TS-20-v2
TS-20-v2
TS-20-v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Java Card 3 Platform<br />
Peter Allenbach<br />
Sun Microsystems, Inc.
Agenda<br />
From plastic to Java Card 3.0<br />
Things to know about Java Card 3.0<br />
Introducing Java Card 3.0<br />
Java Card 3.0 vs. Java SE<br />
Java Card 3.0 vs. Java ME<br />
Java Card 3.0 vs. Java EE<br />
More About Web Applications<br />
Reference Implementation (RI)<br />
Say Hello using Java Card 3.0 RI<br />
Q & A<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 2
From Plastic to Java Card 3.0<br />
The Beginning<br />
Plastic cards<br />
• Introduced in the 50's<br />
• Cardholder identification and authentication<br />
• Signature, then magstripe and PIN codes<br />
Smart cards<br />
• Introduced in the 80's<br />
• Local authentication server, stored value<br />
• On-card PIN verification<br />
• Storage of sensitive information<br />
• Later, cryptography<br />
Original photo by Mitek<br />
http://www.flickr.com/photos/mikek/40737702/<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 3
From Plastic to Java Card 3.0<br />
The Smart in the Card<br />
A single chip in every card<br />
Very limited resources<br />
• In particular, RAM<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 4
From Plastic to Java Card 3.0<br />
Java Card 2<br />
Introduces applications to smart cards<br />
• Interoperability of platforms, portability of applications<br />
• Multiple applications, with security guarantees<br />
• Dynamic application management<br />
Runs on low-end smart cards<br />
• Less memory (4-8K of RAM and 32-64K of EEPROM)<br />
• 8 Bit Processors (Slow)<br />
Widely used technology for a decade<br />
• It is the dominant smart card technology today<br />
Very limited subset of Java<br />
• Partial support of basic types (8/16-bit values, no float, no String)<br />
• Very small subset of the APIs<br />
• Specific and pre-processed binary file format (CAP file)<br />
• Single threaded, no garbage collection<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 5
From Plastic to Java Card 3.0<br />
Java Card 3.0<br />
Major evolution of Java Card 2<br />
• Same principles: interoperability, security, multiple applications<br />
• Exploitation of new hardware features<br />
• More memory, more processing power, enhanced communication<br />
New capabilities for new use cases<br />
• A true personal Web server for enhanced user interaction<br />
• Possibility to initiate an action for more flexibility<br />
• Enhanced application model for more collaboration<br />
Two editions<br />
• Classic Edition<br />
• Supports only Classic Applets<br />
• Basically, Java Card 3.0 Classic is an evolution of Java Card 2<br />
• Connected Edition<br />
• New and improved model, and the topic of this talk<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 6
Most Important Thing About Java Card<br />
Security is Paramount<br />
“Web Server in the Street”<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 7
Things to know about Java Card<br />
Java Card is a Server<br />
VM never exits<br />
Two heaps<br />
Persistent Objects<br />
Firewall between applications<br />
Inter Application Communication<br />
Atomicity and Transactions<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 8
Things to know about Java Card<br />
Java Card is a server<br />
• Process incoming requests, and send response back to client<br />
Communication Protocols<br />
• APDUs (serial) is the traditional card-specific protocol<br />
• HTTP(S) for Java Card 3.0 Connected Edition using high speed<br />
interfaces like USB<br />
Two major communication interfaces<br />
• Contactless<br />
• Just put the card close to the reader<br />
• Contacted<br />
• Inserted into card reader<br />
• USB<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 9
Things to know about Java Card<br />
VM Never Exits<br />
“Card Initialization” happens only once<br />
• This is when the VM initialization happens<br />
• All required static data structures are created at this time<br />
• Card starts listening for Incoming requests<br />
“Card Reset” happens every time the card loses power<br />
• If card is taken out (card tear) – everything stops<br />
• When card is inserted again into card reader<br />
• RAM heap is lost<br />
• System ensures that data is consistent across tears<br />
• Card starts listening for incoming requests<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 10
Things to know about Java Card<br />
Two Heaps<br />
Unlike standard Java, Java Card has two heaps<br />
• All Session Objects created in Volatile Memory<br />
• Objects that are reachable from root of persistence will be in Non-<br />
Volatile Memory<br />
Non-Volatile Heap Volatile Heap<br />
Persistent Objects<br />
Session Objects<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 11
Things to know about Java Card<br />
Persistent Objects<br />
public class PersistenceExample {<br />
}<br />
void aMethod() {<br />
}<br />
Vector v = new Vector();<br />
v.addElement(new String(“1111”)); // String s1<br />
v.addElement(new String(“2222”)); // String s2<br />
someRootObject.addObject(v); // v is promoted<br />
Non-Volatile Heap Volatile Heap<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 12
Things to know about Java Card<br />
Persistent Objects<br />
public class PersistenceExample {<br />
}<br />
void aMethod() {<br />
}<br />
Vector v = new Vector();<br />
v.addElement(new String(“1111”)); // String s1<br />
v.addElement(new String(“2222”)); // String s2<br />
someRootObject.addObject(v); // v is promoted<br />
Non-Volatile Heap Volatile Heap<br />
v<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 13
Things to know about Java Card<br />
Persistent Objects<br />
public class PersistenceExample {<br />
}<br />
void aMethod() {<br />
}<br />
Vector v = new Vector();<br />
v.addElement(new String(“1111”)); // String s1<br />
v.addElement(new String(“2222”)); // String s2<br />
someRootObject.addObject(v); // v is promoted<br />
Non-Volatile Heap Volatile Heap<br />
v<br />
s1<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 14
Things to know about Java Card<br />
Persistent Objects<br />
public class PersistenceExample {<br />
}<br />
void aMethod() {<br />
}<br />
Vector v = new Vector();<br />
v.addElement(new String(“1111”)); // String s1<br />
v.addElement(new String(“2222”)); // String s2<br />
someRootObject.addObject(v); // v is promoted<br />
Non-Volatile Heap Volatile Heap<br />
v<br />
s2<br />
s1<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 15
Things to know about Java Card<br />
Persistent Objects<br />
public class PersistenceExample {<br />
}<br />
void aMethod() {<br />
}<br />
s2<br />
Vector v = new Vector();<br />
v.addElement(new String(“1111”)); // String s1<br />
v.addElement(new String(“2222”)); // String s2<br />
someRootObject.addObject(v); // v is promoted<br />
s1<br />
v<br />
G Garbage<br />
Non-Volatile Heap Volatile Heap<br />
G<br />
G<br />
G<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 16
Things to know about Java Card<br />
Firewall between applications<br />
All applications run in the same VM, and exist in the same<br />
heap<br />
• Objects created by one application cannot be accessed by another<br />
application<br />
• Every object access is checked by the firewall<br />
• SecurityException is thrown if access is not permitted<br />
App1 Objects<br />
Firewall Check<br />
App2 Objects<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 17
Things to know about Java Card<br />
Inter Application Communication<br />
Applications can communicate with each other using Shared<br />
Interface Objects (SIO)<br />
• App1 defines and implements a Shareable Interface<br />
• App1 allows App2 to access this SIO<br />
• Firewall allows App2 to access the SIO object<br />
App1 Objects<br />
SIO of App1<br />
Firewall Check<br />
App2 Objects<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 18
Things to know about Java Card<br />
Atomicity and Transactions<br />
Card Tear may happen at any time<br />
• Card can be pulled out of the card reader at any time<br />
• Java Card must guarantee the integrity of user data<br />
Individual persistent writes are atomic<br />
• Every write into Non-Volatile memory is atomic<br />
Transaction Facility<br />
• Transactions may be used to group persistent writes<br />
• The application specifies the start and end of transactions<br />
• Unfinished or aborted updates will be rolled back<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 19
Introducing Java Card 3.0<br />
What's New<br />
Runs on recent (high-end) smart cards<br />
• More Memory (Approx 24K of Volatile and 128K of Non-Volatile)<br />
• 32 bit Processor (Fast)<br />
Full Java Language Support<br />
• All data types except float and double<br />
• Multiple Threads<br />
• Extensive API support (java.lang, java.util, GCF, ...)<br />
• Handles class files directly, with all loading and linking on card<br />
• All new Java language syntax constructs, like enums, generics,<br />
enhanced for loops, auto boxing/unboxing, etc.<br />
• Automatic Garbage Collection<br />
The technology for the coming years<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. <strong>20</strong>
Introducing Java Card 3.0<br />
Connectivity Layers and Protocol Stack<br />
New In Java Card 3.0<br />
Connected Edition<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 21
Introducing Java Card 3.0<br />
High Level Architecture<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 22
Introducing Java Card 3.0<br />
Application Models<br />
Classic Applets<br />
• Communication using APDU protocol<br />
• For backward compatibility<br />
• Java Card 2 limitations apply for these applications<br />
Extended Applets<br />
• Communication using APDU protocol<br />
• Similar to Classic Applets, but can use all the new API, like Threads,<br />
Strings, GCF, etc.<br />
Servlet Applications<br />
• Based on Servlet 2.4 API<br />
• Communication using standard HTTP/ HTTPS protocol<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 23
Java Card 3.0 vs. Java SE<br />
Application start is not main() method<br />
• Java Card applications do not have main() method<br />
• “life cycle” model<br />
• Applet Container and Servlet Container<br />
• Application components are either Java Card Applets or Servlets<br />
Network programming using GCF API<br />
• Connector.open(“http://.....”);<br />
• Connector.open(“socket://host:1234”);<br />
Not Entire API is supported<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 24
Java Card 3.0 vs. Java ME<br />
Java Card 3.0 is very close to Connected Limited Device<br />
Configuration (CLDC)<br />
Class files compiled with JDK 6<br />
• Class file major version is 50<br />
Class File Verification is same as in CLDC<br />
• But no preverifier, because JDK6 generates StackMapTables<br />
• JDK 6 Stackmaps are a little different than preverifier generated<br />
Stackmaps, but the purpose is same<br />
Not MIDlets, but Java Card Applets and Servlets<br />
JAD file of MIDlet suite can be compared to Java Card Runtime<br />
Descriptor<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 25
Java Card 3.0 vs Java EE<br />
Servlet Container with full Servlet lifecycle support<br />
WAR file format is supported with Java Card 3.0 specific<br />
information, like Java Card Runtime Descriptor<br />
No JSP support<br />
• Just servlets (and static HTMLs) with listeners, filters<br />
Transactions using Annotations<br />
• @TransactionSupport(TransactionSuportType.REQUIRED)<br />
Per Application SSL is new in Java Card 3.0<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 26
More about Web Applications<br />
Format of the deployment unit<br />
Same as Standard Web Application format<br />
No lib folder<br />
Some additional Java Card Specific Information<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 27
More about Web Applications<br />
Java Card 3.0 specific information<br />
Java Card Runtime Descriptor<br />
Manifest-Version: 1.0<br />
Runtime-Descriptor-Version: 3.0<br />
Application-Type: web<br />
Web-Context-Path: /hello<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 28
More about Web Applications<br />
Java Card 3.0 specific information<br />
Java Card Application Descriptor<br />
<br />
<br />
<br />
remote<br />
<br />
<br />
<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 29
Reference Implementation (RI)<br />
2Q 09<br />
Contents of RI<br />
• Card Emulator<br />
• Tools to build and deploy<br />
• Off-card installer<br />
• Packager<br />
• Converter<br />
• Normalizer<br />
• Introductory How-TO samples<br />
• Documentation<br />
NetBeans Plugin<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 30
Reference Implementation (RI)<br />
Source<br />
files<br />
Card<br />
Browser/Client<br />
compile/build/IDE<br />
Class files and<br />
Other resources<br />
(or)<br />
WAR file<br />
Off-Card Installer<br />
Load<br />
create<br />
delete<br />
unload<br />
Packager<br />
Ready to<br />
deploy<br />
Module<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 31
Say Hello using Java Card 3.0 RI<br />
HelloServlet.java<br />
import javax.servlet.*;<br />
import javax.servlet.http.*;<br />
import java.io.*;<br />
public class HelloServlet extends HttpServlet {<br />
public void doGet(HttpServletRequest request,<br />
HttpServletResponse response) {<br />
PrintWriter out = request.getPrintWriter();<br />
out.println(“”);<br />
out.println(“Hello! JavaOne <strong>20</strong>08”);<br />
out.println(“”);<br />
}<br />
}<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 32
Say Hello using Java Card 3.0 RI<br />
web.xml<br />
<br />
<br />
helloservlet<br />
<br />
HelloServlet<br />
<br />
<br />
<br />
helloservlet<br />
/*<br />
<br />
<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 33
Say Hello using Java Card 3.0 RI<br />
MANIFEST.MF (Java Card Runtime Descriptor)<br />
Manifest-Version: 1.0<br />
Runtime-Descriptor-Version: 3.0<br />
Application-Type: web<br />
Web-Context-Path: /hello<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 34
Say Hello using Java Card 3.0 RI<br />
Compiling Java Sources<br />
Use the NetBeans Module; easy way to build everything<br />
Use javac to compile the source code.<br />
• Sources must be compiled using Java Card API<br />
• Set bootclasspath to Java Card 3.0 API<br />
• javac -bootclasspath jcapi.jar *.java<br />
• Use provided annotation processor to detect float and double usages.<br />
• javac -processorpath jcapt.jar -processor<br />
com.sun.javacard.apt.JCAnnotationProcessor -Amode=connected *.java<br />
• Or -<br />
• Simply use the java card compiler script<br />
• jcc_connected.bat *.java<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 35
Say Hello using Java Card 3.0 RI<br />
Building Web Application Module<br />
Compiled class files and other resources need to be bundled<br />
together into WAR file format<br />
Using NetBeans makes it a click away<br />
Packager tool<br />
• can be used to create the final module file from raw WAR file or folder<br />
• can be used to validate pre-shipped application modules/WAR files<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 36
Say Hello using Java Card 3.0 RI<br />
Load & Create the Application Module<br />
Deployment is a 2 step process<br />
• Load – loads the module onto the card<br />
• Create – creates a persistent instance of loaded module<br />
Use off-card installer to load the Application Module<br />
Use off-card installer to create the instance<br />
Browse to the page<br />
• Ex: http://localhost:8019/hello/<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 37
Say Hello using Java Card 3.0 RI<br />
Delete & Unload the Application Module<br />
If the application is no longer needed on the card, it can be<br />
removed completely<br />
2 step process<br />
• Delete – deletes given persistent instance of the application<br />
• Unload – completely removes all class files and related resource files<br />
from the card<br />
Use off-card installer to delete the application instance<br />
Use off-card installer to unload the application<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 38
Peter Allenbach<br />
Sun Microsystems<br />
Q & A<br />
Copyright <strong>20</strong>09 Sun Microsystems, Inc. All Rights Reserved. 39