News
Cryptographic algorithm for EMV Software
Typically, cryptographic algorithms use keys to encrypt and decrypt data. The key can be imagined as a kind of secret value, similar to a password or PIN code of a bank card. In fact, the key is just a sequence of numbers. The key is a parameter of the mathematical formula of the cipher. Therefore, if you encrypt the same plaintext using different keys, you will get different cipherograms. The opposite is also true: you can get the original unencrypted text from the ciphertext only if you use the correct key. Using the key whose in ciphers...
read moreApplying a Sharing Interface Object
In order for the server to return values of any types of sharing interfaces using a single interface, both methods have JCSystem.getAppletShareableInterfaceObject and an Applet.getShareableInterfaceObject- the type Shared is used to return the value – the base type for all objects of the sharing interface. Client the applet must cast the returned SIO object to the appropriate type and store a reference to it in a variable of this type. For example, if in the “electronic wallet” applet it is necessary to bring SIO to the type...
read moreJCRE Privileges
On the Java Card platform, the JCRE runtime performs the functions of a dispatcher. The JCRE context is “system”, so it has special privileges. JCRE can call methods of any objects and has access to non-static fields of any objects on the card. Such system privileges allow JCRE to control system resources and manage objects. For example, when JCRE accepts the APDU command, it calls one of the methods of the currently active applet: select, deselect or process.Before calling the applet method, the JCRE context switches to the...
read moreJava Card Object System
Switching contexts in the process of sharing objects JCRE, applet client and applet server are executed in different contexts. To ensure the possibility of sharing objects, it is necessary to organize context switching. To request access to SIO, the client applet calls the JCSystem.getAppletShareableInterfaceObject method. In this case , the internal mechanism of the method switches the context from client to JCRE . JCRE then calls the getShareableInterfaceObject server applet method. As a result of this call, the context switches again. The...
read moreInterface mechanism for sharing objects
Let’s repeat the basic properties of the mechanisms for sharing JCRE objects with applets:· JCRE has system privileges, so it can access any objects.· The applet gets access to system services through JCRE entry point objects.· JCRE exchange data of primitive types through special global arrays.Java Card technology also provides for the sharing of objects by applets using an interface sharing mechanism. Sharing Interface The sharing interface directly or indirectly extends the javacard interface.framework.Shareable. public interface...
read moreApplet Firewall and Object Sharing
The Java Card platform is an environment for many applications to work. Several applets from different manufacturers can be stored in one card. After the card is made, additional applets can be loaded into it. Applets often contain extremely critical information, such as bank account data, identification data, secret cryptographic keys, etc. The exchange of such secret data between applets must be strictly limited. On the Java Card platform, a security system, or firewall of applets, is implemented to isolate applets. The firewall restricts...
read moreProtocol-dependent methods of processing APDU commands
Programming of applets for the Java Card platform at the application level involves processing APDU commands using the capabilities of the APDU class. The APDU class provides a simple, unified interface for applets that does not depend on the lower-level transport protocol used (T=0 or T=1). However, some outdated smart card systems were designed in such a way that in order to exchange data, the applets must know the features of the transport protocol being used. To ensure compatibility with the same systems and be able to exchange data with...
read moreProcessing the APDU command and generating response data
The first four bytes of the APDU header [CLA, INS, P1, P2] define the instruction that the applet must execute. If the command is of type 3 or 4, then during the execution of the instruction, the applet must process the data read into the APDU buffer. If the command is of type 2 or 4, the applet must generate response data to send to the host application. To reduce the amount of memory used, applet developers often store intermediate results or response data in the APDU buffer. Sending APDU response data After executing the instructions...
read moreAPDU Data Packets
This chapter describes the methods of working with application protocol data blocks (application protocol data block, APDU) in applets. APDS are data packets. They provide an application layer communication protocol for data exchange between client applications that run on the card and host system applications. Readers who are unfamiliar with the storage protocol and the smart card communication system are advised to read Chapter 2 first, and only then proceed to study this chapter. the mechanism of communication of applets with the Java host...
read moreJava Card Applet
Applications that run on Java smart cards are called applets. This chapter describes the applet development environment. The chapter consists of seven sections. The first section discusses the general principles of how applets work in the JCRE environment. The remaining sections are devoted to the methods of applet development.The properties of applets are described in detail throughout the book. For example, Chapters 8 and 9 discuss the processing of APDU commands and the sharing of objects by different applets. The Java Card applet is an...
read more