Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JavaCard 3 in real world?

I'm currently working on my diploma work. Part of the work includes development of JavaCard applet for regular SIM cards. First option is to use JavaCard2.X API and use APDU commands to communicate with the applet. This might be very tricky as I need to develop client-app for android (which will be communicate with this applet) and that is so far possible only trough special - not so user friendly - API called Seek-for-android. (if I'm wrong, please correct me)

However, I also came across JavaCard3 Connected Edition, which provides much more options - for example web applets. Using webapps, deployed on SIM card and accessing them through browser in mobile device would be very convenient (of course developing such applet would be much easier as well). Problem is, that I can't find any mentions of Javacard3 being used in real life, or even on real SIM cards. I can't even find any mentions of possible date of release of such cards. Actually, there is almost no information on this topic.

So, my question is - do you know anything useful about this platform? Anything about real-life usage? Which card supports Javacard3? Are there any developers smart-cards, which are "JC3 enabled"? Will there be SIM cards with this platform in the future?

Thanks a lot for answers!!!

like image 388
AGO Avatar asked Mar 03 '12 14:03

AGO


People also ask

Is Java Card still used?

Java Card technology is used in all smart card and secure device markets, including the most demanding in terms of security.

What is the use of Java Card?

Java Card enables smart cards and other tamper-resistant security chips to host applications that employ Java technology. It offers a secure, interoperable execution platform to store and update multiple applications on a resource-constrained device, with the highest certification and compatibility.

What is Java Card in mobile computing?

Java Card is a software technology that allows Java-based applications (applets) to be run securely on smart cards and more generally on similar secure small memory footprint deviceswhich are called “secure elements” (SE).

Is Java Card technology?

What is Java Card? Java Card is an industry-standard technology platform developed by Sun Microsystems (now Oracle) to enable Java-based applications - applets - to run on smart cards that support this standard. Java Card 3.1 is the latest version announced at the end of January 2019 by Oracle.


2 Answers

At JavaOne 2012 Moscow representatives of the JavaCard Oracle team demonstrated a prototype device with support for Java 3 Connected Edition based on Portable Security Token ES.

like image 73
javagnome Avatar answered Oct 22 '22 13:10

javagnome


It's 2018 when I am writing this and I think this question needs a new answer.

Java Card 3 Connected Edition is dead in the water. It requires a large amount of RAM, which is still expensive even in the latest editions of the chips. SRAM takes large amounts of memory, and high end chips often still contain 8-10KiB of RAM max.

Furthermore, it was generated with the idea that web-developers would easily connect with it. This doesn't seem to have happened and it is questionable if a security device should be programmed by web-devs at all.

The additional overhead of the TLS protocol adds a heavy overhead without apparent benefit. The TLS protocol also requires a weird connection with the browser / end user. The idea that you can enter a PIN or password on a chip generated web page certainly has failed.

The idea of adding hardware support for browsers in general has failed. Before there were Java applets running in the browser, and the browser largely depended on add-ons. This has all gone away and it is very unlikely to return.

So even if RAM (or FRAM, MRAM, XCross or whatever hybrid memory solution will exist) ever comes cheap on a secure smart card processor, it is unlikely that JC 3 Connected will again see the light of day. Meanwhile Java Card Classic is still going strong although it is far from sexy at the moment - the OTN forum on Java Card is as good as dead (although OTN and sexy themselves are so far apart that they might as well exist on different poles, I certainly prefer SO).

like image 44
Maarten Bodewes Avatar answered Oct 22 '22 14:10

Maarten Bodewes