Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Standard Edition >

Get a jumpstart on the Java Card

How to utilize Java in your wallet or purse

By Rinaldo Di Giorgio, JavaWorld.com, 02/01/98

  • Print
  • Feedback
This month's Java Developer column, the third in a series on smart cards, will start by describing the CyberFlex card from Schlumberger. We will then write a program for this card, convert it to "card format," download it, and run it. We will briefly discuss a security application and go on to discuss personalization -- the process of making a card specific to its holder. We will also provide techniques for programming smart cards and ensuring security. Smart card security can be a very large topic as security is one of the key features of smart cards. As a start, we will demonstrate a technique for carrying out what is commonly referred to as card holder verification. The article ends with a frequently-asked-questions (FAQ) section.

Note: For the big picture on the Java Card API, please see the companion piece to this article: "Giving currency to the Java Card API," by Arthur Coleman.

In order to benefit from the concepts in this article, you must have Schlumberger's CyberFlex developer kit. (See the Resources section for information on what to do if you really want to run the demos without changing a line of code.) Some of the examples included here can be modified for other cards that may come to market as time goes on. The resources at the end of the article provide information on other cards coming soon from Bull and GemPlus.

What is the CyberFlex Java Card?

In previous articles in this series (see "Smart cards: A primer" and "Smart cards and the OpenCard Framework," we discussed how to use Java to communicate with a smart card and how to develop a smart card terminal interface. CyberFlex is a smart card from Schlumberger that runs programs written in the Java programming language. The CyberFlex card looks almost exactly like a credit card but is in fact a small computer. The card contains a microprocessor to provide processing capability and memory for storing instructions and data. For more on CyberFlex 2.0 and its relation to Java Cards, see the Frequently asked questions section. The card can be broken down into the following functional areas:

  • CPU
  • RAM
  • ROM
  • EEPROM


The card can be used to store and update account information, personal data, and even monetary value. The cards are ideal for secure Internet access, purchases, portable digital telephones, and for benefit programs and healthcare applications. Smart cards bring new services, as well as increased security, portability, and convenience, to computer applications. The following diagram depicts an architecture capable of supporting multiple applications.

Some consumers have expressed extreme concern with the idea of having their health information and their banking information in the same place and then interacting with some online service. Smart card manufacturers have been working on this problem for years and have come up with security based on partitioning.

CyberFlex architecture

Simple example

The example we will start with is very simple. As we have discussed in previous articles, the ATR ("answer to reset") is fundamental to ISO 7816 -- the recognized standard for communicating with smart cards. ATRs are the means by which a card provides some identifying information when the card is reset or inserted in a reader. The ATR is well-defined in the ISO standards. The recent OpenCard article published last month in JavaWorld included an excellent ATR-dumping facility that we will use this month.

  • Print
  • Feedback

Resources
  • Here is the ZIP file containing all the related files you need for the projects mentioned in the article /javaworld/jw-02-1998/javadev/jw-02-javadev.zip
  • Product information and links to Web pages for the CyberFlex home http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome2.htm Documentation
  • CyberFlex Programmer's Guide http://www.cyberflex.austin.et.slb.com/cyberflex/docs/docs-page2.htm Samples
  • Sample CyberFlex applications http://www.cyberflex.austin.et.slb.com/cyberflex/samp/samples2.htm
  • For Schlumberger's Java Card perspective, see http://computer.org/internet/v1/guthery9701.htm
  • Official details on the Java Card specification http://java.sun.com/products/javacard
  • Product information on PC/SC http://www.microsoft.com/smartcards
  • Specifications for the personal computer-/smart-card standard http://www.smartcardsys.com
  • Strategic Analysis, Inc. was the first smart card application developer to work with Java-based smart cards. Information on and updates for EZFormatter http://www.sainc.com
  • Information about ISO and ISO specifications http://www.iso.ch
  • Litronic is one of the reader companies that the CyberFlex development kit supports http://www.litronic.com/solutions/products_services.html
  • Here is an excellent introduction to "What is a smart Card?" http://www.cp8.bull.net/scworld/sccarda.htm
  • A promising and powerful upcoming Java Card http://www.gemplus.com/presse/gemxpresso_uk.htm
  • Jef Poskanzer's Java Crypto classes http://www.acme.com/java/software/Package-Acme.Crypto.html
  • On the subject of OpenCard supporting smart cards on all platforms http://www.opencard.org
  • Sample of how to use the upcoming PC/SC Resource Manager from IBM and Bull /javaworld/jw-02-1998/javadev/PcscTest.java
  • C++ program to dump the registry on PC/SC. You will need this later as we start using OpenCard on Windows 98 and NT 5.0 /javaworld/jw-02-1998/javadev/ScanPCSCReaders.cpp
  • See JavaWorld's first installment in the smart card series, "Smart cardsA primer" http://www.javaworld.com/jw-12-1997/jw-12-javadev.html
  • The second JavaWorld article in the series on smart cards is "Smart cards and the OpenCard Framework" http://www.javaworld.com/jw-01-1998/jw-01-javadev.html
  • Many thanks to:
  • Michael Montgomery, engineering specialist at Schlumberger, for all his support and examples
  • Christophe Colas and Jean-Paul Billion of Bull for their work on the PC/SC to OpenCard adapter
  • Hans Granqvist for his C++ program to list the PC/SC registry
  • FJ Hueber (huebfj@sainc.com), director of Smart Technology Business Development at Strategic Analysis, Inc., for getting the Formatter going on my system
  • JC (jraynon@scmmicro.com) for his help in getting the Reflex20 to function with OpenCard
  • Andreas of Astraub for the sample programs for performing file commands to the Reflex20 reader
  • Robert Nobles of Litronic for his support in getting the Litronic reader going