Title:
Java card for e-payment applications
Series:
Artech House computer security series
Publication Information:
London : Artech House, 2002
ISBN:
9781580532914
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004826123 | QA76.73.J38 J37 2002 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Java Card is one of the latest developments in the area of multi-application and platform-independent smart cards. As a working tool for professionals, this easy-to-understand resource provides clear, detailed guidance on smart cards, credit and debit cards, Java Card and Open Card Framework (OCF). It offers in-depth coverage of important standards, open specifications and critical security issues, including common threats and security mechanisms regarding the card and its connection interface. The book explains how to program a Java Card applet, an OCF card service and a terminal application. What's more, the book presents an informative case study on the credit-debit application, offering a detailed road map of the application development process.
Author Notes
Vesna Hassler received her B.Sc. and M.Sc. degrees in Electrical Engineering from Zagreb University (Croatia), and her Ph.D. degree from Graz University of Technology (Austria).
Dr. Hassler is a member of A-SIT (Secure Information Technology Center, Austria). Her research and teaching focus is on network and e-commerce security. She is also an independent consultant. Dr. Hassler is the author of Security Fundamentals for E-Commerce (Artech House, 2001), and has published a number of conference and journal papers on cryptography, network security, payment systems, and smart cards.
050
Table of Contents
| Preface | p. xv |
| Acknowledgments | p. xvii |
| Part I Smart Cards | p. 1 |
| 1 Smart Card Basics | p. 3 |
| 1.1 Logic of Integrated Circuit Cards | p. 3 |
| 1.2 Communication Interface of Integrated Circuit Cards | p. 6 |
| 1.3 Smart Card Operating Systems | p. 7 |
| 1.4 Smart Card Life Cycle | p. 8 |
| 1.5 Integrated Circuit Card Standards | p. 11 |
| 2 Security Issues | p. 13 |
| 2.1 Symmetric Cryptography | p. 14 |
| 2.2 Asymmetric Cryptography | p. 17 |
| 2.3 Authentication | p. 22 |
| 2.4 Smart Card Security | p. 25 |
| 2.5 Known Attacks on Smart Cards | p. 26 |
| 2.6 System Security | p. 28 |
| 3 Security Evaluation Criteria | p. 31 |
| 3.1 Common Criteria | p. 32 |
| 3.2 Visa Smart Card Protection Profile | p. 37 |
| 3.3 Eurosmart Protection Profiles | p. 38 |
| 3.4 Smart Card Security User Group's Protection Profile | p. 39 |
| 3.5 Secure Signature-Creation Device Protection Profile | p. 40 |
| References | p. 42 |
| 4 File Structure and Commands | p. 43 |
| 4.1 File Structure of Integrated Circuit Cards | p. 43 |
| 4.2 Command Structure of ICCs | p. 45 |
| 4.3 Examples of Smart Card Commands | p. 46 |
| 4.4 Cryptographic Authentication and Secure Messaging | p. 48 |
| 5 ISO 7816 Smart Card Communication | p. 53 |
| 5.1 Answer to Reset | p. 54 |
| 5.2 T = 1 Protocol | p. 57 |
| 6 Card Readers, Card Terminals, and Related Technologies | p. 59 |
| 6.1 Card Readers and Card Terminals | p. 59 |
| 6.2 Related Technologies | p. 61 |
| References | p. 62 |
| 7 Debit and Credit Cards | p. 63 |
| 7.1 Relevant Specifications | p. 65 |
| 7.2 EMV Transactions | p. 67 |
| 7.3 EMV 2000 Details | p. 73 |
| 7.3.1 EMV Book 1 | p. 73 |
| 7.3.2 EMV Book 2 | p. 74 |
| 7.3.3 EMV Book 3 | p. 75 |
| 7.3.4 EMV Book 4 | p. 76 |
| Part II Java Card | p. 77 |
| 8 Java Card Basics | p. 79 |
| 8.1 Java Card Architecture | p. 79 |
| 8.2 Differences from Java | p. 84 |
| 8.2.1 Primitive Data Types and Arrays | p. 84 |
| 8.2.2 Operations and Type Casting | p. 86 |
| 8.2.3 Exceptions | p. 86 |
| 8.3 Java Card Applet | p. 89 |
| 8.3.1 Installation and Registration | p. 90 |
| 8.3.2 Selection and Deselection | p. 91 |
| 8.3.3 APDU Processing | p. 92 |
| References | p. 93 |
| 9 Deployment of Java Card Technology | p. 95 |
| 9.1 Java Card Forum | p. 95 |
| 9.2 Card Management | p. 96 |
| 9.3 SIM Application Toolkit | p. 97 |
| 9.4 Visa Open Platform | p. 98 |
| References | p. 99 |
| 10 Java Card Security | p. 101 |
| 10.1 Java Card Language Subset Security | p. 101 |
| 10.1.1 Java Safety | p. 102 |
| 10.1.2 Java Type Safety | p. 103 |
| 10.1.3 Transient Objects | p. 103 |
| 10.1.4 Atomicity of Transactions | p. 104 |
| 10.2 Card Applet Security Mechanisms | p. 104 |
| 10.2.1 Card Applet Firewall | p. 105 |
| 10.2.2 Secure Object Sharing | p. 106 |
| 10.3 Java Card Crypto APIs | p. 108 |
| 10.4 PIN Verification | p. 109 |
| References | p. 110 |
| 11 Application Development | p. 111 |
| 11.1 Java Card API | p. 111 |
| 11.1.1 JCSystem Class | p. 112 |
| 11.1.2 Applet Class | p. 112 |
| 11.1.3 APDU Class | p. 113 |
| 11.1.4 OwnerPIN Class | p. 115 |
| 11.1.5 Util Class | p. 115 |
| 11.1.6 Interface ISO7816 | p. 116 |
| 11.2 Existing Implementations | p. 116 |
| 11.2.1 Giesecke and Devrient Sm@rtCafe | p. 116 |
| 11.2.2 Gemplus GemXpresso 211 | p. 118 |
| 11.2.3 Schlumberger Cyberflex Access | p. 119 |
| Part III OpenCard Framework | p. 121 |
| 12 OCF Basics | p. 123 |
| 12.1 Smart Card Applications | p. 124 |
| 12.2 The OCF | p. 125 |
| 12.3 The OpenCard Consortium | p. 126 |
| 12.4 OCF Architecture Overview | p. 126 |
| 12.4.1 What Is a Framework? | p. 129 |
| 12.4.2 What Is an Abstract Factory? | p. 130 |
| 12.4.3 Singleton and Registry | p. 132 |
| 12.5 PC/SC | p. 133 |
| 12.6 OCF Versus PC/SC | p. 136 |
| 12.6.1 Platform | p. 137 |
| 12.6.2 Operating System | p. 137 |
| 12.6.3 Terminal Application | p. 137 |
| 12.6.4 Programming Language | p. 138 |
| 12.6.5 Architecture | p. 138 |
| 12.6.6 Interoperability | p. 140 |
| 12.6.7 Java Card and Windows for SmartCard | p. 140 |
| 12.7 Other Card Terminal APIs | p. 140 |
| References | p. 142 |
| 13 OCF Structure | p. 143 |
| 13.1 OCF Card Terminal Layer | p. 144 |
| 13.1.1 Core Part of the Card Terminal Layer | p. 145 |
| 13.1.2 Optional Part of the Card Terminal Layer | p. 147 |
| 13.2 OCF Card Service Layer | p. 148 |
| 13.2.1 Core Part of the Card Service Layer | p. 148 |
| 13.2.2 Optional Part of the Card Service Layer | p. 151 |
| 13.2.3 Standard Card Service Interfaces | p. 151 |
| 13.3 OCF Security | p. 152 |
| 13.4 OCF Card Terminal Communication | p. 154 |
| 13.5 OCF and Java Card Applets | p. 155 |
| References | p. 157 |
| Part IV Case Study: Java Card Application Development with the OpenCard Framework | p. 159 |
| 14 Case Study Overview | p. 161 |
| 14.1 Sample Application Functionality | p. 161 |
| 14.1.1 Application Architecture | p. 162 |
| 14.1.2 Transaction Flow | p. 163 |
| 14.1.3 Data Objects | p. 165 |
| 14.1.4 Application Selection | p. 172 |
| 14.1.5 Processing Options Retrieval | p. 173 |
| 14.1.6 Reading Application Parameters | p. 175 |
| 14.1.7 Cardholder Verification | p. 176 |
| 14.1.8 Application Cryptogram | p. 178 |
| 14.2 Security Functions | p. 184 |
| 14.2.1 Card Risk Management | p. 184 |
| 14.2.2 Session Key Derivation Algorithm | p. 187 |
| 14.2.3 AC Calculation Algorithm | p. 188 |
| 14.3 Application Design | p. 190 |
| References | p. 191 |
| 15 Java Card Applet Development | p. 193 |
| 15.1 Applet Architecture | p. 193 |
| 15.2 EMVPurse Class | p. 195 |
| 15.2.1 Data Structures and Related Methods | p. 196 |
| 15.2.2 Class Constructor | p. 199 |
| 15.2.3 GENERATE AC Command Processing | p. 201 |
| 15.2.4 CVR Object | p. 204 |
| 15.2.5 Card Risk Management and Card Action Analysis | p. 206 |
| 15.2.6 Application Cryptogram Calculation | p. 209 |
| 15.3 EMVdemo Class | p. 211 |
| 15.3.1 Class Constructor, Methods install and select | p. 212 |
| 15.3.2 Method process | p. 212 |
| 15.4 EMVFileSystem Class | p. 220 |
| 15.4.1 Record | p. 220 |
| 15.4.2 File | p. 222 |
| 15.4.3 File System | p. 223 |
| 16 OCF Card Service Development | p. 227 |
| 16.1 Setting Up the Environment | p. 227 |
| 16.2 The Properties File and the Factory | p. 228 |
| 16.3 The Card Service | p. 232 |
| 16.3.1 SELECT Command | p. 234 |
| 16.3.2 VERIFY Command | p. 235 |
| 16.3.3 Read Record Command | p. 237 |
| 16.3.4 Get Processing Options Command | p. 238 |
| 16.3.5 Generate AC Command | p. 242 |
| References | p. 244 |
| 17 Terminal Application | p. 245 |
| 17.1 Startup and Shutdown | p. 245 |
| 17.2 Processing Options and Restrictions | p. 248 |
| 17.3 Dynamic Data Authentication | p. 253 |
| 17.3.1 Certificate Chain | p. 253 |
| 17.3.2 Signing Authentication Data | p. 256 |
| 17.4 Terminal Risk Management | p. 256 |
| 17.5 Verification of the Result | p. 260 |
| 17.5.1 General Verification | p. 260 |
| 17.5.2 AC Calculation | p. 263 |
| References | p. 265 |
| 18 Conclusion | p. 267 |
| Appendix A Card Applet Source Code | p. 271 |
| Appendix B OCF Reference Manual | p. 297 |
| B.1 Package opencard.core.service | p. 297 |
| B.1.1 Class SmartCard | p. 297 |
| B.1.2 Class CardRequest | p. 300 |
| B.1.3 Class CardServiceFactory | p. 302 |
| B.1.4 Class CardServiceRegistry | p. 304 |
| B.1.5 Class CardService | p. 307 |
| B.1.6 Class CardServiceScheduler | p. 310 |
| B.1.7 Class CardChannel | p. 312 |
| B.1.8 Class CardType | p. 315 |
| B.1.9 Class DefaultCHVDialog | p. 316 |
| B.2 Package opencard.core.terminal | p. 316 |
| B.2.1 Class APDU | p. 316 |
| B.2.2 Class CardID | p. 319 |
| B.2.3 Class CardTerminalFactory | p. 321 |
| B.2.4 Class CardTerminalRegistry | p. 322 |
| B.2.5 Class CardTerminal | p. 324 |
| B.2.6 Class SlotChannel | p. 329 |
| B.3 Package opencard.opt.service | p. 331 |
| B.3.1 Class OCFllCardServiceFactory | p. 331 |
| B.4 Package opencard.opt.util | p. 331 |
| B.4.1 Class TLV | p. 331 |
| B.4.2 Class Tag | p. 334 |
| Reference | p. 337 |
| List of Acronyms | p. 339 |
| About the Authors | p. 349 |
| Index | p. 351 |
