After a month of silence, just a quick post to restart the tutorial thing, about the two editions of Java Card 3.0.
As mentioned earlier, Java Card 2.x represents 5 billion cards today, and over a billion are issued each year. This represents a very significant part of the smart card business in volume, and an even larger part in value, because Java Card is typically included in high-end cards.
Not a single salesperson would take a chance to disturb such a significant market by forcing their customers to switch from a technology to a radically different one, which also happens to be more expensive. In fact, this is exactly what the smart card industry is doing, and the reason for these two editions: one of them caters to the existing smart card market, whereas the other one targets a future market of IP-connected smart cards and related devices.
The Classic Edition, as we can guess by its name, is a direct successor to the Java Card 2.2.2 specification. In practice, the changes are so small that its normal name (with the Java Card numbering rules) should have been Java Card 2.2.3. Nothing really new has been introduced.
The changes can be summarized in a few lines. Apart from fixing typos and small bugs, the Classic Edition only introduces support for a few new cryptographic algorithms (like RSA 4096), as well as slight improvements in which contactless transactions are handled, and improvements in the handling of the ISO7816-4/2005 specification.
Java Card 3.0 Classic cards therefore behave exactly like Java Card 2.x cards. They are based on the same 16-bit virtual machine, with the same restrictions (no threads, no garbage collection), the same very limited APIs, and the same single application model. They solely target APDU-based applications (contact or contactless), just like their predecessors.
Classic cards are also backward compatible with older cards, even at the binary level. There is no need to recompile your applications, and not even to reconvert them. Existing CAP files will run directly on Java Card 3.0 Classic cards, without modifying a single bit.
The objective is here to keep a product for the billion cards per year market that comes for Java Card 2, and that has a few more years of existence. Over the years, the proportion of Classic cards is expected to decrease, and eventually to become a platform for low-end cards.
The Connected Edition is the real Java Card 3.0, i.e., the really new specification, with a new virtual machine, a new application framework, and everything else.
The Connected Edition includes a 32-bit virtual machine, it can run multiple threads, it includes a much larger API, it includes real garbage collection, and many other things. As a consequence, it is much more complex than the Classic Edition, and it targets the most sophisticated chips available in 2009 (note that this situation is better than Java Card 2’s situation 10 years ago, for which no reasonable chip existed at the time).
In terms of applications, the Connected Edition introduces IP-based Web applications, a significant change from existing smart card applications, corresponding to the new uses of computing, in which the client often is a generic browser, which gathers information from a variety of information sources, a.k.a. servers. Connected Edition defines the way in which we can all have one (or many) personal servers that handle our personal and sensitive data.
Even with these major changes, Java Card 3.0 remains backward compatible with existing Java Card 2.x applications. However, this compatibility is only possible at the source code level. A Java Card 2.x application needs to be recompiled and packaged into a Connected Edition binary format (some kind of JAR file). After that, it will work correctly; the specification even allows it to interact (in a limited way) with new applications.
The Connected Edition does not target a well-defined market, as it includes a new application model, and includes specifications that do not correspond to any immediate market demand. For instance, Oberthur’s Gigantic Wuaow, which got a Sesames Award last year, is a big SIM card with a USB interface. The corresponding standard for phones exists, but not a single device is available at the beginning of 2009. The Connected Edition therefore remains a forward-looking technology, who stands significant chances to become a major component of tomorrow’s cards, but still needs to prove its worth.
Nevertheless, this tutorial on Java Card 3.0 will focus almost exclusively on the Connected Edition, which includes all the innovation in this new spec release.