The JCVM is split into two parts


        .class                                                              .cap
         files                                                 Converter     file   Interpreter


                                                                 off-card            on-card



• The Converter (off-card VM)
          – Class loading, resolution and linking
          – Verification
          – Bytecode optimization and conversion to CAP file

• The Interpreter (on-card VM)
          – Bytecode execution
          – Java Card firewall enforcement
  Java Card Open Platform
  Combines tomorrow's technology and platforms


  C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 11
The Java Card Architecture - JCRE
• Java Card Runtime Environment (JCRE)
    – Card Reset Handling
    – Applet Selection and APDU Dispatching
    – Firewall Control and Context Switching
    – Access to Application Identifiers (AIDs)
    – Access to Shareable Interface Objects (SIOs)




   Java Card Open Platform
   Combines tomorrow's technology and platforms


   C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 12
 The Java Card Architecture - API (1)
• Java Card API 2.1
        – java.lang
                      • Language Elements
        – javacard.framework
                      • Core Applet Functionallity
        – javacard.security
                      • Random, Keys,
                        Message Digests, Signatures
        – javacardx.crypto
                      • Cipher Services




 Java Card Open Platform
 Combines tomorrow's technology and platforms


 C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 13
The Java Card Architecture - API (2)
• java.lang
             – Object
             – Throwable
             – Exceptions

• javacard.framework
             –        Applet (base class for all Applets)
             –        AID
             –        APDU (high level IO)
             –        System (Transactions, Transient Data, JCRE requests)
             –        PIN
             –        Util (arrayCopy(NonAtomic), secure arrayCompare)
             –        Exceptions, Shareable Interface, ISO7816 Interface




Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 14
The Java Card Architecture - API (3)
  • javacard.security
               – Key Interfaces
               – Key Builder
               – Message Digest
               – Signature
               – Random Data
  • javacardx.crypto
               – Symmetric Cryptography
                             • DES, 3DES
               – Public Key Cryptography
                             • RSA, DSA




Java Card Open Platform
Combines tomorrow's technology and platforms


C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 15
The Java Card Architecture - Card Management
• Card Manager Applet, API and Loader
    – Card Content Management
    – Card Life Cycle Management
    – Keyset Management
    – Secure Messaging
    – Applet Signature Verification
    – Applet Installation and Registration
    – Applet Life Cycle Management




  Java Card Open Platform
  Combines tomorrow's technology and platforms


  C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 16
Programming a Java Card - Overview




Java TM Source                    Java Compiler                            Java™                   G&D              Card Application     Java Card
    Code                         (Symantec Visual C@fe,                   Class File           Professional          Package (CAP)     (On-Card VM)
                                Borland J-Builder,                                            (Off-Card VM
                                Microsoft J++, ...)                                         Converter-Module)


                                   Functional Test                                     Test with card characteristics


     The Java™ source code will be converted into the class files with standard tools
     Input of the G&D Java Card VM are class files, containing byte code
     Some work of the JVM is done outside the card
     A new simplified and smaller card class file (CAP-Format) is generated
     The CAP-file with the applet is loaded onto the card
     The applet will be interpreted on the smart card

 Java Card Open Platform
 Combines tomorrow's technology and platforms


 C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 17