Java Card Smart Card Operating System
Java Card: A Multi-Application Operating System for Smart Cards It allows applets) to be loaded and securely executed on chip card systems. Java Card is a very small subset of Java platforms that can be used on embedded devices such as smart cards with small memory and CPU footprint devices.
Most U.S. Governemnt issue PIV cards are using JavaCard under the hood. It is also widely used in eGOV cards and passport applications world wide. SIM cards in your smart phone often have JavaCard-based implementations for GSM networks.
Java Card has been around for over 20 years now. It is a mature smart card operating system. Applet load, initialization, personalization and deletion heavily rely on GlobalPlatform specifications.
Java Card is an open, multi-application operating system for smart cards. Diverse parties can develop applications for same smart card using their respective Java programming skills. The resulting applets run on the same card and co-reside independently. Thus, applications from various vendors can be combined after being separately developed.
Until the emergence of multi-application smart cards, each software application representing a product or service on a card was written for a card-specific operating system, which in turn was particular to a hardware (chip) or silicon platform supplier. In most cases, there wasn’t even an operating system between the hardware layer and the card edge. A card issuer had to commit to a specific application developer, operating system, and chip for each service the issuer wished to provide. The issuer had almost no flexibility to change any of these components without having to invest funds in new software and/or hardware implementation. Cardholders were forced to carry a different card for each service or function. If a product or service to a cardholder changed in any way, the cardholder would have to receive a replacement card. Early smart cards were therefore costly and inflexible.
Java Card has changed the smart card proposition for both card issuers and cardholders. Java cards provide increased convenience and flexibility for users while delivering savings and a wealth of opportunities for issuers across all business sectors.
Java Card Applet Loading and Unloading
Java Card allows applications to be loaded on-the-fly. Thus, a smart card with a Java Card operating system can change features during its lifetime. This is beneficial for both the cardholder and the card issuer and eliminates time consuming paperwork.
EXAMPLE: A student who has been issued a smart card with a Java Card OS can load applications (Java applets) over the Internet and can change the set of available applications over the smartcard’s lifetime. (Proper authorization would be required, of course.) This process can take place securely even over insecure networks. The student’s card could contain an electronic purse and a metro travel application. Later, the student could add an electronic key for logical access the university network.
Java Card Applications.
Java Card applications are written in Java programming language. Development and testing time can be reduced to a minimum due to simulators and debuggers from various manufacturers.
Java Card applications require more hardware resources than MULTOS applications and lack certain security features. However, this environment is becoming very popular and the U.S. Department of Defense has deployed millions of Java-based Common Access Cards (CAC). The cards are also widely used in the telecommunication industry for SIM cards in mobile phones.
To do application development, you need a Java Card application developers card. This card is a special card with a standardized and simplified way to load and delete Java applets on a smart card.
The on-card Application Programming Interface (API) between applications and the operating system allows applications from different vendors and industries to co-exist on a single operating system and co-reside on the same smart card.
Java Card Runs on a Micro Controller
Java applets are separated through the use of special “firewalls”. They run in a dedicated and isolated memory area, inaccessible to other on-card applications.
Each new service or application is kept rigorously separate by the firewalls from any other program already on the card, so that the operation of one application (or even the malfunctioning of one application or a ‘hostile application’) cannot interfere with the operation of the others.
A Java Card card issuer can therefore feel safe that an application requiring a high degree of security and type approval (e.g. a financial services application), can co-reside with applications for which security is not of paramount importance and which therefore have not been subjected to rigorous testing (e.g. an address book application).