jcvm01intro.html

JAVA CARD 开发包规格说明,版本为2.2.2

<P CLASS="FigureBox"><A NAME="pgfId-6594"></A><A NAME="pgfId-12651"></A><CAPTION CLASS="FigureCaption"><A NAME="pgfId-6942"></A>FIGURE 1-1 	 <A NAME="60790"></A>Java Card API Package Conversion  </CAPTION>
</P>
<P><IMG SRC="figures/JCVM01intro-4.jpg" TITLE="On the Development System, Class files and export files are converted to a CAP file." ALT="On the Development System, Class files and export files are converted to a CAP file." ALIGN="BASELINE">
</P>
<BR>
<BR>
<P CLASS="FigureBox"><A NAME="pgfId-6909"></A><A NAME="pgfId-12656"></A><CAPTION CLASS="FigureCaption"><A NAME="pgfId-6928"></A>FIGURE 1-2 	 <A NAME="31924"></A>Java Card API Package Installation </CAPTION>
</P>
<P><IMG SRC="figures/JCVM01intro-5.jpg" TITLE="The installation tool on the terminal communicates with the installer on the device." ALT="The installation tool on the terminal communicates with the installer on the device." ALIGN="BASELINE">
</P>
<BR>
<P CLASS="Paragraph"><A NAME="pgfId-6908"></A>Development of a <A NAME="marker-6600"></A>Java Card applet begins as with any other Java program: a developer writes one or more Java classes, and compiles the source code with a Java compiler, producing one or more class files. The applet is run, tested and debugged on a workstation using simulation tools to emulate the device environment. Then, when an applet is ready to be downloaded to a device, the class files comprising the applet are converted to a <A NAME="marker-6602"></A>CAP (converted applet) file using a Java Card Converter.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-2420"></A>The <A NAME="marker-3905"></A>Java Card Converter takes as input all of the class files which make up a Java package. A package that contains one or more non-abstract subclasses, direct or indirect, of the javacard.framework.Applet class is referred to as an applet <A NAME="marker-3907"></A>package. Otherwise the package is referred to as a <A NAME="marker-3908"></A>library package. The Java Card Converter also takes as input one or more export files. An <A NAME="marker-3909"></A>export file contains name and link information for the contents of other packages that are imported by the classes being converted. When an applet or library package is converted, the converter can also produce an export file for that package.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-1882"></A>After conversion, the CAP file is copied to a card terminal, such as a desktop computer with a card reader peripheral. Then an installation tool on the terminal loads the CAP file and transmits it to the Java Card technology-enabled device. An installation program on the device receives the contents of the CAP file and prepares the applet to be run by the Java Card virtual machine. The virtual machine itself need not load or manipulate CAP files; it need only execute the applet code found in the CAP file that was loaded onto the device by the installation program.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-75"></A>The division of functionality between the Java Card virtual machine and the installation program keeps both the virtual machine and the installation program small. The installation program may be implemented as a Java program and executed on top of the Java Card virtual machine. Since instructions for the Java Card platform (&quot;Java Card instructions&quot;) are denser than typical machine code, this may reduce the size of the installer. The modularity may enable different installers to be used with a single Java Card virtual machine implementation.
</P><H2 CLASS="Head1"><A NAME="pgfId-77"></A>
<DIV>
<HR ALIGN=left SIZE=6 WIDTH=15% noshade>
</DIV>1.3	Java Language <A NAME="marker-3910"></A>Security</H2>
<P CLASS="Paragraph"><A NAME="pgfId-79"></A>One of the fundamental features of the Java virtual machine is the strong security provided in part by the class file verifier. Many devices that implement the Java Card platform may be too small to support verification of CAP files on the device itself. This consideration led to a design that enables verification on a device but does not rely on it. The data in a CAP file that is needed only for verification is packaged separately from the data needed for the actual execution of its applet. This allows for flexibility in how security is managed in an implementation.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-81"></A>There are several options for providing language-level security on a Java Card technology-enabled device. The conceptually simplest is to verify the contents of a CAP file on the device as it is downloaded or after it is downloaded. This option might only be feasible in the largest of devices. However, some subset of verification might be possible even on smaller devices. Other options rely on some combination of one or more of: physical security of the installation terminal, a cryptographically enforced chain of trust from the source of the CAP file, and pre-download verification of the contents of a CAP file.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-83"></A>The Java Card platform standards say as little as possible about CAP file installation and security policies. Since smart cards must serve as secure processors in many different systems with different security requirements, it is necessary to allow a great deal of flexibility to meet the needs of smart card issuers and users.
</P><H2 CLASS="Head1"><A NAME="pgfId-85"></A>
<DIV>
<HR ALIGN=left SIZE=6 WIDTH=15% noshade>
</DIV>1.4	Java Card Runtime Environment Security</H2>
<P CLASS="Paragraph"><A NAME="pgfId-2214"></A>The standard runtime environment for the Java Card platform is the Java Card Runtime Environment. The Java Card RE consists of an implementation of the Java Card virtual machine along with the Java Card API classes. While the Java Card virtual machine has responsibility for ensuring Java language-level security, the Java Card RE imposes additional runtime security requirements on devices that implement the Java Card RE, which results in a need for additional features on the Java Card virtual machine. Throughout this document, these additional features are designated as Java Card RE-specific.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-2215"></A>The basic runtime security feature imposed by the Java Card RE enforces isolation of applets using what is called an <A NAME="marker-3911"></A>applet firewall. The applet firewall prevents the objects that were created by one applet from being used by another applet. This prevents unauthorized access to both the fields and methods of class instances, as well as the length and contents of arrays.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-2396"></A>Isolation of applets is an important security feature, but it requires a mechanism to allow applets to share objects in situations where there is a need to interoperate. The Java Card RE allows such sharing using the concept of shareable interface objects. These objects provide the only way an applet can make its objects available for use by other applets. For more information about using shareable interface objects, see the description of the interface javacard.framework.Shareable in the <EM CLASS="Emphasis">Application Programming Interface, Java Card Platform, Version 2.2.2</EM> specification. Some descriptions of firewall-related features make reference to the Shareable interface.
</P>
<P CLASS="Paragraph"><A NAME="pgfId-95"></A>The applet firewall also protects from unauthorized use the objects owned by the Java Card RE itself. The Java Card RE can use mechanisms not reflected in the Java Card API to make its objects available for use by applets. A full description of the Java Card RE-related isolation and sharing features can be found in the <EM CLASS="Emphasis">Runtime Environment Specification, Java Card Platform, Version 2.2.2</EM>.
</P>
<div class="navbar" align="center">
<br>
<br>
<table dir="LTR" summary="Navigation bar, includes the book title and navigation buttons" width=100% cellpadding="0" cellspacing="0" border="0"><colgroup span="3" width="100%"><col id="1" span="1" width="45%"><col id="2" span="1" width="25%"><col id="3" span="1" width="30%">
<tr bgcolor="#cccccc">
<td class="navbartitle" align=left rowspan="1" colspan="1" abbr="ChapTitle">&nbsp;&nbsp;Virtual Machine Specification, Java Card Platform, v2.2.2
</td>
<td class="navbartitle" align=right rowspan="1" colspan="1" abbr="PartNum">3-11-06
</td>
<td valign="top" align="right" rowspan="1" colspan="1" abbr="NavButtons"><a href="index.html"><img src="shared/toc01.gif" title="Table Of Contents" alt="Table Of Contents" width="30" height="26" border="0"></a><a href="JCVMpreface.html"><img src="shared/prev01.gif" title="Previous Chapter" alt="Previous Chapter" width="30" height="26" border="0"></a><a href="JCVM02lang.html"><img src="shared/next01.gif" title="Next Chapter" alt="Next Chapter" width="30" height="26" border="0"></a><a href="ix.html"><img src="shared/index01.gif" title="Book Index" alt="Book Index" width="30" height="26" border="0"></a>
</td>
</tr>
</table>
<br>
<br>
</div>
<P CLASS="copyrightlink"><a href="copyright.html">Copyright</a> &#169; 2005, Sun Microsystems, Inc.   All Rights Reserved.
</P>
</BODY>
</HTML>