Description
Springer Smart Card Application Development Using Java 2002 Edition by Uwe Hansmann Martin S. Nicklous Thomas Schack
Smart cards play an increasingly important role in everyday life. We encounter them as credit cards loyalty cards electronic purses health cards ands as secure tokens for authentication or digital signatures. Their small size and the compatibility of their form with the magnetic stripe card make them ideal carriers of personal information such as secret keys passwords customization profiles and medical emergency information. This book provides a guide for the rapid development of smart card applications using Java and the OpenCard Framework. It gives you the basic information you need about smart cards and how they work. A smart card provided with the book will help you to obtain first-hand experience. Table of contents : I Smart Card Introduction and Overview.- 1 What Makes the Smart Card "Smart"?.- 1.1 What is a Smart Card?.- 1.1.1 The Benefits of Smart Cards.- 1.2 Smart Card Hardware.- 1.2.1 Memory Cards and Microprocessor Cards.- 1.2.2 Contactless Cards.- 1.2.3 The Computer on the Smart Card.- 1.2.4 Mechanical Contacts.- 1.2.5 The Size of a Smart Card.- 1.2.6 Hardware Security.- 1.2.7 The Manufacturing Process.- 2 Introduction to Smart Card Software.- 2.1 Smart Card Application Development Process.- 2.2 Communication with the Card.- 2.2.1 APDUs.- 2.2.2 T=0 and T=1.- 2.2.3 TLV Structures.- 2.3 Smart Card Operating Systems.- 2.3.1 File System Smart Cards.- 2.3.2 Java Card.- 2.3.3 Multos.- 2.3.4 Smart Card for Windows.- 3 Smart Cards and e-business.- 3.1 Electronic Purses.- 3.1.1 GeldKarte.- 3.1.2 Mondex.- 3.1.3 Proton.- 3.1.4 Visa Cash.- 3.1.5 Common Electronic Purse Specification.- 3.2 Authentication and Secure Access.- 3.2.1 Workstation Access.- 3.2.2 Network- and Server-Login.- 3.2.3 Secure Communication.- 3.3 Digital Signatures.- 3.4 Other Uses of Smart Cards in e-business.- 3.4.1 Electronic Ticketing.- 3.4.2 Loyalty Programs.- 3.4.3 Growth Expected.- 4 Cryptography.- 4.1 Cryptographic Algorithms.- 4.1.1 Symmetric Cryptographic Algorithms.- 4.1.2 Public-Key Algorithms.- 4.1.3 Hybrid Algorithms.- 4.2 Smart Card Cryptographic Protocols.- 4.2.1 External Authentication.- 4.2.2 Internal Authentication.- 4.2.3 Secure Messaging.- 4.3 TLS and Smart Cards.- 5 Smart Card Readers and Terminals.- 5.1 Smart Card Readers.- 5.2 Smart Card Terminals.- 5.3 Biometric Identification.- 6 Smart Card Standards and Industry Initiatives.- 6.1 ISO Standards.- 6.2 EMV ICC Specifications for Payment Systems.- 6.3 PC/SC.- 6.4 GlobalPlatform.- II OpenCard Framework 85.- 7 Introduction to OpenCard.- 7.1 The History of the OpenCard Framework.- 7.2 The OpenCard Consortium.- 7.3 The Objectives of the OpenCard Framework.- 7.4 The Advantages of Using OCF.- 7.5 The OCF Architecture.- 7.5.1 A Note on Notation.- 7.5.2 Architecture Overview.- 8 The Utility Classes.- 8.1 The OpenCard Core Definitions.- 8.2 The Core Utility Classes.- 8.2.1 Hex String Processing.- 8.2.2 The Configuration Provider.- 8.2.3 The Tracer.- 8.2.4 System Access.- 8.3 The Optional Utility Classes.- 8.3.1 The Loader Classes.- 8.3.2 The PassThruCardService.- 8.3.3 The Tag and TLV Classes.- 9 The Terminal Layer.- 9.1 Terminal Layer Core Components.- 9.1.1 Terminal Registry and Event Mechanism.- 9.1.2 Device Abstractions.- 9.1.3 The Terminal Layer Exceptions.- 9.1.4 PIN/Password Support.- 9.2 Terminal Layer Optional Components.- 9.2.1 The opencard.optterminal Package.- 9.2.2 The opencard.optterminal.protocol*Package.- 9.3 Tracing in the Terminal Layer.- 9.4 Communicating with the Card Reader.- 9.4.1 The Java Communications API.- 9.5 The Implementation.- 9.5.1 Using the T=1 Protocol Support.- 9.5.2 Implementing the CardTerminal.- 9.5.3 Implementing the CardTerminalFactory.- 10 The Service Layer.- 10.1 The CardService Layer Core Components.- 10.1.1 The Application Access Classes.- 10.1.2 The Card Access Classes.- 10.1.3 The CardService Support Classes.- 10.1.4 The CHV Support Classes.- 10.1.5 The CardService Exceptions.- 10.2 The CardService Optional Components.- 10.3 Standard CardService Interfaces.- 10.3.1 The ISO File System CardService.- 10.3.2 The Signature CardService.- 10.3.3 The Application Management*CardService.- 11 The OCF Security Concepts.- 11.1 OpenCard Security Overview.- 11.2 OpenCard Security Classes.- 11.2.1 Cryptographic Key Classes.- 11.2.2 The Smart Card Key Classes.- 11.2.3 CardService Interface Classes.- 11.2.4 Credentials.- 11.3 Running OCF in Browsers.- 11.3.1 Browser Security Models.- 11.3.2 Invocation of Privileged Methods.- 11.3.3 Security Implications.- III Smart Card Application Development Using OCF 193.- 12 Using OCF.- 12.1 Preparing Your System.- 12.2 Configuring OCF on Your System.- 12.2.1 Setting the OCF Configuration Properties.- 12.3 The First Simple Application.- 12.3.1 Starting OCF and Shutting it Down Again.- 12.3.2 Obtaining a SmartCard Object via*waitForCard(...).- 12.3.3 Obtaining a CardService Object.- 12.3.4 Using this Sample Program with*Other Cards.- 12.4 Smart Card Access of a Digital Signature*Application.- 12.4.1 Attributes.- 12.4.2 Constructor.- 12.4.3 cardlnserted().- 12.4.4 allocateServices(SmartCard int).- 12.4.5 cardRemoved().- 12.4.6 signatureCardPresent().- 12.4.7 getCardHolderData().- 12.4.8 propagateAnEarlierException().- 12.4.9 setCardHolderData(String).- 12.4.10 sign(intbyte[]).- 12.4.11 close().- 12.4.12 Class SignatureCardException.- 12.4.13 The Complete Sample Source Code.- 13 OCF and e-business.- 13.1 Internet Stock Brokerage.- 13.1.1 Security Considerations.- 13.1.2 Secure Stock Brokerage Architecture.- 13.1.3 Protocols.- 13.2 Distributed Payment Systems.- 13.2.1 Card-to-Card Payment Schemes.- 13.2.2 Card-to-Card Payments via Internet.- 13.2.3 Architecture Overview.- 13.2.4 Implementation.- 14 Java Card and OCF.- 14.1 Developing a Card Applet.- 14.2 Inside the Java Card.- 14.2.1 The Java Card Framework.- 14.2.2 Lifetimes of On-card Programs and*Objects.- 14.3 A Sample Java Card Applet.- 14.4 Using OCF to Work with Card Applets.- 14.4.1 Card Applet Proxies.- 14.4.2 Controlling Our Sample Card*through OCF.- 15 Card and Application Management.- 15.1 Introduction.- 15.1.1 Card Management Systems.- 15.1.2 Application Management Systems.- 15.1.3 Key Management Systems.- 15.2 Using OCF for Card and Management.- 15.2.1 Example.- 15.2.2 Security.- 15.2.3 Architecture and Technology.- 15.2.4 Post-Issuance Application Download.- 15.2.5 Post-Issuance Application Personalization.- 16 OCF for Embedded Devices.- 16.1 Device Profiles.- 16.2 OCF for Embedded Devices.- 16.2.1 Differences between OCF and OCF for*Embedded Devices.- 16.2.2 Footprint Statistics.- IV Appendixes 273.- A The Card.- A.1 The IBM MultiFunction Card.- A.2 The File Structure on the Card.- A.3 Accessing the Card.- B Useful Web Sites.- C Bibliography.- D Glossary.- E Index.