This week’s blog is about Java Card, a technology that allows Java-based applications (applets) to be run securely on smart cards and similar small memory footprint devices. Java Card is the tiniest of Java platforms targeted for embedded devices.
Through this blog, we aim to make our readers aware of Java Card technology is the leading open, interoperable platform that enables smart cards and other resource-constrained devices to securely run Java technology-based applications.
Ambimat Electronics, with its experience of over four decades as an ODM of IoT products, wishes to draw the attention of its customers and readers of blog posts towards Java Card technology.
The Java Card specifications enable Java technology to run on smart cards and other devices with limited memory. To simplify the material, the focus in this document is on the smart card. A smart card is identical in size to a typical credit card and stores and processes information through the electronic circuits embedded in silicon in the plastic substrate of the card. There are two basic types of smart cards: memory and intelligence. A memory card stores data locally, but does not contain a CPU for performing computations on that data. An intelligent (smart) card includes a microprocessor and can perform calculations on locally-stored data.
Java Card helps developers build, test, and deploy smart card-based applications quickly and efficiently with an object-oriented programming model and off-the-shelf development tools.
For smart card issuers, it delivers a secure and interoperable platform that can be used to store and update multiple applications on a single end-user device.
Java Card technology is used in a wide range of smart card applications, including:
Java Card technology was originally developed for the purpose of securing sensitive information stored on smart cards. Security is determined by various aspects of this technology:
Data is stored within the application, and Java Card applications are executed in an isolated environment (the Java Card VM), separate from the underlying operating system and hardware.
Unlike other Java VMs, a Java Card VM usually manages several applications, each one controlling sensitive data. Different applications are therefore separated from each other by an applet firewall which restricts and checks access of data elements of one applet to another.
Commonly used symmetric key algorithms like DES, Triple DES, AES, and asymmetric key algorithms such as RSA, elliptic curve cryptography are supported as well as other cryptographic services like signing, key generation, and key exchange.
An applet is a state machine that processes only incoming command requests and responds by sending data or response status words back to the interface device.
There are several unique benefits of the Java Card technology in these smart cards, such as:
Platform Independent—Java Card applets that comply with the Java Card API specification will run on cards developed using the Java Card Application Environment (JCAE), allowing developers to use the same Java Card applet to run on different vendors’ cards.
Multi-Application Capable—Multiple applications can run on a single card. In the Java programming language, the inherent design around small, downloadable code elements makes it easy to securely run multiple applications on a single card.
Post-Issuance of Applications—The installation of applications, after the card has been issued, provides card issuers with the ability to dynamically respond to their customer’s changing needs.
Flexible—The object-oriented methodology of the Java Card technology provides flexibility in programming smart cards.
Compatible with Existing Smart Card Standards—The Java Card API is compatible with formal standards, such as ISO7816, and industry-specific standards.
Compliant applications can be loaded, and cards that are compatible with existing ones can be produced quickly. The strong security of the Java programming language provides the foundation for Java Card’s secure execution environment.