Why are people moving towards smart cards

Smart and Java Card. Possible uses and user acceptance

Table of Contents:

1 Introduction
1.1 Task and aim of the work
1.2 Terms and definitions
1.2.1 Smart Card
1.2.2 Java Card
1.2.3 Java Card Applet
1.3 Historical development
1.3.1 Smart Card
1.3.2 Challenges in the development of smart card applications
1.3.3 Java Card
1.4 Summary

2 technology
2.1 Smart card overview
2.2 Card types
2.2.1 Memory Cards versus Microprocessor Cards
2.2.2 Contact Cards versus Contactless Cards
2.3 Smart Card Hardware
2.3.1 Contact points
2.3.2 Central Processing Unit (CPU)
2.3.3 Coprocessors
2.3.4 Storage system
2.4 Java Card architecture
2.4.1 Hardware architecture
2.4.2 Java Card runtime environment
2.4.3 Java Card virtual machine
2.4.4 Java Card Framework
2.4.5 Java Card API
2.5 Summary

3 possible uses
3.1 Telephony and Telecommunications Applications
3.1.1 Prepaid calling cards
3.1.2 Rechargeable Cards
3.1.3 GSM telephones
3.1.4 Television Decryption
3.1.5 Computer
3.1.6 Internet
3.2 Financial Applications
3.2.1 Electronic money
3.2.2 Card-based payment systems
3.2.3 The CASH value card system
3.3 Health applications
3.3.1 Health Insurance
3.3.2 Medical records
3.3.3 The MEDINFO Card
3.4 Transport applications
3.4.1 Public transport
3.4.2 Taxis
3.4.3 Air transport
3.4.4 Road taxes
3.4.5 Parking
3.5 User identification
3.5.1 Access control
3.5.2 Use on campus
3.6 Multi-applications
3.7 Summary

4 security aspects
4.1 Potential attackers and their possibilities
4.2 Encryption ("Encryption")
4.2.1 Cryptographic Systems
4.2.2 Future of the various cryptography systems
4.3 Digital signature
4.4 Passwords and biometrics
4.4.1 Passwords and PINs
4.4.2 Identification by biometrics
4.5 Applet - Security
4.6 Summary

5 User acceptance
5.1 survey
5.2 Evaluation
5.2.1 General information
5.2.2 Reaction to fictional situations
5.2.3 Personal opinions of the people interviewed
5.3 Summary

6 Conclusion
6.1 Summary
6.2 Trends and Future Forecasts
6.3 Conclusion

7 Bibliography
7.1 Books and specialist articles
7.2 Links

8 Appendix
8.1 List of figures
8.2 List of tables

9 Appendix: The Survey
9.1 Email content
9.2 Questionnaire
9.3 Information about the people interviewed

1 Introduction

In the past 45 years, plastic cards have spread extremely rapidly. Identifying a person has always been the card's primary task. Since their use has various advantages (possibly also disadvantages?) And you have got used to the format, the acceptance is very high. In many cases, each institution has its own such ID; so it is not uncommon to have to use five or more different cards every day.

Due to its identification function, such a card generally represents a special value. This fact and the increasing spread also lead to a constant increase in misuse. Bank cards and credit cards, i.e. cashless means of payment, are particularly at risk. In order to limit improper use, the plastic cards have special safety precautions. However, these measures limit the anonymity in payment transactions, which gives rise to discussions in the context of privacy protection.

Security is more important than ever and is leading to a rapid development of various electronic identification methods. These exist on several levels: having something (card), knowing something (secret code) and biometric properties (fingerprint, retina recognition).

The security aspect also has a major impact on the development of the Internet, which is used today by over 50% of the Swiss population1. The Java programming language plays an important role in the use of "trusted applications". The platform independence of Java made it possible to use generic applications that are no longer directly linked to the hardware. Many manufacturers know how to use this advantage in the smart card area today. These are some motivations on the subject of cards, Java and electronic identification.

1.1 Task and aim of the work

As a result of the cash card, the smart card technology that became famous in Switzerland, and the term Java card technology, which was widely used internationally by the FASME project, these terms appeared more and more in specialist magazines and on the Internet. Reason enough to take a closer look at these two terms and to bring to light the mostly still relatively unknown backgrounds.

This work offers some insights into smart and Java card technology and shows the possibilities that arise through the use of these cards. The reader should be made aware of the possible potential of such products and the meaning of these key words should be brought closer to him.

In addition to the opportunities, there are also dangers and potential risks associated with using this technology. These are shown and analyzed in more detail, whereby you should of course also form your own opinion.

The whole work can be viewed from an economic point of view, ie that less technical details are discussed and these are only briefly described, but rather the holistic picture of smart or Java cards as it has manifested itself in society or is brought closer to the reader.

The topic is treated in such depth that the viewer can and should form his or her own opinion about it. Subjective impressions among respondents about the use and acceptance of such cards in society should enable the reader to understand and recognize how much this technology (s) could still establish itself in the future.

Of course, this work is not exhaustive. To this extent, it can only represent an excerpt from the topics mentioned and sensitize the reader a little more, make it clear to him which opportunities and dangers are hidden behind these technologies and expand his knowledge about them.

1.2 Terms and definitions

1.2.1 Smart Card

The term “smart card” has long been misused as a term for plastic parts of all kinds with integrated mechanisms for storing and / or processing data. Thus, magnetic stripe cards were also referred to as smart cards because they have data storage capability.2 There have been long debates about the minimum requirements for a smart card. Two definitions are listed as representative:

"A smart card is implemented in a piece of plastic the size of a credit card. Each smart card contains its own CPU which is essentially a small computer ”3.

"A Smart Card consists of an integrated circuit chip or chips packaged in a convenient form to be carried on one’s person"4.

When technology advances rapidly into new areas, there is often a great deal of terminology confused. Based on the above definitions, the following two terms are defined:

- Chip card
- Smart card

These definition suggestions are used in the following explanations:

“A chip card is a device the size of a credit card. It contains at least one integrated circuit (chip) and a corresponding I / O interface. "

“A smart card is a chip card. The integrated components are at least a microprocessor, memory and I / O interface. "

1.2.2 Java Card

From the outside, a Java Card is nothing more than a Smart Card. The only, but essential, difference is that Java Card technology enables programs - written in the Java programming language - to be executed on smart cards and other devices. The most important "feature" of a Java Card runtime environment is the clear separation between the smart card system and the applications. These are given access to the system services and their resources through a fixed, “high-level” programming interface. The object-oriented approach of Java enables modularity, encapsulation and "information hiding" in map applications.5

1.2.3 Java Card Applet

Java Card applets must not be confused with the conventional Java applets known from the Internet. A Java Card applet is therefore not used in a browser environment. The following definition for a Java Card applet can be found in Chen:

"A Java Card applet is a Java program that adheres to a set of conventions that allow it to run within the Java Card runtime environment."6

The reason why the name “applet” was chosen for Java Card applications is because Java Card applets can be loaded into the Java Card runtime environment after the (smart) card has been manufactured. As a result, these applets do not have to be in the ROM during manufacture, as in other systems7 to be burned.

1.3 Historical development

1.3.1 Smart Card

More than forty years ago, the importance of designing ID cards in a modern way, standardizing them worldwide and making them increasingly machine-readable was recognized. In the beginning, the focus was primarily on shape, size and cost, but the safety aspect became more and more important. Soon the printed plastic cards were embossed, which made it very easy to print the name and customer number of the cardholder. A field for the signature was added as evidence of the lawful use. The combination of card and signature is still often used today to process credit transactions. In order to make the information on the card readable for humans and machines, various attempts were made with OCR8 and barcode made. However, the magnetic stripe has established itself worldwide as a dynamic, but only machine-readable storage type.

The requirements for identification of the holder and machine readability of the card were therefore met. This is how the card has spread the most. In the 1980s, however, the abuse increased sharply and became intolerable. With the VISA card, for example, knowing the number and the expiry date is sufficient to cause greater damage.

Some card issuers made use of special printing processes for easy identification of "card flowers". However, it was soon realized that the security of the card and the magnetic stripe as well as the identification method were not sufficient to get the card misuse under control in the long term.

Twenty-eight years ago (1974), a then 29-year-old Frenchman named Moreno applied for a patent for the “installation of safety precautions in portable information carriers”. While looking for industrialists interested in the development of his invention, R. Moreno met an engineer from Bull. Through this contact, Bull began research on a broad basis in 1977. A new direction has been taken. Not only a simple memory - as before - should be protected, but a single-chip microprocessor should be used to process and store the data. This is how the concept of Bull's CP8 card came about. This is the hour of the birth of the microprocessor card (smart card) in France some twenty years ago.

Based on McCrindle, Figure 2 shows a brief summary of the smart card development9. The smart card found widespread use in the mobile communications sector from the beginning of the 1990s. In addition to identification, it also enables telephone numbers to be saved on the chip. The advantage of this is, among other things, that you can keep your original phone number when you change phones and use the smart card to transfer all the information saved to another phone.

Figure not included in this excerpt

Figure 1: Scheme of a smart card wearing10.

Source: McCrindle, 1990, p. 86

1.3.2 Challenges in the development of smart card applications

Developing smart card applications has been a long and difficult process. Although the cards are standardized in various ways, the detailed processes within the card differ from manufacturer to manufacturer. It was almost impossible for third-party manufacturers to develop independent applications and then sell them to the various providers as a standard product. Up until this point in time, application development for smart cards was reserved for a few, well-trained programmers who had detailed knowledge of the smart card hardware and software.

Furthermore, because they were developed for proprietary platforms, applications from different manufacturers cannot coexist and function on a single card. Due to a lack of interoperability and limited card functions, the widespread use of various smart card applications has not yet taken place.

Figure not included in this excerpt

Figure 2: Historical development of the smart card

Source: based on McCrindle, 1990, page 19

1.3.3 Java Card

The Java Card technology was then used to overcome the traditional obstacles to program development. It allows the smart cards to use applications that are written in the Java programming language. The Java Card APIs were first introduced in November 1996 by a group of developers at Schlumberger's product center in Austin, Texas. Just a few months later, Schlumberger, Bull and Gemplus founded the Java Card Forum. Java Card 1.0 was created, which only consisted of specifications for the APIs.

A year later, in November 1997, Sun Microsystems announced the Java Card 2.0 specification. This only came about thanks to the support of the entire smart card industry. The 2.0 version differed significantly from the entry-level version 1.0, as it is now

Figure not included in this excerpt

Figure 3: Java Card from Sun among other things an object-oriented way to

Source: Applet development made possible. http://java.sun.com/products/javacard/

The Java Card version 2.1 was unveiled in March 1999. It consisted of three specifications: the Java Card 2.1 API specification, the Java Card 2.1 Runtime Environment specification and the Java Card 2.1 Virtual Machine specification. In this version, the APIs were renewed, but were largely based on the previous 2.0 version. The applet runtime environment was further standardized. The most significant difference to the previous version was the explicitly defined Java Card Virtual Machine architecture and the “applet-loading” format, which enabled real applet interoperability.

Since its invention, Java Card technology has been widely recognized by the smart card industry and is widely used by most manufacturers11 licensed12.

1.4 Summary

In addition to some basic information about smart and Java cards, this thesis aims to show the various possible uses and some important aspects of user acceptance. User acceptance is one of the most critical success factors for the widespread use of smart card technology and is therefore analyzed in more detail on the basis of an empirical study.

A smart card is a chip card the size of a credit card. The integrated components are at least a microprocessor, memory and an I / O interface. This definition is based on all of the following statements when talking about smart cards. Java cards are also smart cards, but they allow Java programs to be executed and are therefore platform-independent. The applications that are stored on Java Cards are called Java Card Applets and can still be loaded onto the Java Card after the card has been manufactured.

Plastic cards have existed for over forty years and, after continuous development since 1977, can also be called smart cards, i.e. cards with an integrated microprocessor. The main person responsible for the first smart card, the CP8 card, was R. Moreno in cooperation with the company Bull from France. From the beginning of the 1990s, the smart card found widespread use in mobile communications. The desire for several different applications on one card led to the development of Java Card technology, which was pioneered in 1996 by a group of Schlumbergers. Today the Java Card is in version 2.1 and is widely recognized.

The progress in smart card technology has increased significantly recently. The trend is clearly in the direction of multi-application capability - that is, to "one card for everything". However, social integration in society leaves a lot to be desired. We know them, the cards with the “golden” chip, but they are seldom used in this sense. They are only used most frequently to pay for consumer goods and to withdraw cash at the machines, whereby the magnetic stripe still plays the main role in such transactions and not the chip. The following chapters present the background of the chip cards in more detail and want to dissolve the veil of ignorance.

2 technology

This chapter takes a closer look at the structure and the different types of smart and Java cards.The reader is given a certain insight into the structure of such a card without conveying overly in-depth electrical engineering aspects.

2.1 Smart card overview

Smart cards are often also called chip cards or IC (integrated circuit) cards. The integrated circuits (IC) are packed in a credit card-sized plastic form and contain components for data transmission, storage and processing. The smart card can have a punched surface with a chip on one side and a magnetic strip on the other. The physical appearance and properties of a smart card are defined in ISO 7816, Part 1. ISO 7816 is the document that sets the standard for the smart card industry.

Figure not included in this excerpt

Figure 4: Physical design of a smart card Source: Chen, 2000, page 12

Usually such a card does not contain a power supply, visual display or keyboard. In order to communicate with the outside world, a smart card is placed in or near a card reader that is connected to a computer.

2.2 Card types

Chip cards can be divided into several groups. They can be divided into memory cards and microprocessor cards. Smart cards can also be categorized into contact and contactless cards based on the difference in card access mechanism.

2.2.1 Memory Cards versus Microprocessor Cards

The first mass-produced smart cards were memory cards. Memory cards are not really "smart" because they do not contain a microprocessor but only a memory chip. They are primarily used as "prepaid" cards for public telephones or other services that are sold against prepayment.

Since memory cards do not have a CPU (Central Processing Unit) for data processing, such processes are carried out by simple preprogrammed instructions in the circuit. These functions are very limited and cannot be reprogrammed. This means that memory cards cannot be reused and must be thrown away after use (e.g. after no more money is available). The advantage of such cards lies in the simple technology. They are preferred where low costs are used as a decision criterion.

In contrast to this, microprocessor cards contain - as the name suggests - a microprocessor. They enable greatly improved safety and multifunctional capabilities. With this type of card, the data can never be viewed directly from external applications. The microprocessor controls data handling and memory access under various conditions (passwords, encryption, etc.) in exchange with instructions from external applications. Microprocessor Cards are very flexible; they can be optimized for one application or can integrate several different applications. Their functionality is actually only limited by the memory resources and the computing speed.

Microprocessor cards are used for access control, banking applications, wireless telecommunications and so on wherever data security and privacy are important.

As a result of mass production, the cost of microprocessor cards has dropped dramatically since the early 1990s. Today they usually cost between one and twenty US dollars, primarily depending on the memory resources used and the software functionality.

2.2.2 Contact Cards versus Contactless Cards

Contact cards must be inserted into a card reader, where they communicate with the “outside world” via eight contact points; a serial communication interface is used for this.

Because the contact cards have to be inserted into a mechanical reader in the correct direction and with the correct side, contactless smart

Figure not included in this excerpt

Figure 5: Contact Smart Card Source:

http://www.uni-weimar.de/~schott2/sc/

Types of application for these cards.

Cards are an advantage where fast transactions are required. Public transport systems (e.g. ski lifts) and building access controls are typical contactless cards that do not have to be inserted into a mechanical device; they communicate with the "outside world" via an integrated antenna. The energy can be supplied via an internal battery or via the antenna. Contactless cards transmit the data via an electromagnetic field.

Because the microcircuit of contactless cards is completely sealed in the card, they overwhelm the limitations of contact cards: there are no contacts that become unusable from excessive use, they do not have to be carefully inserted into a CAD (Card

Figure not included in this excerpt

Figure 6: Contactless Smart Card

Acceptance Device) must be inserted

Source: http://www.uni-weimar.de/~schott2/sc/

den, and the cards do not have to be of a fixed thickness to fit into a CAD card slot.

But contactless cards also have their disadvantages. They have to be within a certain radius around the CAD in order to be able to exchange data. Because the card can be moved quickly out of this area, only limited data can be transferred during a short transaction time. It is also possible that transmitted data can be intercepted without the owner knowing about it. Contactless cards are also currently more expensive to manufacture than contact cards.

2.2.2.1 Combination and hybrid cards

Two additional categories (derived from the two previously mentioned) are the combi card and the hybrid card. A hybrid card consists of two chips, each with a contact or contactless interface. The two chips are not connected, but for many applications it meets the needs of the consumer and the manufacturer. The combination cards, which connect a single chip to both interfaces, are new. This means that one and the same chip can be addressed via both systems with a very high level of security. Mifare, Legic and Hi-Tag are the latest techniques here. The mass transportation and banking industries expect to take advantage of technology first.

Figure not included in this excerpt

Figure 7 shows both the contact-based ones

and contactless elements of the card. A combination card has only one chip, while the hybrid card has two.

2.3 Smart Card Hardware

Figure not included in this excerpt

Figure 7: Hybrid Smart Card Source:

http://www.uni-weimar.de/~schott2/sc/

A smart card has contact points on the surface, an integrated central processing unit and various types of memory. Some smart cards even contain coprocessors for math calculations.

2.3.1 Contact points

A normal (contact) card has eight contact points, the position and properties of which are defined in ISO 7816-2. Some French cards still use other contact positions, which are described as “transitional” in the ISO standard. Although the clear intention is to get rid of these older contact points (in the upper left corner of the card), there are still some such terminals that only accept these types of cards.

Figure not included in this excerpt

Figure 8: Structure of the micromodule Source: Sturm, 2001, page 31

The contacts are usually made of gold or other conductive material. They are usually connected to the actual chip with the help of very thin “cables” during the manufacturing process. Due to the flexibility of the card (in the sense of mobility), these contact points are a potential source of unreliability. They themselves have a limited lifespan, especially when used with cheap readers that use sliding contacts. This greatly increases the wear and tear on these areas.13

Figure not included in this excerpt

Figure 9: Chip SLE 66X160S Table 1: Contact points of a chip

Source: Lenz, 1998, page 10 Source: own illustration

The "Vcc" contact supplies the chip with power. Its voltage is three or five volts with a maximum deviation of ten percent. Smart cards in cell phones - cell phones - usually have three volts.

The “RST” contact point is used for a signal that resets the microprocessor - this is called a “warm reset”. A “cold reset” occurs when the power supply is switched on and off. This occurs, for example, when pulling out and inserting the card from and into the CAD.

Smart card microprocessors usually have no internal clock generation ("CLK"). Therefore, this must be applied from the outside. Usual clock rates are 3.5 to 5 MHz. However, clock rates of up to 20MHz are specified in ISO / IEC-7816-3. To save electricity, most smart card microprocessors allow the clock supply to be temporarily switched off.

The “GND” contact point is used as a reference voltage; their value is considered to be zero volts.

The "Vpp" contact is optional and is only used in older cards. When used, it provides the two level programming voltage. The lower voltage is called the "idle state"; it must be maintained by the CAD until the other level, "active state", is required. This change is necessary to the EEPROM14 -Programming memory in some old smart card chips.

The “I / O” point is used for data transfer and instructions between the smart card and the “outside world” in half-duplex mode. Half duplex means that the transmission can only take place in one direction at a certain time.

The "RFU" contacts are reserved for future uses.

2.3.2 Central Processing Unit (CPU)

When it comes to the CPUs of microprocessor cards, manufacturers often fall back on tried and tested microcontroller chips such as the Intel 8051 or the Motorola 6805. These are 8-bit CISC15 Processors whose extensive instruction sets are usually expanded to include card-specific instructions. These have a clock rate of up to 5MHz. High-end cards often contain a clock rate multiplier (of two, four or eight), which allows an operating speed of up to 40MHz (5MHz * 8).

In the meantime there are also new developments of special CPUs for microprocessor cards as 16-bit and even 32-bit RISC16 Architectures. In the near future, such 16-bit and 32-bit smart cards will increasingly appear on the market.

2.3.3 Coprocessors

Smart card chips, which are very often developed for use in security applications, have a built-in coprocessor. In some cases this processor carries out multiple calculations in the hardware (multiplication and exponentiation); in other cases the coprocessor was designed to perform common cryptographic functions such as DES17 Encryption or RSA18 Signatures to run directly. The integration of such a coprocessor usually leads to a relatively high increase in chip costs.

2.3.4 Storage system

Chip cards essentially consist of non-volatile and volatile memories, control logic or a microprocessor. Although these components are basic components of information technology, the following description of the components is intended to show the problems in use for chip cards - limited space requirements to a maximum of 5mm x 5mm.

2.3.4.1 ROM (read only memory)

The ROM is a type of memory that can only be read. Write access is not possible. The content of the ROM depends on the manufacturing process, is identical for all chips in a production series and cannot be changed during the life of the chip. Of all memory types, ROM cells require the smallest chip area per bit. They are the cheapest, but also inflexible.

2.3.4.2 EPROM (erasable read only memory)

In the early years of chip card technology, EPROMs were often used, because at that time it was the only type of memory in which data was retained even without voltage and could be written once per bit.

The first French phone cards contained EPROMs. When the amounts were debited, the cells were written, one bit for each charge unit.

EPROMs are erased by UV light, which allows the stored charges to flow away. The entire content is lost at once; selective deletion of cells is not possible. This is also the reason why they are no longer of practical importance for new applications today. An EPROM cell needs twice to three times the chip area of ​​a ROM cell and is accordingly more expensive.

2.3.4.3 EEPROM or E PROM (electrical erasable read only memory)

This type of memory can be erased and rewritten almost any number of times, according to the manufacturer 104 to 106 times. Once the data has been saved, it can be retained for at least ten years, which by far exceeds the service life of a chip card in today's applications.

The EEPROM is used for data or programs that should be changed or deleted at some point. An EEPROM cell basically represents a tiny capacitor that can be charged or discharged. A charged capacitor represents a logical '1' and vice versa. In order to save a byte, you need eight capacitors and a corresponding sensor system to query the state of the capacitors.

Charging and discharging requires a programming voltage of approx. 20 volts, which is higher than the supply voltage of five volts. It does not have to be supplied externally, but is generated on the chip by means of a so-called charge pump, which works on the principle of cascading voltage doubling. The current required is extremely low and the write process takes about ten milliseconds. If an EEPROM cell is manipulated by heating or strong radiation, the capacitor can discharge and the cell assumes the so-called safe state '0'. This condition is of elementary importance for the design of smart card operating systems, since otherwise security barriers could be broken through deliberate changes in the environmental conditions.

An example: If the EEPROM cells, which are responsible for storing the amount of money, were to change to state '1' through heating, the chip card could then be recharged to the full amount.

The area required by an EEPROM is around four to seven times greater than that of a ROM cell. Their structure is more complicated and therefore more expensive, but their application is more variable, which is why the trend for chip cards is towards EEPROM.

2.3.4.4 RAM (random access memory)

The RAM is the working memory of the microcontroller of a chip card, in which interim results are temporarily stored - for example when coding or decoding data. It requires a power supply to function. If the operating voltage is no longer available or if it fails briefly, the content of the RAM is no longer defined. A RAM cell is made up of four or six transistors that are connected in such a way that they function as a bipolar trigger circuit. The circuit status then represents the memory content of a bit in the RAM.

The RAM used in chip cards is static, in contrast to dynamic RAM, which also requires a clock to periodically refresh the memory content. Static RAM is simpler in structure, but twice the size of dynamic RAM. Static RAMs are used because it must be possible to stop the clock supply to a smart card. For example, microcontrollers in cell phones have a power-saving mode in which all parts of the chip are deactivated except for the input / output interrupt.

The writing process with RAMs is around 50,000 times faster, and the energy required for writing is 106 times less than with EEPROMS, but they are 30 times larger than ROM cells. Because this drives up costs, the RAM should be as small as possible, which is why developers of encryption algorithms must ensure that their programming uses as little RAM as possible.

Today other memory technologies in smart cards are gaining popularity. For example, “flash memory” is becoming more and more popular. Flash memory is a type of persistent, changeable memory; it is more efficient than EEPROM in terms of space and functionality. Flash memory can be read bit by bit, but can only be updated as a block. This memory is typically used for storing additional programs or large chunks of data that can be updated as a whole.

2.4 Java Card architecture

A Java Card is a smart card that is able to run Java programs. A Java runtime environment, the so-called Java Card Runtime Environment (JCRE), which is able to execute Java bytecode, is located on such a chip card. This runtime environment is standardized and hides the special features of the smart card hardware. As application

Figure not included in this excerpt

Figure 10: Microprocessor architecture Source: Sturm, 2001, page 32

programming language serves a subset of Java.

The binary compatibility of applications is mentioned in the specification of the Java Card Virtual Machine as the main motivation for the development of the Java Card standard:

"The standards that define the Java platform allow for binary portability of Java programs across all Java platform implementations.This "write once, run anywhere" quality of Java programs is perhaps the most significant feature of the platform. Part of the motivation for the creation of the Java Card platform was to bring just this kind of binary portability to the smart card industry. In a world with hundreds of millions or perhaps even billions of smart cards with varying processors and configurations, the costs of supporting multiple binary formats for software distribution could be overwhelming. " 19

2.4.1 Hardware architecture

Figure not included in this excerpt

Figure 11: The hardware architecture of the Java Card

Source: http://www.inf.ethz.ch/~rohs/SmartcardsUndJavacards/

Figure 11 shows the hardware architecture of the Java Card. The ROM of the card contains an implementation of the runtime environment (Java Card Runtime Environment, JCRE), the interfaces of which are standardized. This runtime environment includes a special virtual machine (VM) that is adapted to the resources available on smart cards. The runtime environment controls access to the card's resources, such as I / O and memory, and can therefore be viewed as the card's operating system. The EEPROM of a Java Card contains the reloadable applications, applets20 called, and their persistent objects. The RAM is used as main memory, i.e. as a runtime stack, as an I / O buffer and for storing transient objects. As will be described below, only a subset of the usual Java functionality can be implemented.

The scope of the Java Card approach is limited to the card itself, not to communication with the card. Java Card allows the card-resident part of a card application to be programmed in Java. However, a complete card application also has a part that is external to the card and acts as a client of the part that is resident on the card.

From the outside, a Java Card appears like a conventional card, in accordance with the ISO / IEC-7816 standard. The advantage of this approach is that there are no legacy problems, since no changes to the existing infrastructure in the form of card readers and external applications are necessary. This also allows the card-external part of a card application or the client of a Java Card to be written in any programming language. So you are not limited to Java at this point.

2.4.2 Java Card runtime environment

The Java Card architecture, version 2.1, consists of the following software components:

- Runtime environment (Java Card Runtime Environment, JCRE)
- Basic services of the smart card (I / O, cryptography)
- Virtual machine (JCVM)
- Java Card framework
- Java Card API (as a service interface of the Java Card framework)
- Visa OpenPlatform (OP)
- Java Card applets

Figure 12 shows the Java Card software architecture. The hardware of the chip card provides a proprietary interface, such as the instruction set of the processor used. The lowest layer of the software implements the communication protocols for T = 0 or T = 1, as well as higher-value functions such as cryptographic algorithms, which should be programmed in assembler for speed reasons.

The central component of the architecture is the virtual machine (VM), which hides the specific hardware and controls access to its components, such as memory and input / output. It provides a runtime environment for Java Card applets. It also isolates the individual applets from one another. This mechanism is called a "software firewall" and allows controlled interaction of applets via "shareable" interfaces. The Java Card API is the service interface of the Java Card framework, which defines the embedding of applets in this environment. The Java Card Framework is an implementation of the Java Card API, which provides the most important classes required by applets.

Figure not included in this excerpt

Figure 12: The software architecture of the Java Card

Source: http://www.inf.ethz.ch/~rohs/SmartcardsUndJavacards/

The actual functionality of the card that is visible to the user is implemented by Java Card Applets, which represent the various card applications. These can also be installed after the card has been manufactured. In addition to applets, user libraries can also be installed, the functionality of which can be used by all applets, but which cannot be addressed directly from the outside. If necessary, the manufacturer of the card can also install libraries and applets in the card's ROM.

The installation and deinstallation of applets is done using an installation component that is only roughly described in the JCRE specification. This has led to the fact that the various manufacturers have used proprietary mechanisms for installing applets, which of course runs counter to the idea of ​​an open application platform. For this reason, VISA developed an architecture called Visa OpenPlatform (VOP) for the secure installation of new applications on multi-application cards. This architecture has since been declared the standard under the name OpenPlatform (OP), but is not yet part of JCRE 2.1.

[...]



1 According to figures from WEMF AG for Advertising Media Research (http://www.wemf.ch), 52.1% of those surveyed use the Internet in Switzerland (2001).

2 See Haykin, 1988

3 McIvor, 1985, 152

4 Svigals, 1985, p. 1

5 Quisquater (2000), 106

6 Chen, 2000, 42

7 Read only memory

8 Optical Character Recognition

9 McCrindle (1990), 19

10 See Stockar, 1989

11 See http://java.sun.com/products/javacard/#partners

12 See Chen, 2000

13 See Hendry, 1997 semester paper Smart and Java Cards: January 23, 2002

14 Electrical Erasable Programmable Read Only Memory

15 Complex Instruction Set Computer

16 Reduced Instruction Set Computer

17 Data Encryption Standard (DES): 56bit, further development: Triple DES (168bit); Sender and receiver share a common key. This key must be kept secret by both. Problem: secure transmission and distribution of the keys (symmetrical encryption).

18 RSA, named after its authors: Ron Rivest, Adi Shamir and Len Adleman; Here the “public key” consists of a large number (modulus) that is the product of two large prime numbers. If these prime numbers can be determined from the “public key” by factoring, then the system is decrypted (broken). The difficulty of this factorization corresponds in this sense to the degree of security of the key (asymmetrical encryption).

19 Sun Microsystems, 1999, pages 1 and 2 Semester paper Smart and Java Cards: January 23, 2002

20 See definition 1.2.3 on page 7

End of the reading sample from 108 pages