Presentation is loading. Please wait.

Presentation is loading. Please wait.

Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Class ID: BL01A - Java & Global Platform Applet Development.

Published byMorgan Blankenship Modified over 8 years ago

Similar presentations

Presentation on theme: "Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Class ID: BL01A - Java & Global Platform Applet Development."— Presentation transcript:

1 Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Class ID: BL01A - Java & Global Platform Applet Development Mikhail Friedland - jNet Technology, Inc. BL01A

2 © 2012 Renesas Electronics America Inc. All rights reserved.2 Concise Biography President of jNet Technology since 1998 Contributor to early JavaCard and Visa OP implementations at Sun and Visa 15 years in smart card industry Specializing in compact Virtual Machines, cryptography and VM applications in embedded control and factory automation. Previously worked in telecom and paperless medical office industries. Mikhail Friedland

3 © 2012 Renesas Electronics America Inc. All rights reserved.3 Renesas Technology & Solution Portfolio

4 © 2012 Renesas Electronics America Inc. All rights reserved.4 JavaCard Architecture Overview Introduction to Development Environment Managing executable content on JavaCard Global Platform Architecture & Internals Using Cryptography on a Smart Card Summary Q & A Agenda

5 © 2012 Renesas Electronics America Inc. All rights reserved.5 jNet Java Card Solutions on Renesas RS47x Modular & Scalable Design High Performance Java Execution Dual I/O Solutions Secure Implementation: FIPS 140-2 Approved Mode of Operation Common Criteria & JavaCard Protection Profile Roadmap: Government ID Banking Transit & Loyalty GSM

6 © 2012 Renesas Electronics America Inc. All rights reserved.6 Java Card Development - Overview Applet developer perspective Development environment – Eclipse Compatible – Global Platform card edge commands (shell based approach) Design techniques for Java Card applets Loading Java Card applets Working with APDUs / Shell Debugging applets Advantages & Limitations

7 © 2012 Renesas Electronics America Inc. All rights reserved.7 Development Environment Eclipse IDE + jNet tools plug-in Specific JavaCard Views Target device – Virtual Card Simulator on Win32 (jNet) – Real JavaCard (Renesas)

8 © 2012 Renesas Electronics America Inc. All rights reserved.8 Development Environment Eclipse Shell Eclipse Explorer CAP File properties

9 © 2012 Renesas Electronics America Inc. All rights reserved.9 Development Environment Java Card memory Java Card bytecodes

10 © 2012 Renesas Electronics America Inc. All rights reserved.10 Design Techniques with SmartCard on Eclipse Main Applet Extends JavaCard applet class Process method handles APDUs Dispatches to function depending on INS Watch the bytecodes No static vars pointing to another applet Keep things simple Keep the application in one package

11 © 2012 Renesas Electronics America Inc. All rights reserved.11 Loading Applets 1.Select your java card project and click “run Configuration” from the run menu 2.Select “Java Card Application” and click “new” 3.Configure target device 4.Select packages to load & applets to install Create & Configure a run configuration 12 3 4

12 © 2012 Renesas Electronics America Inc. All rights reserved.12 Loading Applets 5.Set installation parameters and privileges of the applet 6.Set before and after upload scripts (optional) 7.Set script folder (optional) 8.Run configuration 5 6 7 8

13 © 2012 Renesas Electronics America Inc. All rights reserved.13 Working with APDUs / Shell on Eclipse Basic commands card-info /atr /select AID /send CLAINSP1P2LC /close help Using scripts.jsch file Setting script folder Execute a script by typing its name in the command shell

14 © 2012 Renesas Electronics America Inc. All rights reserved.14 Debugging Applets with Eclipse IDE Debugging like regular java in a simulator Set breakpoints Step through the code Watch variables Use the shell to send APDU commands More details with javacard bytecodes

15 © 2012 Renesas Electronics America Inc. All rights reserved.15 Java Card Architecture Java Card VM Built-in language security Data types Runtime environment specifics Main components of Java Card VM Method contexts Runtime structures Stack frames Objects representations Exceptions & error handling

16 © 2012 Renesas Electronics America Inc. All rights reserved.16 Applet Loading/Install/ Deletion process Java Card Applet Execution CAP files Creating applet instance Starting the Virtual Machine Engine Interpreting the opcodes Method calling & return Exiting the applet

17 © 2012 Renesas Electronics America Inc. All rights reserved.17 ROM Mask structure Java Card API sub-system java.lang javacard.framework javacard.security javacardx.crypto API implementation and native linkages Native OS code Tools for developing custom packages

18 © 2012 Renesas Electronics America Inc. All rights reserved.18 Building Applets Export files – internal details Internals of Java linkages Constant pool entries Classes & interfaces exposed Fields & methods exposed Attributes Hierarchies

19 © 2012 Renesas Electronics America Inc. All rights reserved.19 CAP Files CAP File internals Directory structure & component model Installation sequence CAP file components – Header & directory – Applet – Import – Class, method, static field – Reference location, export, descriptor

20 © 2012 Renesas Electronics America Inc. All rights reserved.20 Java Card Architecture VM Opcodes Why 8-bit bytecodes? Required Java bytecodes for JCVM Reserved opcodes Optional opcodes Runtime error handling & security exceptions Instruction set – brief overview

21 © 2012 Renesas Electronics America Inc. All rights reserved.21 Memory management Memory Types on Card EEPROM memory management – Persistent storage RAM memory management – Transient Arrays: Clear on Reset (COR) Clear on Deselect (COD) – Java stack Temporary storage within method context

22 © 2012 Renesas Electronics America Inc. All rights reserved.22 HAL: RS4x Family Specifics RS4x family as it relates to JavaCard Mapping RS4x internal architecture to 16-bit VMs Address spaces Portability Issues between Renesas chips Optimization

23 © 2012 Renesas Electronics America Inc. All rights reserved.23 Applet Loading/Install /Deletion process Applet Lifetime Install Method Select Method De-Select Method Process Method Register Method Power loss & reset Default Applets

24 © 2012 Renesas Electronics America Inc. All rights reserved.24 Java Card Runtime Firewall Applet isolation & object sharing Contexts Transactions & Atomic Operations Exception handling within JCRE APDU class implementation Security & Crypto Sub-systems JCSystem class implementation

25 © 2012 Renesas Electronics America Inc. All rights reserved.25 Java Card Runtime Applet Installation Resource allocation Registration with JCRE Failures during installation

26 © 2012 Renesas Electronics America Inc. All rights reserved.26 Java Card Runtime Atomic Transactions Atomic Transaction Mechanism Implementation and Memory allocation Verification of atomic entries Optimization techniques – Architecture specific – Pre-erasing Eeprom Commands processing GP system User applets

27 © 2012 Renesas Electronics America Inc. All rights reserved.27 Java Card V3.0.1 Advantages Advanced architecture End-point design – Classic vs. Connected Mandatory and optional features Integer types javacardx packages Biometry integration ECC support FIPS 140-2 approved mode of operation Support for GP2.2, Contactless I/O, TLV, transient asymmetric keys More robust test suite by Oracle

28 © 2012 Renesas Electronics America Inc. All rights reserved.28 JC V3.0.1 Architecture Enhanced I/O Logical channel support Contactless Protocols APDU Forwarding Extended APDU Interface Exception handling

29 © 2012 Renesas Electronics America Inc. All rights reserved.29 Supplementary Logical Channels Up to 20 logical channels support Full compliance with JCRE v3.0.1 spec SELECT FILE/MANAGE CHANNEL commands are covered Channels are allocated by blocks of 4 channels at time for better RAM utilization VGP211 Limitation of 4 channels Dynamic configuration switch

30 © 2012 Renesas Electronics America Inc. All rights reserved.30 JC V3.0.1 Architecture Extension Packages Math – BCDUtil – BigNumber – ParityBit TLV Processing Util – Array logic – Integer – UtilException

31 © 2012 Renesas Electronics America Inc. All rights reserved.31 JC V3.0.1 Architecture Extension Packages Biometric Extensions – Match-on-chip library – Native calls Java Card Forum External Memory Interface – Mifare I/F

32 © 2012 Renesas Electronics America Inc. All rights reserved.32 JC V3.0.1 Architecture Crypto Enhancements SHA-2 hash suite (SHA-224/256 InitMessageDigest Korean SEED (optional) Extended JCAPIs Easier mapping with GP2.2 features

33 © 2012 Renesas Electronics America Inc. All rights reserved.33 Crypto Implementation Java Crypto APIs Pulling parameters off the stack Links to native methods Keys protection Countermeasures

34 © 2012 Renesas Electronics America Inc. All rights reserved.34 Key Management Building keys on-card Allocating key objects in Eeprom & RAM Protecting keys Static keys Session keys Verification of keys prior their use DES & AES (Symmetric keys) RSA (Asymmetric keys)

35 © 2012 Renesas Electronics America Inc. All rights reserved.35 Crypto Algorithms DES & AES SHA-1 and SHA-256 Older hash methods (MD5 & RIPEMD160) RSA ECC (new ROM mask, Government ID)

36 © 2012 Renesas Electronics America Inc. All rights reserved.36 GP2.2 Framework - I Overview Differences with Java Card specs Card Preparation & Personalization Card Manager Key Usage

37 © 2012 Renesas Electronics America Inc. All rights reserved.37 GP 2.2 Framework - II Security Domains APDU Commands Open Platform APIs Integration with Java Card VM

38 © 2012 Renesas Electronics America Inc. All rights reserved.38 GP 2.2 Framework - III Card Manager Represents Issuer Security Policy Lifecycle States – Package – Applets Card Content Management Secure Channel Implementation

39 © 2012 Renesas Electronics America Inc. All rights reserved.39 GP 2.2 Framework - IV Card Manager Global PIN Application Locking Card Locking Card Termination

40 © 2012 Renesas Electronics America Inc. All rights reserved.40 GP 2.2 Framework - IV Security Domains Life Cycles Application Access to SD Secure Communication Personalization DAP Verification (PK – DAP)

41 © 2012 Renesas Electronics America Inc. All rights reserved.41 GP 2.2 Framework - VI Global Platform APIs APDU Commands GET STATUS GET DATA, PUT DATA INSTALL LOAD PUT KEY SELECT

42 © 2012 Renesas Electronics America Inc. All rights reserved.42 GP 2.2 Framework - VII Miscellaneous Topics Session Keys Hash Usage Authentication Cryptograms APDU Generation & Verification What’s next for Applet Developers?

43 © 2012 Renesas Electronics America Inc. All rights reserved.43 jNet Roadmap on Renesas RS47X

44 Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved.

Download ppt "Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Class ID: BL01A - Java & Global Platform Applet Development."

Similar presentations

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
Java Card Technology Ch04: Java Card Object

Java Card Technology Ch04: Java Card Object
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc - 22.02.01 - page 1 Professional Toolkit 2.0.

Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc page 1 Professional Toolkit 2.0.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
Programming Smart Cards Rajnish Kumar Comp527.. Expect to learn Cardlet Development Installation Coke Machine Interface Implementation Basic Cryptography.

Programming Smart Cards Rajnish Kumar Comp527.. Expect to learn Cardlet Development Installation Coke Machine Interface Implementation Basic Cryptography.
ASU Real-Time Operating System. Supervised by: Dr. Mohammed Sobh.

ASU Real-Time Operating System. Supervised by: Dr. Mohammed Sobh.
Operating System Structure

Operating System Structure
Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.

Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.
Goals Give you a feeling of what Eclipse is.

Goals Give you a feeling of what Eclipse is.
J2ME 25 July 2002. Overview  What is J2ME?  The CLDC and CDC configurations  MIDP and MIDlets  Development Tools  Demonstrations.

J2ME 25 July Overview  What is J2ME?  The CLDC and CDC configurations  MIDP and MIDlets  Development Tools  Demonstrations.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
The road to reliable, autonomous distributed systems

The road to reliable, autonomous distributed systems
3: OS Structures 1 OPERATING SYSTEM STRUCTURES PROCESS MANAGEMENT A process is a program in execution: (A program is passive, a process active.) A process.

3: OS Structures 1 OPERATING SYSTEM STRUCTURES PROCESS MANAGEMENT A process is a program in execution: (A program is passive, a process active.) A process.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
Introduction to Kernel

Introduction to Kernel
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.

JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
V0.01 © 2009 Research In Motion Limited Introduction to Java Application Development for the BlackBerry Smartphone Trainer name Date.

V0.01 © 2009 Research In Motion Limited Introduction to Java Application Development for the BlackBerry Smartphone Trainer name Date.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Similar presentations

Ads by Google