Another tutorial on Java Card, hopefully with a personal touch about security and a few practical things.
Even without Java Card 3, there are many similarities between smart cards and web servers:
They both receive requests from unknown origin and process them.
They both manage potentially sensitive data that they need to protect.
Of course, the exact attacks are different. Cross-site scripting is not really a smart card threat, but the countermeasure (careful input validation) [...]
In the last tutorial entry, we have seen in theory how it is possible to add a password and to manage an application’s state. In the present entry, we will actually add support for a password in the application. This support will be provided using the OwnerPIN class, which goes beyond simple PIN codes, and [...]
We now have reached the point where we have a fully functional password manager, which is able to store login information. However, this application is not complete, since it does not include any protection of these sensitive assets. Anybody who is able to select the application and who knows the application’s protocol will be able [...]
In the previous tutorial entry, we have looked at APDU processing, with an initial focus on processing a first command with incoming data. We will here look at the next commands, focusing on the ones that return data.
In the last post, we have defined a specification for an APDU-based application. It is now time to implement this application, i.e., to start processing a few APDU’s. We’ll do that in the style that characterizes this tutorial, which is a mix of simple code with a few basic optimizations.
In our previous posts, we have written a class that is able to manage login information as password entries. This time, we will look at our application’s user interface. Well, user interface may be a bit overstated, since we will simply be defining a way to exchange information between the card and a terminal to [...]
The Java Card framework is very limited, and it does not include any container classes. A simple way to organize data is to use linked lists. This structure is very classical, so we will use this opportunity to discuss the way in which Java Card manages the atomicity of updates.
UPDATED (07/01/08): Fixed compilation bugs.
In this first installment, we will focus on the data structure that will contain the sensitive data, as well as the identifiers. We’ll first look at the basic design, and then we’ll consider the implementation.
The previous application, the counter, is interesting because we can make it evolve into some kind of an electronic purse, i.e., a real-life application. This is very nice, but the problem with this kind of real-life application (a payment application) is rather useless if you are not (at least) a bank.
I therefore decide to move [...]
UPDATED (05/05/07): Fixed some bugs in the code.
The Hello World program is a first program, but it doesn’t do anything interesting. The next step is to have a program that actually does something simple. We will here manage a simple counter with the following operations:
Get the balance of the counter.
Credit the counter (increase its value), [...]
vetilles.com is a personal website. The opinions expressed are not necessarily those of Trusted Labs, Trusted Logic, Gemalto,or the Java Card Forum.
