(Javacard) javacard222vm SPEC (javacard 2.2.2 VM specifications-Chinese and English comparisons, chapter 1)

Chapter 2
Introduction
Chapter 1
Introduction
1.1 motivation
1.1 features

Java card
Smart card and other small, limited resources on the device running JavaProgramming LanguageCompiledProgram. Developers
You can build and test programs using standard software development tools and
Environment, and then convert it into a Java card
Technical devices can be installed. The application software used for the Java card platform is called
An applet, or, more specifically, a Java card applet (applet or card, to distinguish
From the browser applets ).
Card applet or card applet (to distinguish it from browser applet)

Java card technology enables Java programming
The program runs on a smart card, and such a small device is too powered.
Supports full-featured Java platforms. Therefore, on the Java card Platform
Only one well-selected custom Java
Functions of the platform. The functions provided by this subset are very suitable
Small devices write programs and keep Java programming
Language object-oriented functions.
Java

Specifying a Java card VM is a simple method to describe
Java virtual machine must support a subset of the functions
Allowed between devices of all Java Card TechnologiesSource codePortability.
Combine the specifications and information of this subset on the Java Virtual Machine
In the specification, smart card manufacturers can build their own Java cards
Technology-based implementation ("Java card Implementation "). Although
The method is feasible and has a serious disadvantage. To obtain the platform, Set
The portability of Java card small applications that lack important feature binary.
A simple way is to defineCodeA subset of Java virtual machines that can be transplanted in all javacard environments. Based on the JVM subset rules and information, smart card providers can build their own tools on the javacard specifications. Although the method is feasible, there is a serious drawback that the target platform will lose the portability of bytecode.

Defines Java platform standards and allows
The binary portability of Java programs implemented on all Java platforms. This "one-time writing,
Run "Platform anywhere. What is the motivation for creating a Java card platform?
This kind of binary smart card industry is lightweight. In this world
Hundreds of millions or even billions of smart cards are different from
Processor and configuration, supporting multiple binary formats
The cost of software distribution may be huge.
Java platform specifications allow Java code to be transplanted on all Java platforms. The "write once, run everywhere" attribute of Java may be the most important feature of the platform. Some javacard platforms are created to bring this code portability to the smart card industry. There are millions of different processors and smart cards in the world, and the cost of supporting multiple code formats for software distribution is unacceptable.

this virtual machine standardizes the Java card platform. The binary portability provided by version 2.2.2
is critical. One way to understand this specification
is to compare it to its corresponding Java platform. Java Virtual Machine
defines the Java Virtual Machine engine, loads java files
, and executes them with a specific set of semantics. Class files are the core part of the
JAVA architecture. They are the binary compatibility of the standard Java
platform. Java card virtual machine specification, 2.2.2 also
defines a file format, which is standard for the binary compatibility of Java card
platform: the form of software loading on the device in the CAP file format
implemented Java card virtual machine.
This javacard virtual machine specification (version 2.2.2) is the key to providing code portability. One way to understand what this specification has done is to compare it with the corresponding copy of the Java platform. Java virtual machine specification defines an engine for guiding and executing Java class files according to instruction sets. Class files are the core part of the Java architecture and the pillar of code portability. Javacard's virtual machine specification (version 2.2.2) also defines a file format that implements code portability on the javacard platform: the CAP file format is the format in which the software is imported to the device that implements the javacard virtual machine specification.
1.2the Java card Virtual Machine
1.2 javacard Virtual Machine
role of the Java card virtual machine,
in the process of software production and deployment for the Java card platform,
consists of several components: a Java card system, including Java
card virtual machine, converter Java card platform ("Java card
converter"), terminal installation tool, and a program running on the
device installed, see figure 1 and figure 2.
The Role Of The javacard VM is well understood in the production and development processes of the javacard platform. The javacard Virtual Machine and several components form a javacard system, a converter, a terminal installation tool, and an installer running on the device. For example, 1-1 and 1-2

Starts with a small Java card application developed by any other Java program:
One or more Java classes written by developers, and compile the Java
Compiler to generate one or more class files. Small program running
A simulation tool used on a workstation to simulate the environment, test, and debug the device. Then,
When an applet is downloaded to a device, including
The class file of the small application program is converted to
The Java card converter is a Java
Package. A package contains one or more non-Abstract subclasses, either
Indirectly, the javacard. Framework. Applet Class is called as an applet package.
Otherwise, it is called a package. Java card Conversion
You also need to enter one or more export files. Export File Inclusion
Content
The converted classes are the names and links of imported other data packets. When an applet or library package is converted, the converter can also
Generate the export file for this package.
Package ). Otherwise is called a library package. The converter can also export one or more export files

After conversion, the CAP file is copied to the card terminal, such as the Desktop
A card reader peripheral of the computer. Then, install the tool on the terminal
Load the CAP file and send it to a mobile device that enables Java card technology.
Content and preparation of the CAP file received by the installer on the device
The applet running in the Java card virtual machine. Virtual Machine itself
You do not need to load or manipulate the CAP file. You only need to execute
The CAP file is loaded into the device's installer applet code.
After conversion, the CAP file is copied to a card terminal, such as a desktop computer with a card reader device. Then, an installation tool on the terminal loads the CAP file and transfers it to the javacard device. An installation program on the javacard device receives the content of the CAP file and is ready to be run by the javacard virtual machine. The virtual machine does not need to import or operate the CAP file. It only needs to execute the application code found in the CAP file imported by the installation program.

the division of labor between the Java card Virtual Machine and
installer, the saved virtual machine, and Installer
is small. It can be implemented as the top of the Java card Virtual Machine executed on the Java program installer
. Because the Java
card platform ("Java card description") of the instruction has a higher density than the general machine code, this
may reduce the size of the installer. The modular design allows different installers
to be implemented using a single Java card Virtual Machine
the distinction between the javacard Virtual Machine and the installer project makes the two smaller, the installer can be implemented as a Java program and executed at the upper layer of the javacard virtual machine. Because the commands of the Java Virtual Machine are more dense than the typical machine code, this can reduce the size of the installer. Componentization allows different installers to be used in the implementation of a javacard virtual machine.
1.3java language Security
1.3java language Security
one of the basic features of Java virtual machine is that
some class file verification provides powerful security. Many devices implementing the Java
card platform may be too small to support authentication cap files on devices
. This leads to a verifiable device, but
does not rely on its design. The data in a cap file only needs to be verified.
the data required for actual execution of the applet is packaged separately. This
gives security management flexibility.
the basic attribute of a Java virtual machine is the powerful Security implemented by class file verification. Many devices that implement the javacard platform may be too small to support verification on their own devices. This consideration allows the design to allow authentication on the device but does not trust it. The verification data in the CAP file is separated from the real data executed by the application. To allow more flexible security management.

there are several language-level security options that provide a Java card
technology device. The simplest concept is that a
cap file is downloaded or downloaded because it is verified on the device. This option
may only be feasible and the largest device. However, some subset verification
is possible, even on smaller devices. One or more
Installation terminals of physical security and an encrypted
execution cap file in some combinations that other options depend on, the trust chain for pre-download verification from the source and the content of a
cap file.
several language-level security options are available on the javacard device. The simplest concept is to verify the content of a CAP file during and after it is downloaded. This option is usually available on a large device. Other options trust some bundled attributes: physical security of the secure terminal. During the download, the algorithm verification process, pre-check the CAP file before downloading.
the standard description of the Java card platform is rarely related to cap File Installation
and security policy. Because smart cards must have different security requirements in many
systems as Security processors, it is necessary to make a
great flexibility, to meet the needs of smart card publishers and users.
the javacard Platform specification should be omitted in terms of CAP File Installation and security rules. Because smart cards serve as secure processors in different systems with different security requirements, it is necessary to allow a lot of flexibility to adapt to smart card issuers and users.
1.4 Java card Runtime Environment Security
1.4 Java Runtime Environment Security
standard Runtime Environment java card platform Java card
runtime Environment. Java card re includes
JAVA card API-class Java card Virtual Machine implementation. Java card
virtual machine, to ensure Java language-level security responsibility, on the device where Java
casre brings additional runtime security requirements
implements Java card renewable energy, this causes additional functions to be required on the
JAVA card VM. In this document, these additional features are
specified as Java card re -.
the standard runtime environment of the Java card platform is JRE, which consists of Java card virtual machines and Java cards.

Java card re.
Applet, called applet firewall isolation. The applet firewall can prevent
The object created by another applet that a applet is using. This works.
Prevents unauthorized ingress instance fields and methods,
And the length and content of the array.
The most basic operational security feature of JRE is to use an application firewall to isolate applications. The Application Firewall blocks access by other applications to an object created by an application, and blocks access to properties and methods of unauthorized instances (the length of the access array is similar)

Isolated applets are an important security feature, but they need a mechanism,
When the applet is allowed to share objects, it is necessary to perform interoperability.
Java re allows such a shared interface object to be used.
These objects provide a small program that can be used
The only way to use other applets. For more information about the interface objects that can be shared, see
Applications
Programming Interface, Java card platform, javacard. Framework. retriable interface described in version 2.2.2 specification. Some
Shared interface for firewall-related function descriptions.
Interface

The applet firewall can also protect against unauthorized use.
The Java card of the object of renewable energy itself. The available Java card Re is not reflected in Java
The mechanism used by the applet to enable the object through the card API.
A complete description of the re-Java card isolation and sharing functions can be provided at runtime.
Environment specification, Java card platform, version 2.2.2.
The application firewall also avoids unauthorized use of the objects owned by JRE. JRE can use a mechanism that is not reflected in jcapi so that its objects can be used by applications. The relevant attributes of JRE isolation and sharing can be reflected in the JRE specification.