Java Card Interoperability

Introduction

If smart cards were interoperable, they would allow developers to write applications that could be run on smart cards with a variety of different silicon architectures and operating systems. This would reduce the costs of development and the time to market. Interoperability would also mean that applications from a variety of service providers could coexist on a single card, and card issuers could shop from multiple vendors for applications whose functionality and price meet their needs. In addition, issuers would have the freedom to choose the card size or silicon architecture best suited to their requirements. Likewise, interoperability would allow vendors to deploy their applications to a broader variety of smart cards. Interestingly enough, Java Card technology, and the Java programming language allow the smart card industry to do all of this today!

Not only that, with the Java Card technology available today, the lifespan of the application as well as the card is increased. If a vendor chooses to make an application available on a new card, the application does not have to be rewritten. It can simply be downloaded without changes. Creating applications for smart cards becomes cost-effective. Since the functionality included on the card can be changed, vendors know that its lifetime can be extended for many years.

Using the Java programming language, developers can leverage the Java Card platform and the Java programming language to focus their time on creating applications. The "from the ground up" approach to development is unnecessary. Developers do not need to spend their time understanding and writing to the communications protocols and memory management dictated by the hardware of a specific smart card. Instead, they can spend their time writing and developing applications, assured that they will run on a variety of platforms without the need for specialized code. Since specialized knowledge about a card's hardware and software is not needed, development for the smart card can be opened to a larger pool of developers.

For example, major card issuers have instituted programs that reward independent creators who have ideas for innovative services based on Java Card technology. Through Java technology, a broader range of experts beyond the traditional smart card developer can design smart card applications.

All this translates to:

• Investment Protection: Extending the value of existing equipment, software, procedures and staff.
• Flexibility: Choosing the technology that best suits your business needs.
• Adaptability: Enabling the introduction of new applications to meet today's changing business needs.
• Faster Time to Market: Supporting faster development and deployment of applications.

The Java Platform was Designed for Interoperability

There are three elements that work together to enable interoperability in the smart card: the Java programming language, the Java Card API, and the Java Card platform. The Java programming language is the ideal medium for interoperability. The language was originally developed to be device-independent, and to run on small devices with limited memory. The Java Card API allows applications written for one smart card platform enabled with Java Card technology to run on any other such platform. The Java Card platform is a unique interoperable layer that sits on top of a card's operating system. Successful Java Card implementations have been built on top of card operating systems around the world.

The features of the Java Card technology that make it the ideal platform include:

• Platform Independence -- Java Card technology applets that comply with the Java Card API specification will run on cards developed using the Java Card Application Environment (JCAE). This allows developers to use the same Java Card applet code for deployment on different card technologies.
• Multi-Application Capable -- Multiple applications are supported on a single card. In the Java programming language, the inherent design around small, downloadable code elements makes it easy to securely host multiple applications on a single card.
• Post-Issuance of Applications -- The installation of applications after the card has been issued provides card issuers with the ability to dynamically respond to their customer's changing needs. For example, if a bank issues a Java Card, a customer could elect to have the bank load additional loyalty programs from a list of the bank's business partners as the customer's shopping habits change.
• Flexibility -- The object-oriented methodology of the Java Card technology provides flexibility in programming smart cards. The Java language allows inheritance and reuse of code both statically and dynamically. The code and the environment that is designed are easily extended.
• Compatibility with Existing Smart Card Standards -- The Java Card API is compatible with formal international standards.
• Ease of programmability -- Many of the tedious error-prone tasks such as pointers and memory management are taken care of by the Java environment. The Java environment reduces the number of errors and increases the reliability of the resulting applets.

How Java Achieves Interoperability

The Java Card platform provides an upgradeable, extensible, environment that supports multiple applications. The Java environment's built-in security features fit in well with the smart card environment and allow the secure downloading of applications to the card. For example, the level of access to methods and variables is strictly controlled: there is no way to forge pointers to enable malicious programs to snoop around inside memory. In addition, applications, or "applets" on the Java Card platform are separated by an applet firewall.

The Java Card technology is independent of card architectures and operating systems. It can be run on any smart card processor (8-bit, 16-bit, or 32-bit). Java Card applications are written on top of the Java Card platform and thus are hardware and software independent.

The Java Card platform allows developers to write in a commonly understood high-level language rather than specialized microcontroller language. Any smart card that has the Java byte code interpreter installed can run a Java program. The application only needs to be written once; it can then be run anywhere. The "write once run anywhere" feature has been a part of the Java language from the very beginning.

The Java environment is scalable; that is, it can be run across a wide range of devices. Scalability is also one of the original features of the language. The Java environment can be run on anything from smart cards and hand-held devices to supercomputers. A Java application developed for an 8-bit smart card can be run on a 16-bit smart card. The same application could also conceivably be run on a supercomputer. Similarly, there is more to the smart card world than just the card itself. Typically, they are only a part of a larger system. There are servers, clients, card acceptance devices (CADs), and other assorted devices. An application developed for the smart card must have a corresponding part for the CAD and the server.

For example, if you have a smart card application that controls building access, then a corresponding application must be developed for the CAD that reads the card and opens the door. There must also be an application running on the database server to validate the information read from the card. Developers familiar with the Java language can work across all of these devices and should immediately understand the code. Writing these applications in the Java language allows all of the development teams to work together, writing co-operative code.

Java Card technology is delivered through an OEM licensing program. Sun Microsystems provides a detailed specification of the Java language, the Java Card API, and the Java Card runtime environment. Sun Microsystems also supplies a functional reference implementation of the specifications and a test suite to verify compliance. The specification, reference implementation, and test suites work together to allow developers to create interoperable solutions. Sun Microsystems has combined these elements to make Java technology the industry-leading standard for interoperability.

The Java Environment is the Developers Choice

The Java programming language is object-oriented. It is less complex and easier to use than C or C++ because it eliminates the use of pointers and encapsulating arrays in a class structure. It maintains its own memory management as well as multithreading features. By maintaining automatic control over memory management, programmers do not have to deal with lower-level, often machine-dependent issues such as bounds checking and memory addressing. This increases portability of the code.

Much of the cost generated in the software lifecycle is due to the expense of code maintenance. The Java language reduces these costs because it is a high-level, object-oriented language. You can make changes to individual class definitions or objects without having to recompile the entire system. Compare this to working in C or C++ where you could spend an excessive amount of time in chasing memory leaks, or to working in assembly language where a change to a single line of code will force you to go back and retest the entire system.

The annual Java One Developers Conference draws tens of thousands of attendees from around the world. This attests to the popularity of the Java platform in the developer community.

Interoperability Benefits Manufacturers and Card Issuers

Manufacturers and card issuers benefit from the interoperability and device-independence of the Java platform in that they can download applications to a smart card with any architecture or operating system. Multiple applications, which can be obtained from different vendors, can be hosted on a single card. In fact, one can shop the marketplace for the most cost-effective versions of applications to download. Likewise, any Java Card enabled smart card will be able to run the same applications. One has the additional option of choosing to burn the application into ROM, or download it after the card is manufactured.

Java Card platform allows for product differentiation to meet different market needs. For example, one major card issuer that uses the Java Card platform bases much of its business on inventing and launching new products. The time horizon for launching these products is thirty to sixty days. The Java Card platform makes it easy to assemble different combinations of applets and download them to meet these goals.

The Java Card Community and the Open Specification Process

Java Card community includes over 40 licensees worldwide, committed to Java Card technology and its interoperability. One of the roles of the licensees is to participate in the development and evolution of the Java Card specifications. Sun Microsystems also works with major card issuers, such as the US Department of Defense and major financial institutions, who depend on this technology.

Sun Microsystems maintains an open specification process in which licensees and major card issuers can contribute to the development and evolution of the specifications. The specification review process includes a licensee review and a public review cycle. The results are published publicly.

One of the contributors to the specification is the Java Card Forum (JCF). The Java Card platform has lead to the formation of the JCF whose members work together in making recommendations and giving feedback to Sun Microsystems towards enhancements and improvements of the technology. The Forum promotes Java Card platform as the leading industry standard.

Java Card Platform Easily Integrates with Popular Smart Card Standards

Java Card technology's interoperability allows for integration with existing smart card standards. These include organizations such as the internationally recognized ISO to industry-specific standards bodies such as GlobalPlatform, Europay/MasterCard/Visa (EMV), ETSI and the Third Generation Partner Project (3GPP).

Conclusion

Java Card has set a new standard for interoperability that has led to its widespread adoption in the financial services, wireless, government, and enterprise markets. Smart cards enabled with Java Card technology have been approved for deployment by Visa, MasterCard, and American Express as well as by major US retailers such as Target stores. In the wireless market, many GSM telephony operators worldwide are using Java Card-based Subscriber Identity Module (SIM) cards as the programming platform for multi-application services. In government, Java Cards are being deployed by the US Department of Defense for their military and select civilian employees. Smart cards built on the Java Card platform are also being deployed by governments in Asia and are under consideration by governments in Europe. Over 200,000,000 smart cards built on the Java Card platform have been deployed to date. This makes Java Card platform the most widely adopted, interoperable platform for multi-application smart cards in the market today.

About the Author: Tom Pfaeffle is president of Silver Bay Communications, Inc., a computer consulting firm he founded in 1991. He has written articles and documentation for many enterprise-related products from Sun and other companies, including Oracle Corporation, Intel, Symantec, and Adobe Systems. He holds an MS degree in Geophysics from Stanford University, an MS degree in Mathematics from Fairleigh Dickinson University, and is co-holder of U.S. Patent 5,930,846.