A smart card is a mini computer which requires programming to run. A smart card doesn’t contain an interface-like display or keyboard, so smart card readers are used to read or update the data tofrom smart cards. Smart cards contain an operating system which provides a platform to run applications.
Smart card operating systems can be divided into two categories.
The first kind of operating system is based on the Disk Drive approach. This operating system contains an active memory manager which can load any file or application in the card on demand. The Card Operating System allows for active file allocation and management (JAVA Card OS is an example of this approach).
The advantage of Disk Drive based operating system is that the substitution cost for cards is less expensive, but the start-up costs are higher. This card requires a lager amount of free memory to cope with future application uploads. Due to the heavy use of expensive semiconductors, the cost is higher for these cards. The security infrastructure costs are also higher due to the multiple points of entry to card system functions.
The second approach treats the card as a secure device where, files and permissions to these files are all set by the admin. The only access to the cards is through the operating system. There is no other way to access the file structure. Data can be accessed as per the permissions set by the user. These operating systems can then run your applications. Commands can be passed to the card via the card reader and then the desired application can be accessed through the smart card.
One of the most commonly used smart card operating systems is JavaCard. It provides standard API to load and run java applets directly on a standard ISO 7816 compliant card. JavaCards enable secure and chip-independent execution of various applications.
The following requirement needs to be addressed before starting application development on smart cards:
- Smart card reader
- Software to communicate with the reader
- Software to communicate with the smart card
- Smart cards and smart card hardware
Before we address smart card programming, we have to be able to communicate with the reader. Because there are many different cards, there are many different readers. So proper interface implementation should be used for communication.
Once the above setup is complete, programming and application upload can begin utilizing the smart card. JavaCard allows applications to be loaded on demand.
In the early years of smart card development, each software application representing a product on a card was written for a specific card with a specific operating system, which in turn was specific to a hardware application. Sometimes a direct application was also installed without an operating system to make the card very specific to that application. However, the evolution of multiple application operating systems brought about a new era. JavaCard is an open, multi-application operating system for smart cards. Any person can develop applications using Java programming language. The java programs can run independently on the card and can be run on any ISO 7816 compliant smart cards. This way applications from various vendors can be combined, yet remain separate from each other.
The ISO 7816 standard was developed to define the mechanical and electrical characteristics along with the protocol for communication with the card. Unfortunately, the ISO group was unable to baseline a standard for communicating with the reader. So, in order to communicate with the smart card it is required to first understand the commands supported by the card. Then these commands need to be encapsulated into ISO standard commands.
Now, let’s take a look of the APIs which allow us to send commands from an application to a reader. The reader communicates with the card where the actual processig takes place. From a technical standpoint, the key is a smart card API. This is a layer of software that allows an application to communicate with smart cards and readers from more than one manufacturer. The API allows the programmers or users the ability to select smart cards from multiple vendors. Running an application on multiple smart cards encourages competition among card vendors and the benefits of that competition include greater quality and lower prices.
The smart card programming API provides an application layer between the smart card and the application interface. The unit of exchange with a smart card is the called as Application Protocol Data Unit (APDU) packet. Communication with the card and the reader is performed using APDUs. An APDU can be considered a data packet that contains a complete instruction for the card or a complete response from a card.
The following are some of the classes provided for transporting APDUs and their function:
- ISOCardReader interface
Sun has developed the Java Electronic Commerce Framework (JECF), an extension to the core Java platform that allows developers to easily and rapidly develop electronic commerce applications. JECF provides several classes that easily support communication with smart cards. It can be downloaded free of charge from Sun’s website and can be used easily by a smart card programmer.
The smart card application development process includes following steps:
- User requirements: What does the user want to accomplish?
- Software requirements: Map user requirements to software requirements.
- Architectural design: Design the architecture of the solution.
- Code Generation: Create code as per the architecture.
- Emulation: Use emulators to test the code on virtual card.
- In-card Emulation: Run the code on actual card using card reader.
- Verification and Validation: It involves the testing.
- Final testing and maintenance.