A smart card is identical in size to a typical credit card and is tamper resistant. The smart card stores and processes information through the electronic circuits embedded in silicon in the plastic substrate of the card. There are two basic types of smart cards: memory and intelligent. A memory card stores data locally, but does not contain a CPU for performing computations on that data. An intelligent (smart) card includes a microprocessor and can perform calculations on locally-stored data.
The Application Programming Interface (API) for the Java Card technology defines the calling conventions by which an applet accesses the Java Card Runtime Environment and native services. The Java Card API allows applications written for one Java Card-enabled platform to run on any other Java Card-enabled platform.
The Java Card API is compatible with formal international standards, such as, ISO7816, and industry-specific standards, such as, Europay/Master Card/Visa (EMV).
Java Card technology preserves many of the benefits of the Java programming language - productivity, security, robustness, tools, and portability - while enabling Java technology for use on smart cards. The Virtual Machine (VM), the language definition, and the core packages have been made more compact and succinct to bring Java technology to the resource - constrained environment of smart cards.
Any off-the-shelf development tools for the Java programming language can be used to develop applets for the Java Card platform.
Many of the Java Card platform licensees have created development tools for the Java Card Application Environment. For example, some have simulations of the smart card environment to test and debug the applet written for the Java Card platform. Please refer to the Java Card technology website for details.
The Java Card technology is independent of the type of supporting hardware. The Java Card platform can run on contact and contactless devices.
The Java Card technology runs in a smart card or other small memory-constrained devices. The OpenCard Framework runs on the card terminal side or workstation and provides a developer with an API that communicates to the card reader. The OpenCard Framework abstracts the communication details from the application running on a card terminal or workstation. Both the Java Card technology and the OpenCard Framework are based on the Java technology. Refer to the OpenCard Framework website for more details.
Many Java Card platform licensees have announced product availability. The Java Card technology website includes a list of vendors and their contact information.
Q: Is Java Card technology as secure as standard smart card technology? I am quite interested in Java Card technology, but I wonder if this technology is less secure than standard smart card technology. For instance, I have heard that context switching (used in the sharing mechanism) is quite a dangerous operation. Is it true? Is there any other operation that might be dangerous?
Java Card technology defines a runtime environment on top of the hardware and the smart card native system. The Java Card runtime environment (JCRE) provides a high-level, standard interface to smart card applications. As a result, it is much easier to develop applications for a Java smart card.
It's a misconception to think that a Java smart card is less secure than a legacy smart card. On the contrary, Java Card technology provides a comprehensive security story. The security protection mechanisms in a Java Card system are addressed at every level, from the application development to runtime security enforcement.
First, the Java programming language is designed with security in mind. Java Card technology supports a subset of the Java programming language. Thus, a Java Card system inherits the security features built into the supported subset of the Java programming language.
Second, Java Card binary files can be verified to ensure the integrity and correctness of such files. This is important because files can be downloaded over an unsecured network. Java Card binary files can be cryptographically signed by a trusted third party. The digital signature of a binary file can be verified during on-card installation to further ensure the safety of the code.
Third, at runtime, the Java Card virtual machine 1 ensures applet isolation through the firewall mechanism. Recall that in the Java environment, security centers around the idea of a sandbox model. An applet can access resources within the sandbox, but not beyond it. The sandbox model maintains a degree of isolation among applets. In a Java Card system, the concept of a sandbox is implemented through the applet firewall mechanism. The firewall essentially assigns an object space, called a context, to each applet on the card. Data access within a context is allowed. But access to an applet in a different context is prohibited by the firewall. To support cooperative applications, applets from different contexts also need to share data. Java Card technology provides a number of secure sharing mechanisms. When a secure sharing mechanism is applied, the Java Card virtual machine enables access by performing a context switch. A context switch is not a casual action. Instead, it is securely controlled by the virtual machine.
Many thanks to JDC member Zhiqun Chen for contributing to this answer.