Secure object sharing in java card
Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!
Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!
Similar Messages
-
JavaCard Secure Object Sharing
I'm facing problem on passing object as parameter between server and client applet. Does anybody know how to overcome the above problems?
If client applet and server applet belong to the same package,
they can "share" an object or array via a class variable (keyword: static)
because they belong to the same context.
Otherwise, using javacard.framework.Shareable you can provide
methods for transfering the data.
By the way, I don't think there are security issues using the global
APDU buffer.
JC 2.2.1, Chapter 6 Applet Isolation and Object Sharing, p. 33:
"Note � Because of the global status of the APDU buffer, the Application
Programming Interface for the Java Card� Platform, Version 2.2.1 specifies that this
buffer is cleared to zeroes whenever an applet is selected, before the Java Card RE
accepts a new APDU command. This is to prevent an applet�s potentially sensitive
data from being �leaked� to another applet via the global APDU buffer. The APDU
buffer can be accessed from a shared interface object context and is suitable for
passing data across different contexts. The applet is responsible for protecting
secret data that may be accessed from the APDU buffer."
How would you interpret this quote? -
Inter-applet object shareing concepts in java card
hi there.
what is a way of implimenting inter-applet object shareing in java card?
is there any shared area of JCRE for sharing some values among some applets in same java card?
thanks.hi, as i know, there are three approaches:
1: shareable interface;
2: entry point;
3: global array;
and if the applet has JCRE privilege, then it is overwhelming.
for details , please refer to the JCRE Specification. -
Please I am doing my final year project on secure mobile application using Java Card Technology.
I need to write and an application that can send SMS on a SIM card to another SIM card with the same application. The application will have a server side which manage the storage of messages and at the same time communicate information to the client on the SIM remotely. I am suppose to use wi-fi (TCP/IP) for transmission.
Can anybody please give me ideas and possible working codes and simulators.
I mean step by step procedure of how to start.
THANK YOU.Hi,
I found the following resources helpful when starting out in JavaCard.
JavaCard documentation:
Java Card Technology for Smart Cards: Architecture and Programmer's Guide (Book)
http://java.sun.com/docs/books/javacard/index.html
JavaCard specifications:
http://java.sun.com/products/javacard/specs.html
Global Platform specifications:
http://www.globalplatform.org/specificationview.asp?id=card
Communication between SmartCards and terminals is based on ISO 7816 part 3 and 4 so if you�re completely new to the SmartCard environment it may be helpful getting an overview regarding these specifications. Unfortunately these specifications are not free, they�re available from.
http://www.iso.org/iso/en/ISOOnline.frontpage
Software:
The basis for all development is the JavaCard and Java Development kits.
Java Development Kit
http://java.sun.com/j2se/1.4.2/download.html
JavaCard Development Kit
http://java.sun.com/products/javacard/dev_kit.html
Full installation instructions can be found in JCDevKit_User_Guide.pdf which is contained in the JavaCard Development Kit distribution.
Several companies provide IDE�s that will aid you in developing and deploying applets to JavaCard.
For example:
Aspects Developer
http://www.aspectssoftware.com/devtools/index.html
There are others out there as well. You may need to also buy physical sample cards; however, the IDE�s usually have simulators built in.
Hardware:
To interact with physical cards you�ll require a PCSC compatible card reader.
Omnikey
http://www.omnikey.com/
GemPlus
http://support.gemplus.com/gemdownload/readers/index.aspx
Hope this helps.
Cheers,
Alasdair -
Please I am doing my final year project on secure mobile application using Java Card Technology.
I need to write and an application that can send SMS on a SIM card to another SIM card with the same application. The application will have a server side which manage the storage of messages and at the same time communicate information to the client on the SIM remotely. I am suppose to use wi-fi (TCP/IP) for transmission.
Can anybody please give me ideas and possible working codes and simulators.
I mean step by step procedure of how to start.
THANK YOU.1. Good.
2. I suggest you start testing using the simulator, however if you want to test directly on the card at once, select your card reader using the /term command and use the commands as described in help to start sending APDUs to the card.
3. This is not a part of the JCOP tools for eclipse (which is developed by IBM and maintained by NXP), but part of the JavaCard development toolkit developed and maintained by Sun. See http://java.sun.com/products/javacard/dev_kit.html.
4. Read the above. None of this is part of JCOP tools for eclipse.
5. As far as I know, there is no independent newbie guide for JCOP tools, but I would check out the help function included in the tools themselves if I were you.
Good luck! -
UME security vs ABAP security object level
We installed Virsa Compliance Calibrator & Access Enforcer and trying to configure security in UME to control user access so that besides action level security, we need further restriction on for example, Functional Area, cost center & department access. Does UME have lower level authorization restriction capabilities similar to that of ABAP authorization object level security? If not, how can we utilize ABAP Virsa security objects to control JAVA front end access?
Your advice is much appreciated.
Thanks,I'm not aware of a way to limit requestor access (you can request anything visible); however, you can provide direction by populating an attribute field (i.e. company) with valid company values for each role. When a requestor searches for a role, if they filter by the appropriate company, they will only see valid roles for the request. I did, however, point the request authentification towards a 'fake LDAP'. This prevents individuals without specific UME credentials from submitting a request.
However, you can restrict approvers using a custom approver/determinator. In my case, I wanted to use a combination of "role" and "usergroup" to determine approver, rather than use one approver set for all requests. I have implemented and confirmed this works. The unfortunate side affect, is that you have to maintain a seperate file for this custom A/D (which you have to refer to /append for any request for role approver information). -
I am working on a project related to java card applet development. My project consists of 4 java classes which are used to store date of created objects, and a java card applet which contains method that enables me to de some kind of actions on the created objects, such as create a new object of a specified class or edited it and son on.
Now I have 2 classes done ; first one is called Odemeler which contains variables of type byte and the second one is called SadakatUygulamalar which contains variables.
Inside the class I have defined 2 arrays, one of type Odemeler and the other of type SadakatUygulamalar and I set their size to be 200. I have tried to create 100 object of kind Odemeler and to store them in the array
but the applet is able to store up to 92 object, at the other hand after creating those objects and storing them I am not able to store objects of type SadakatUygulamalar.
Is this problem related to the applet size or what ?? any help please
The applet code is here :
package sTez_1;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.Util;
public class TestApplet1 extends Applet {
private static Odeme[] odemeArray;
private static SadakatUygulamalar[] uygulamaArray;
private static short index = 00;
private static short index2 = 00;
private static byte[] result;
private static byte[] result2;
private static short res_index =00;
private static short res2_index =00;
private static short FirmaIDFlag = 0;
private static final byte ODEME_CLA = (byte) 0xB0;
private static final byte UYGULAMA_CLA = (byte) 0xA0;
private static final byte ODEME_INS_CREATE_PROFILE = (byte) 0x10;
private static final byte UYGULAMA_INS_CREATE_PROFILE = (byte) 0x20;
private static final byte ODEME_INS_GET_PROFILE = (byte) 0x30;
private static final byte ODEME_INS_LIST_SOME = (byte) 0x35;
private static final byte ODEME_INS_VIEW_PROFILE = (byte) 0x37;
private static final byte ODEME_INS_GET_PUAN_VIA_FIRMA = (byte) 0x38;
private static final byte ODEME_INS_GET_ALISVERIS_VIA_KAT = (byte) 0x39;
private static final byte UYGULAMA_INS_GET_PROFILE = (byte) 0x40;
private static final byte UYGULAMA_INS_LIST_ALL = (byte) 0x50;
private static final byte UYGULAMA_INS_UPDATE_ID = (byte) 0x60;
private static final byte UYGULAMA_INS_UPDATE_NAME = (byte) 0x80;
private static final byte UYGULAMA_INS_SEARCH = (byte) 0x90;
private static final byte SPLIT_PARTS = (byte) 0x2C;
private static final short CLA_ERROR = (short) 0x13;
private static final short INS_ERROR = (short) 0x14;
private static final short NO_SUCH_INDEX = (short) 0x15;
private static final short NO_DATA_FOUND = (short) 0x16;
private static final short FIRMA_ID_IN_USE = (short) 0x9C;
private static final short ODEME_ARRAY_FULL = (short) 0x18;
private TestApplet1() {
odemeArray = new Odeme[(short) 250];
uygulamaArray = new SadakatUygulamalar[(short) 200];
register();
public static void install(byte bArray[], short bOffset, byte bLength)
throws ISOException {
new TestApplet1();
public void process(APDU apdu) throws ISOException {
// TODO Auto-generated method stub
if (selectingApplet())
return;
byte[] buffer = apdu.getBuffer();
byte INS = (byte) (buffer[ISO7816.OFFSET_INS] & 0xFF);
switch (INS) {
case ODEME_INS_CREATE_PROFILE:
odemeCreateProfile(apdu);
break;
case UYGULAMA_INS_CREATE_PROFILE:
uygulamaCreateProfile(apdu);
break;
case ODEME_INS_GET_PROFILE:
odemeGetProfile(apdu);
break;
case ODEME_INS_LIST_SOME:
odemeListSome(apdu);
break;
case ODEME_INS_VIEW_PROFILE:
odemeViewProfile(apdu);
break;
case ODEME_INS_GET_PUAN_VIA_FIRMA:
odemeGetPuanByFirma(apdu);
break;
case ODEME_INS_GET_ALISVERIS_VIA_KAT:
odemeGetAlisverisByKat(apdu);
break;
case UYGULAMA_INS_GET_PROFILE:
uygulamaGetProfile(apdu);
break;
case UYGULAMA_INS_UPDATE_ID:
uygulamaUpdateID(apdu);
break;
case UYGULAMA_INS_UPDATE_NAME:
uygulamaUpdateName(apdu);
break;
case UYGULAMA_INS_LIST_ALL:
uygulamaListAll(apdu);
break;
case UYGULAMA_INS_SEARCH:
uygulamaSearch(apdu);
break;
default:
ISOException.throwIt(INS_ERROR);
public void odemeCreateProfile(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
JCSystem.beginTransaction();
short fieldIndex = 0;
short field1counter = 0;
short field2counter = 0;
short field3counter = 0;
short field4counter = 0;
short field5counter = 0;
short field6counter = 0;
short field7counter = 0;
short field8counter = 0;
short field9counter = 0;
short field10counter = 0;
short field11counter = 0;
short field12counter = 0;
short field13counter = 0;
short field14counter = 0;
for (short i = 0; i < lc; i++) {
fieldIndex++;
field1counter++;
if (buffer[(short) (5 + i)] == SPLIT_PARTS)
i = lc;
for (short j = fieldIndex; j < lc; j++) {
fieldIndex++;
field2counter++;
if (buffer[(short) (5 + j)] == SPLIT_PARTS)
j = lc;
for (short k = fieldIndex; k < lc; k++) {
fieldIndex++;
field3counter++;
if (buffer[(short) (5 + k)] == SPLIT_PARTS)
k = lc;
for (short h = fieldIndex; h < lc; h++) {
fieldIndex++;
field4counter++;
if (buffer[(short) (5 + h)] == SPLIT_PARTS)
h = lc;
for (short u = fieldIndex; u < lc; u++) {
fieldIndex++;
field5counter++;
if (buffer[(short) (5 + u)] == SPLIT_PARTS)
u = lc;
for (short u1 = fieldIndex; u1 < lc; u1++) {
fieldIndex++;
field6counter++;
if (buffer[(short) (5 + u1)] == SPLIT_PARTS)
u1 = lc;
for (short u2 = fieldIndex; u2 < lc; u2++) {
fieldIndex++;
field7counter++;
if (buffer[(short) (5 + u2)] == SPLIT_PARTS)
u2 = lc;
for (short u3 = fieldIndex; u3 < lc; u3++) {
fieldIndex++;
field8counter++;
if (buffer[(short) (5 + u3)] == SPLIT_PARTS)
u3 = lc;
for (short u4 = fieldIndex; u4 < lc; u4++) {
fieldIndex++;
field9counter++;
if (buffer[(short) (5 + u4)] == SPLIT_PARTS)
u4 = lc;
for (short u5 = fieldIndex; u5 < lc; u5++) {
fieldIndex++;
field10counter++;
if (buffer[(short) (5 + u5)] == SPLIT_PARTS)
u5 = lc;
for (short u6 = fieldIndex; u6 < lc; u6++) {
fieldIndex++;
field11counter++;
if (buffer[(short) (5 + u6)] == SPLIT_PARTS)
u6 = lc;
for (short u7 = fieldIndex; u7 < lc; u7++) {
fieldIndex++;
field12counter++;
if (buffer[(short) (5 + u7)] == SPLIT_PARTS)
u7 = lc;
for (short u8 = fieldIndex; u8 < lc; u8++) {
fieldIndex++;
field13counter++;
if (buffer[(short) (5 + u8)] == SPLIT_PARTS)
u8 = lc;
for (short u9 = fieldIndex; u9 < lc; u9++) {
fieldIndex++;
field14counter++;
if (buffer[(short) (5 + u9)] == SPLIT_PARTS)
u9 = lc;
short cc = 5;
byte[] _id = new byte[field1counter];
for (short i1 = 0; i1 < (short) _id.length; i1++)
_id[i1] = buffer[(short) (cc + i1)];
cc = (short)(cc + field1counter);
byte[] _tarih = new byte[field2counter];
for (short j1 = 0; j1 < (short) _tarih.length; j1++)
_tarih[j1] = buffer[(short) (cc + j1)];
cc = (short)(cc + field2counter);
byte[] _saat = new byte[field3counter];
for (short j2 = 0; j2 < (short) _saat.length; j2++)
_saat[j2] = buffer[(short) (cc + j2)];
cc = (short)(cc + field3counter);
byte[] _firma = new byte[field4counter];
for (short j3 = 0; j3 < (short) _firma.length; j3++)
_firma[j3] = buffer[(short) (cc + j3)];
cc = (short)(cc + field4counter);
byte[] _kategori = new byte[field5counter];
for (short j4 = 0; j4 < (short) _kategori.length; j4++)
_kategori[j4] = buffer[(short) (cc + j4)];
cc = (short)(cc + field5counter);
byte[] _tutar = new byte[field6counter];
for (short j5 = 0; j5 < (short) _tutar.length; j5++)
_tutar[j5] = buffer[(short) (cc + j5)];
cc = (short)(cc + field6counter);
byte[] _birim = new byte[field7counter];
for (short j6 = 0; j6 < (short) _birim.length; j6++)
_birim[j6] = buffer[(short) (cc + j6)];
cc = (short)(cc + field7counter);
byte[] _ulke = new byte[field8counter];
for (short j7 = 0; j7 < (short) _ulke.length; j7++)
_ulke[j7] = buffer[(short) (cc + j7)];
cc = (short)(cc + field8counter);
byte[] _sehir = new byte[field9counter];
for (short j8 = 0; j8 < (short) _sehir.length; j8++)
_sehir[j8] = buffer[(short) (cc + j8)];
cc = (short)(cc + field9counter);
byte[] _ilce = new byte[field10counter];
for (short j9 = 0; j9 < (short) _ilce.length; j9++)
_ilce[j9] = buffer[(short) (cc + j9)];
cc = (short)(cc + field10counter);
byte[] _aid = new byte[field11counter];
for (short j10 = 0; j10 < (short) _aid.length; j10++)
_aid[j10] = buffer[(short) (cc + j10)];
cc = (short)(cc + field11counter);
byte[] _banka = new byte[field12counter];
for (short j11 = 0; j11 < (short) _banka.length; j11++)
_banka[j11] = buffer[(short) (cc + j11)];
cc = (short)(cc + field12counter);
byte[] _taksit = new byte[field13counter];
for (short j12 = 0; j12 < (short) _taksit.length; j12++)
_taksit[j12] = buffer[(short) (cc + j12)];
cc = (short)(cc + field13counter);
byte[] _puan = new byte[field14counter];
for (short j13 = 0; j13 < (short) _puan.length; j13++)
_puan[j13] = buffer[(short) (cc + j13)];
cc = (short)(cc + field3counter);
Odeme m = new Odeme(_id, _tarih, _saat, _firma, _kategori, _tutar, _birim, _ulke, _sehir, _ilce, _aid, _banka, _taksit, _puan);
if(index2 >= (short)odemeArray.length)
ISOException.throwIt(ODEME_ARRAY_FULL);
odemeArray[index2] = m;
index2++;
JCSystem.commitTransaction();
buffer[0] = (byte)index2;
apdu.setOutgoingAndSend((short) 0, (short) 1);
public void odemeGetProfile(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
byte[] sent_id = new byte[lc];
for (short i5 = 0; i5 < lc; i5++)
sent_id[i5] = buffer[(short) (5 + i5)];
for (short h = 0; h < index2; h++) {
Odeme m = odemeArray[h];
byte[] _id = m.getID();
if (equals(sent_id, _id)) {
byte[] banka = m.getBanka();
byte[] sehir = m.getSehir();
byte[] firma = m.getFirma();
short counter = 0;
for (short i = 0; i < (short) banka.length; i++)
buffer[i] = banka;
counter = (short) banka.length;
for (short j = 0; j < (short) sehir.length; j++)
buffer[(short) (counter + j)] = sehir[j];
counter = (short) (counter + sehir.length);
for (short j = 0; j < (short) firma.length; j++)
buffer[(short) (counter + j)] = firma[j];
counter = (short) (counter + firma.length);
apdu.setOutgoingAndSend((short) 0, counter);
public void odemeGetPuanByFirma(APDU apdu)
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
byte[] puan = null;
byte[] res = new byte[200];
byte[] fname = new byte[lc];
for(short t = 0; t < lc; t++)
fname[t] = buffer[(short)(t + 5)];
short counter = 0;
for(short z = 0; z < index2 ; z++)
Odeme m = odemeArray[z];
byte[] _name = m.getFirma();
if (equals(fname, _name)) {
puan = m.getKazanilanpuan();
Util.arrayCopy(puan, (short)0, res, counter, (short)puan.length);
counter = (short)(counter + puan.length);
res[counter] = (byte)0x7C;
counter++;
Util.arrayCopy(res, (short)0, buffer, (short)0, (short)counter);
apdu.setOutgoingAndSend((short)0, (short)counter);
public void odemeGetAlisverisByKat(APDU apdu)
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
byte[] alisveris = null;
byte[] res = new byte[200];
byte[] kat = new byte[lc];
for(short t = 0; t < lc; t++)
kat[t] = buffer[(short)(t + 5)];
short counter = 0;
for(short z = 0; z < index2 ; z++)
Odeme m = odemeArray[z];
byte[] _kategori = m.getKategori();
if (equals(kat, _kategori)) {
alisveris = m.getTutar();
Util.arrayCopy(alisveris, (short)0, res, counter, (short)alisveris.length);
counter = (short)(counter + alisveris.length);
res[counter] = (byte)0x7C;
counter++;
Util.arrayCopy(res, (short)0, buffer, (short)0, (short)counter);
apdu.setOutgoingAndSend((short)0, (short)counter);
public void odemeListSome(APDU apdu)
byte[] buffer = apdu.getBuffer();
result2 = new byte[(short) 200];
byte[] id = null, sehir = null, _banka = null;
if(index2 == 0)
ISOException.throwIt(NO_DATA_FOUND);
for(short r = 0; r < index2; r++)
Odeme m = odemeArray[r];
_id = m.getID();
_sehir = m.getSehir();
_banka = m.getBanka();
copyData2(_id, sehir, banka);
Util.arrayCopy(result2, (short)0, buffer, (short)0, res2_index);
result2 = null;
short len = res2_index;
res2_index = 00;
apdu.setOutgoingAndSend((short)0, len);
public void odemeViewProfile(APDU apdu)
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
byte[] id = new byte[lc];
for (short j3 = 0; j3 < lc; j3++)
id[j3] = buffer[(short) (5 + j3)];
for (short h = 0; h < index2; h++) {
Odeme m = odemeArray[h];
byte[] H_id = m.getID();
if (equals(id, H_id)) {
byte[] tarih = m.getTarih();
byte[] saat = m.getSaat();
byte[] firma = m.getFirma();
byte[] kategori = m.getKategori();
byte[] tutar = m.getTutar();
byte[] birim = m.getParabirimi();
byte[] ulke = m.getUlke();
byte[] sehir = m.getSehir();
byte[] ilce = m.getIlce();
byte[] aid = m.getAID();
byte[] banka = m.getBanka();
byte[] taksit = m.getTaksitsayisi();
byte[] puan = m.getKazanilanpuan();
short counter1 = 0;
Util.arrayCopy(tarih, (short)0, buffer, (short)0, (short)tarih.length);
counter1 = (short)(counter1 + tarih.length);
Util.arrayCopy(saat, (short)0, buffer, counter1, (short)saat.length);
counter1 = (short)(counter1 + saat.length);
Util.arrayCopy(firma, (short)0, buffer, counter1, (short)firma.length);
counter1 = (short)(counter1 + firma.length);
Util.arrayCopy(kategori, (short)0, buffer, counter1, (short)kategori.length);
counter1 = (short)(counter1 + kategori.length);
Util.arrayCopy(tutar, (short)0, buffer, counter1, (short)tutar.length);
counter1 = (short)(counter1 + tutar.length);
Util.arrayCopy(birim, (short)0, buffer, counter1, (short)birim.length);
counter1 = (short)(counter1 + birim.length);
Util.arrayCopy(ulke, (short)0, buffer, counter1, (short)ulke.length);
counter1 = (short)(counter1 + ulke.length);
Util.arrayCopy(sehir, (short)0, buffer, counter1, (short)sehir.length);
counter1 = (short)(counter1 + sehir.length);
Util.arrayCopy(ilce, (short)0, buffer, counter1, (short)ilce.length);
counter1 = (short)(counter1 + ilce.length);
Util.arrayCopy(aid, (short)0, buffer, counter1, (short)aid.length);
counter1 = (short)(counter1 + aid.length);
Util.arrayCopy(banka, (short)0, buffer, counter1, (short)banka.length);
counter1 = (short)(counter1 + banka.length);
Util.arrayCopy(taksit, (short)0, buffer, counter1, (short)taksit.length);
counter1 = (short)(counter1 + taksit.length);
Util.arrayCopy(puan, (short)0, buffer, counter1, (short)puan.length);
counter1 = (short)(counter1 + puan.length);
apdu.setOutgoingAndSend((short) 0, counter1);
public void uygulamaCreateProfile(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
// JCSystem.beginTransaction();
JCSystem.beginTransaction();
short fieldIndex = 0;
short field1counter = 0;
short field2counter = 0;
short field3counter = 0;
// byte test;
for (short i = 0; i < lc; i++) {
fieldIndex++;
field1counter++;
if (buffer[(short) (5 + i)] == SPLIT_PARTS)
i = lc;
for (short j = fieldIndex; j < lc; j++) {
fieldIndex++;
field2counter++;
if (buffer[(short) (5 + j)] == SPLIT_PARTS)
j = lc;
for (short k = fieldIndex; k < lc; k++) {
fieldIndex++;
field3counter++;
if (buffer[(short) (5 + k)] == SPLIT_PARTS)
k = lc;
byte[] uygulama_id = new byte[field1counter];
for (short i1 = 0; i1 < (short) uygulama_id.length; i1++)
uygulama_id[i1] = buffer[(short) (5 + i1)];
byte[] firma_id = new byte[field2counter];
for (short j1 = 0; j1 < (short) firma_id.length; j1++)
firma_id[j1] = buffer[(short) (5 + field1counter + j1)];
getFirmaIDFlag(firma_id);
if(FirmaIDFlag == 1)
ISOException.throwIt(FIRMA_ID_IN_USE);
byte[] firma_ismi = new byte[field3counter];
for (short j2 = 0; j2 < (short) firma_ismi.length; j2++)
firma_ismi[j2] = buffer[(short) (5 + field1counter + field2counter + j2)];
SadakatUygulamalar su = new SadakatUygulamalar(uygulama_id, firma_id,
firma_ismi);
uygulamaArray[index] = su;
index++;
JCSystem.commitTransaction();
buffer[0] = (byte) index;
apdu.setOutgoingAndSend((short) 0, (short) 1);
public void uygulamaGetProfile(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short p1 = (short) (buffer[ISO7816.OFFSET_P1]);
if (p1 >= index)
ISOException.throwIt(NO_SUCH_INDEX);
SadakatUygulamalar su = uygulamaArray[p1];
byte[] uygulama_id = su.getUygulama_id();
byte[] firma_id = su.getFirma_id();
byte[] firma_ismi = su.getFirma_ismi();
short counter = 0;
for (short i = 0; i < (short) uygulama_id.length; i++)
buffer[i] = uygulama_id[i];
counter = (short) uygulama_id.length;
for (short j = 0; j < (short) firma_id.length; j++)
buffer[(short) (counter + j)] = firma_id[j];
counter = (short) (counter + firma_id.length);
for (short j = 0; j < (short) firma_ismi.length; j++)
buffer[(short) (counter + j)] = firma_ismi[j];
counter = (short) (counter + firma_ismi.length);
apdu.setOutgoingAndSend((short) 0, counter);
public void uygulamaUpdateID(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short p1 = (short) (buffer[ISO7816.OFFSET_P1]);
if (p1 >= index)
ISOException.throwIt(NO_SUCH_INDEX);
JCSystem.beginTransaction();
short lc = (short) buffer[ISO7816.OFFSET_LC];
SadakatUygulamalar su = uygulamaArray[p1];
byte[] newFirmaID = new byte[lc];
for (short i = 0; i < lc; i++)
newFirmaID[i] = buffer[(short) (5 + i)];
su.setFirma_id(newFirmaID);
JCSystem.commitTransaction();
byte[] currentFirmaID = su.getFirma_id();
for (short k = 0; k < (short) currentFirmaID.length; k++)
buffer[k] = currentFirmaID[k];
apdu.setOutgoingAndSend((short) 0, (short) currentFirmaID.length);
public void uygulamaUpdateName(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short p1 = (short) (buffer[ISO7816.OFFSET_P1]);
if (p1 >= index)
ISOException.throwIt(NO_SUCH_INDEX);
JCSystem.beginTransaction();
short lc = (short) buffer[ISO7816.OFFSET_LC];
SadakatUygulamalar su = uygulamaArray[p1];
byte[] newFirmaName = new byte[lc];
for (short i = 0; i < lc; i++)
newFirmaName[i] = buffer[(short) (5 + i)];
su.setFirma_ismi(newFirmaName);
JCSystem.commitTransaction();
byte[] currentFirmaName = su.getFirma_ismi();
for (short k = 0; k < (short) currentFirmaName.length; k++)
buffer[k] = currentFirmaName[k];
apdu.setOutgoingAndSend((short) 0, (short) currentFirmaName.length);
public static boolean equals(byte[] b1, byte[] b2) {
if (b1 == null && b2 == null) {
return true;
if (b1 == null || b2 == null) {
return false;
if ((short) b1.length != (short) b2.length) {
return false;
for (short i = 0; i < (short) b1.length; i++) {
if (b1[i] != b2[i]) {
return false;
return true;
public void uygulamaSearch(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short lc = (short) buffer[ISO7816.OFFSET_LC];
byte[] f_id = new byte[lc];
for (short i3 = 0; i3 < lc; i3++)
f_id[i3] = buffer[(short) (5 + i3)];
for (short h = 0; h < index; h++) {
SadakatUygulamalar su = uygulamaArray[h];
byte[] H_Firma_id = su.getFirma_id();
if (equals(f_id, H_Firma_id)) {
byte[] H_Uygulama_id = su.getUygulama_id();
byte[] H_Firma_ismi = su.getFirma_ismi();
short counter1 = 0;
for (short k1 = 0; k1 < (short) H_Uygulama_id.length; k1++)
buffer[k1] = H_Uygulama_id[k1];
counter1 = (short) H_Uygulama_id.length;
for (short j2 = 0; j2 < (short) H_Firma_ismi.length; j2++)
buffer[(short) (counter1 + j2)] = H_Firma_ismi[j2];
counter1 = (short) (counter1 + H_Firma_ismi.length);
apdu.setOutgoingAndSend((short) 0, counter1);
public void uygulamaListAll(APDU apdu)
byte[] buffer = apdu.getBuffer();
result = new byte[(short) 200];
byte[] u_id = null, f_id = null, f_isim = null;
for(short r = 0; r < index; r++)
SadakatUygulamalar su = uygulamaArray[r];
u_id = su.getUygulama_id();
f_id = su.getFirma_id();
f_isim = su.getFirma_ismi();
copyData(u_id, f_id, f_isim);
Util.arrayCopy(result, (short)0, buffer, (short)0, res_index);
result = null;
short len = res_index;
res_index = 00;
apdu.setOutgoingAndSend((short)0, len);
public void copyData(byte[] u_id, byte[] f_id, byte[] f_isim)
Util.arrayCopy(u_id, (short)0, result, res_index, (short)u_id.length);
res_index = (short)(res_index + u_id.length);
Util.arrayCopy(f_id, (short)0, result, res_index, (short)f_id.length);
res_index = (short)(res_index + f_id.length);
Util.arrayCopy(f_isim, (short)0, result, res_index, (short)f_isim.length);
res_index = (short)(res_index + f_isim.length);
result[res_index] = (byte)0x7C;
res_index = (short)(res_index + 1);
public void copyData2(byte[] id, byte[] sehir, byte[] _banka)
Util.arrayCopy(_id, (short)0, result2, res2_index, (short)_id.length);
res2_index = (short)(res2_index + _id.length);
Util.arrayCopy(_banka, (short)0, result2, res2_index, (short)_sehir.length);
res2_index = (short)(res2_index + _sehir.length);
Util.arrayCopy(_banka, (short)0,result2, res2_index, (short)_banka.length);
res2_index = (short)(res2_index + _banka.length);
result2[res2_index] = (byte)0x7C;
res2_index = (short)(res2_index + 1);
public void getFirmaIDFlag(byte[] f_id)
for(short g = 0; g < index; g++)
SadakatUygulamalar su = uygulamaArray[g];
byte[] firma_no = su.getFirma_id();
if(equals(f_id, firma_no))
FirmaIDFlag = 1;
Again, could you rewrite the createOdemeProfie() method code using TLV ??I guess you are referring to<tt> odemeCreateProfile </tt>in the original applet.
I could* rewrite it in a cleaner way. But
- Why should I* do that?
- You did not give the spec of the applet and its APDU, and I'd hate to write code without specs, instead having to rely on the assumption that the original code is valid, which is dubious. For a tiny example, how could one guess if<tt> short lc = (short) buffer[ISO7816.OFFSET_LC]; </tt>is correct, or if rather the canonical<tt> short lc = (short)(buffer[ISO7816.OFFSET_LC]&0xFF); </tt>is required (that is, if the incoming data can exceed 127 bytes)?
- the original sin lies in the design of new<tt> Odeme(_id, tarih, saat, firma, kategori, tutar, birim, ulke, sehir, ilce, aid, banka, taksit, _puan) </tt>needing so many explicit parameters.
Without fixing the very definition of<tt> Odeme </tt>, the code will remain ugly. One possible design would be to have a method to set a field designated by its tag, and another to get the value of a field designated by its tag. Another design would be a method to set any number of fields passed as an array of bytes containing a concatenation of TLVs, and another to get any number of fields designated by an array of tag bytes, as an array of bytes containing a concatenation of the TLVs.
Again, you* want to generalize what the code does until the nature of the data items manipulated never appear in a method or variable name, except as the name of a finalstatic variable (that is, as a constant), at least in utility methods like<tt> odemeCreateProfile </tt>, and in the constructor and accessors of <tt> Odeme </tt>. Think of it a building a tiny database engine, then using it. Of course when performing actual computation as opposed to mere data storage, it helps to name the variables, e.g. when adding a traveled distance to an odometer, or computing a cost from this or that per some formula (but beware that in Java Card, especially on platforms without<tt> int </tt>, straight formulas are seldom the right way to perform any but the simplest computations required in a real application).
Edited by: fgrieu on Feb 8, 2013 11:46 AM -
Please I am doing my final year project on secure mobile application using Java Card Technology.
I need to write and an application that can send SMS on a SIM card to another SIM card with the same application. The application will have a server side which manage the storage of messages and at the same time communicate information to the client on the SIM remotely. I am suppose to use wi-fi (TCP/IP) for transmission.
Can anybody please give me ideas and possible working codes and simulators.
I mean step by step procedure of how to start.
THANK YOU.Dear Friend,
I would recomend you to start with learning 3GPP TS 43.019. Please surf the internet and download it. There you can also find a sample applet using SIM API.
For a simulator you can download JavaCard Development Suite from Gemalto web site.
Yours
Dmitri -
Hi ,
According to the visa Open platform architecture, each Java card applet is associated with a Security domain.
I am using GemXpressoRAD211 toolkit for developing Java Card applets.
In the Gemxpresso211IS card, the default security domain is the Card Manager, whose AID is A0 00 00 00 03 00 00 . It is basically the card issuer security domain.
When I install an applet to the card , the Card Manager is assumed to be the associated security domain .
My questions are....
1.
How can I associate my applet to application provider security domain rather than the card issuer security domain? Form where Do I get this security domain ? Do I need to write my own security domain, or some body else provide it ?there's a card issuer, with its ISD
then there's another company who wants to have ability to install/remove some applets on this card
we create another SD for this company and "delegate" some limited capabilities to manage the contents of the card
read about the delegated managament in GP
regards
Kuba -
Security in each byte of Java card's EEPROM
as i undrestand until now in my applet I define a variable and store data in that variable,
Is it a way to know where these data are stored, I mean I wanna define the memory address of that data by myself,
caz my card application is multi-app, and maybe in future I want to let someone else load his/her applet in that card beside my applets to do other application
but from know I wanna think of security that in future let that person to have the memory address from i.e 0x01 up to 0x05
and have no right to read or write in other memory bytes
and also each part of memory address should have a security code for authentication...
what's your idea about this post and what do u sudggest?
Regards
HanaI'm sorry for my ignorance, but i think that you do not want to mess around with the Card Issuer Keys unless you are the Card Issuer which does not seems like the case.
I think that you want to use the Secure Channel Protocol inside your own applet(which is what i want to do also) and use your own issued keys.
Why? Because in a real situation you will not want that your Java Card stuck with only one App, you want it to have as many as the user wants to. For that to happen, the card issuer keeps a keyset to load&install applets, but, when the applet is installed you want to maintain your privacy from the card issuer(and everyone else), so you will need an extra keyset for your own Secure Channel Protocol.
What i'm saying is that:
When you enter the Cards Security Domain, you need the cards security domain keys.
When you select your applet, all your comunications become "plain-text" and you will not have any transaction security.
I would like to know how to open this SCP channel from my app, but unfortunatelly i cannot help you any further.
Edited by: rochajoel on Aug 31, 2009 9:48 AM -
Store array of objects in Java Card 2.2.1 platform
Hi all,
I am new to smart card development and developing a demo e-wallet application using Java Card 2.2.1 SDK. I'd like to store last 10 transactions in card and create getter-setter methods. The structure of Transaction that i thought as follow:
public class Transaction {
private byte type; // + or -
private short amount;
private byte[] date;
[Date format: "yyyy-MM-dd HH:mm:ss"]And transactionList:
public class TransactionList {
protected short currentIndex = (short) -1;
protected Transaction [] list = new Transaction [10];
}In my desktop application i have already called card's selectApplication(); / getBalance(); / setBalance(); / getWalletId(); / setWalletId(); methods. I need to create a method [getLastTransactions] in card project and call it from my desktop application.
<font size="2">How should I set up a structure for this issue?</font>First of all don't allocate memory other than the constructor.
As you know you cannot return an object as a response from a java card so what you will get is just bytes of data. So create a byte[] of size equal to LAST_10_TRANSTION_SIZE and then by TLV store data into that array and upon receiving on host side decode it using the TLV. -
Java card confusing Issues!!!!!!! java card architecture, advantage!!!!!
QUESTION -1
As I know about architecture of any application is -
//normal java software java card java card
// 1 2 3
1- application program host application host application
2- JVM Applets Applets
3- operating system JCRE(which contain all classes, JVM ....) JCRE(act as a O.S too)
4 hardware Operating system H/W
5 hardwareWhat do u think- case 2 is right? or 3 is!!!!!!!!!!!
I think - case 3 is right!!!!
As i study from several sources , JCRE is complete package - it behaves as a operation system and use the functionality of component it contain. I also think if i will purchase a java card from any vendor , it would have JCRE inside it (means everthing inside it,), i only need to develop the applet according to my requirement and install it by on card installer program
QUESTION 2- what is the advantage of java card.?
// I think.
as i read out , i got the line that it is platform independent and support multiple application. applicaton point of
view , I am agree but how it is platfrom independent. if we use java card for smart card development, then
i will purchase Java card from differnt vendor , all will provide me card with supported jcre inside it, so why
this is advantage here?
// in case of window based application , it really make sense because if i will make any window application with java
// i can run it in windows , linux , unix and most of os flavours, here i can see the beauty of java language.
Clear me this and add some other java card advantages, which make java card goodquestion 3-
Now I am capaple to make simple applets, so I want to check the entire java card process atleast once before
going in deep of something, I am thinking to implement prepaid card concept , i made it applet for it ,it will
contain a page with 2 text box ( 1- for recharge 2- for money deduction ) and two button , with button click i
want to select the applet and want to pass the apdu.
( a) how i can make host window application ? (i think awt will work for me? , *
i never make any java window application yet) *
( b) still i dont have any java card , i want to make it by using simulator, is it possible?
(c) in this scenario what framework i need to study Ex. Import javacard.framework.* for making
applet or from where i need to start.Regards:
rohit pathak
Edited by: rohit pathak on Feb 9, 2012 10:10 PMHi,
QUESTION -1
As I know about architecture of any application is -
//normal java software java card java card
// 1 2 3
1- application program host application host application
2- JVM Applets Applets
3- operating system JCRE(which contain all classes, JVM ....) JCRE(act as a O.S too)
4 hardware Operating system H/W
5 hardwareWhat do u think- case 2 is right? or 3 is!!!!!!!!!!! If you are using Java Card then JCRE+JVM = OS and if you put this on ein package 3 then 3 is correct according to me.
As i study from several sources , JCRE is complete package - it behaves as a operation system and use the functionality of component it contain. I also think if i will purchase a java card from any vendor , it would have JCRE inside it (means everthing inside it,), i only need to develop the applet according to my requirement and install it by on card installer program Actually it depends. There can be following models in this regards:
1. Buy a empty smart card, Install your own OS and then write your applets for it.
2. As you said, Buy a card with preloaded OS and then write applets for it.
QUESTION 2- what is the advantage of java card.?
* Interoperable: Applets developed with Java Card technology will run on any Java Card technology-enabled smart card, independently of the card vendor and underlying hardware.
* Secure: Java Card technology relies on the inherent security of the Java programming language to provide a secure execution environment. Designed through an open process, the platform's proven industry deployments and security evaluations ensure that card issuers benefit from the most capable and secure technology available today.
* Multi-Application-Capable: Java Card technology enables multiple applications to co-exist securely on a single smart card.
* Dynamic: New applications can be installed securely after a card has been issued, enabling card issuers to respond to their customer's changing needs dynamically.
* Compatible with Existing Standards: The Java Card API is compatible with international standards for smart cards such as ISO7816, or EMV. Major industry-specific standards such as Global Platform and ETSI refer to it.
* Developers creating Java Card applications enjoy all the advantages of working in the Java programming language:
Object-oriented programming yields greater code modularity and reusability, leading to higher programmer productivity.
Protection features characteristic of the Java programming language apply to Java Card applets, enforcing strong typing and protection attributes.
Powerful off-the-shelf development tools are readily available.
source: http://java.sun.com/javacard/overview.jsp
And also, in case of SIM card if you are using java card then RAM is possible and native cards don't have this ability.
question 3
Now I am capaple to make simple applets, so I want to check the entire java card process atleast once before
going in deep of something, I am thinking to implement prepaid card concept , i made it applet for it ,it will
contain a page with 2 text box ( 1- for recharge 2- for money deduction ) and two button , with button click i
want to select the applet and want to pass the apdu.
( a) how i can make host window application ? (i think awt will work for me? , *You can use swing for this to make interface and use smartcardIO http://docs.oracle.com/javase/6/docs/jre/api/security/smartcardio/spec/javax/smartcardio/package-summary.html for sending APDUs.
i never make any java window application yet) * It is easy you can look here and start: http://www.roseindia.net/java/example/java/swing/
( b) still i dont have any java card , i want to make it by using simulator, is it possible?Actually, smartcardIO will only interact with actuall card and for simulator you will have to use console for sending APDUs.
(c) in this scenario what framework i need to study Ex. Import javacard.framework.* for making
applet or from where i need to start.For your current case it is enough and for host app you should study smartcardio as i mentioned above.
Hope it helps.
Regards
Umer -
A Problem About Object Sharing
Hello Dear All,
For a java card project, there will be two applets on a card. I am developing the first applet and my friend is developing the second applet. The second applet must call a function from the first applet, so, I have created a shareable interface and what needed else. As I know, my friend must import my package to use the interface to call the function from my applet. The problem is, I can not give my applet's codes to him. How can we solve this problem, how can he import my package without my .java files. I use Eclipse and JCOP tools.
Thanks in Advance,
Best RegardsWhat you need to give is the INTERFACE file, not the full source. It should only contain declarations. Your colleague will add this interface to his project and compile it using only the interface declarations, not the source . This is the magic of POO.
You also have to give the "exp" file generated by the conversion of your package.
Regards
Sebastien
PS: example
you are writing company.packageA.
he is writing company.packageB.
put the interface in company.packageA and give him the company.packageA.sharedInterface you've written.
and remember that the only RAM object you can give to a shared interface routine is the apdu buffer. Transient objects are not shareable, and are cleared when the interface routine is called. -
External Authentication with Java Card through HSM
Hi All,
How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.Hi,
Megaa1207 wrote:
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
Cheers,
Shane -
Refresh security from Shared Services fails - System11
Hi All,
WHen refreshing the Essbase security from Shared Services in System 11 we get the following error:
Error 1051522: Essbase failed to get group's member tree with Error [CSS Error: Unknown error: Could not get exception message from exception object]
We see the same error in the Essbase log.
In the Shared Service Security CLient.log we get the following warnings:
2009-03-03 16:12:58,294 WARN [Thread-108] CSS dll either not found in java.library.path or can't be loaded[Root Cause: D:\Hyperion\common\CSS\9.5.0.0\bin\css-9_5_0.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform ] com.hyperion.css.spi.impl.ntlm.NTLMTrustedDomain.<clinit>(Unknown Source)
2009-03-03 16:12:58,294 WARN [Thread-108] Error initializing trusted domains or the workstation name.[Root Cause: getNtTrustedDomains ] com.hyperion.css.spi.impl.ntlm.NTLMTrustedDomain.<clinit>(Unknown Source)
Has anyone come across this?
Thanks for your help.
SebHi Seb,
I take it you are using NTLM as your external authentication.
The error message means that it can't see css-9_5_0.dll in the path, if you are on windows make sure the path contains <drive>:\Hyperion\common\CSS\9.5.0.0\bin\
If it doesn't update the environment variables, not sure if you need to reboot it may pick it up straight away, you can check by going to a command prompt and running echo %path%
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
This is driving me crazy. I've down everything I can find online and even spoken to my network provider. Just not working.
-
I have FCPX and just bought a MUCH faster TB external drive and don't want to work off the internal hard drive anymore due to speed and space. When I first open FC it shows my external (Lacie) drive but then goes away and only shows the internal Mac
-
Why do I have to download Adobe Flash Player to watch certain videos?
I have a new Mac Pro and when I want to watch some videos on YouTube or videos for my online class, I get the "missing plug-in" message and am directed to download Adobe Flash Player. This is frustrating because I DESPISE just about anything Adobe! I
-
Msi p35 neo Front Audio Jacks Not Working
i have msi p35 mainboard and EZcool case in the front i have 2 usb,mic in and headphones jacks the usb jacks are working and but mic and headphone jacks doesn't work I instulled the driver and it Show me the jacks but the steel doesn't work What shou
-
every time i open a word document ALL my word documents open as seperate windows. Same with powerpoints. How do I fix this? Its getting really annoying.