I am new to Java Card development but until now I am using the Java Card development kit 2.2 and doing the Samples.
I try to understand how can I actually use the java card Applets. For example I have the classic "Wallet" applet that is a wallet application managing credit and also debit operations on the Card. I use the jcwde tool to run the applets on the emulator. The APDU tool is sending apdu messages to the card and the card responds.
Now my question is on practice how can I use this card? The apdu istructions that the terminal should send are predefined according to the methods the applet implements. The device that the customer should plug the card how should interact to the card? For example we don't expect the customers to send APDU commands. Is there a device with a screen that should be programmed too?
The wallet application is similar to: working with Java Card Wallet
The person question here is using the same approach. Testing the applet using apdu messages. Is this the way we should test our cards?
Once the card application is operational, you will want to stage it in some service. Depending on the context, the client might be sending APDUs to it
from a local application (e.g. a phone app sending APDUs to the UICC)
over NFC (e.g. a merchant point of sale sending APDUs to a Visa application within a card)
over-the-air, in a secure channel (the "credit" command would typically require that the entity sending it is authenticated, otherwise anyone can top-up their wallet)
It really comes down to what you are trying to build. In most cases you will have to build some reader code, most likely using PC/SC to send APDUs. Then the beauty of Javacard is that it lets you define your business rules within the card, that is within a tightly secured environment. Just make sure you can trust your inputs.
Related
I'm in the process of developing a java web application using Spring MVC that will (among other things) be capable of recording video from a camera on an Android based tablet and ultimately transfer that video to the server (dbase or filesystem). I see there are a number of tools available that might allow me to do this one of two ways: (1) record that video locally in the browser and potentially upload the final product as a single file to the server (i.e. RecordRTC) or (2) establish a connection to the server that enables me to stream the video direct, leaving it to the server side to manage the actual recording (i.e. Kurento, Jitsi). However, there are a few gotchas in all of this that are making it difficult for me to determine (1) which way makes sense and (2) which way is actually proven to work:
must be capable of running in any browser on an Android based tablet (v 4.2+)
recorded video can be anywhere from 15 sec to 15 min in duration
users will be securely authenticated at login via Spring security; video streams/files need to be handled in that established session (which I don't think is possible with Kurento)
must be open source
I've been developing Java web applications for many years now, but the video capture and processing component is something new to me and I'm hoping those with experience in this arena could guide me in a direction that makes most logical sense.
NOTE: I am open to other ideas that might make more sense than what I've mentioned already. Given the direction of HTML5, I thought WebRTC would be the best route. But given some of the Android based browser limitations, I'm not sure.
Thanks!
I am going to build an client-server service that will control the security of a house(who comes in and who comes out). I want the identification to be made via nfc communication and especialy between a nfc-android phone and a nfc reader connected to a pc. So i am thinking of 2 programms. one for the phone and one for the pc( +1 for the server if any). I want data to be saved to both phone and pc. Is this possible via nfc? can the phone read and write data via nfc?
I am thinking of using java for both programms. Do we know for any nfc api? (i have a nxp chip on my device)
What reader should i buy? any recomendations?
In order to make the application you have to save certain information (e.g. user id) in a secure place. This is the problem, since the phone normally does not allow running in card emulation mode and do not allow to access the secure element - more you can read there: Android and Symbian NFC mobile development questions and answers (FAQ).
Anyway it seems that the Mifare 4K can be used... Might be the p2p mode with the SD card secure element is also a way there...
BR
STeN
Android does let you now to use your phone like it is a nfc-tag.
This is called "Host based Card Emulation".
On your phone, you can either let android do the magic and after the transaction is finished read the status in your app, or you can have your app control the whole process.
See http://developer.android.com/guide/topics/connectivity/nfc/hce.html
i wonder on which smartcards i can actually run javacard? afaik it requires the "open platform" OS, but: which USIM-cards for mobile phones today (especially in germany) do actually support this?
Updated with TheGoodUser correction
I afraid issued cards will be useless for you.
Almost (if not all of them) will be in lifecycle state CARD_SECURED which doesn't allow you to load an applet using GlobalPlatform/OpenPlatform.
In case of SIM cards for the network operator there is a way to load an applet on the Java card - OTA. If Remote Applet Manager applet (part of OTA) is installed and configured applet could be loaded and installed to the SIM using ENVELOPE command (special formated SMS comes to the phone and phone passes them in ENVELOPE command to the card). Unfortunately for you to do that you still need to know keys - card will expect signed or/and encrypted ENVELOPEs. So you'll need keys to do that.
If your interest is just academic - you can always buy java card with some SDK/Tools from some small card manufactures and play with java card. If you want to install something on existing card I'd say it is impossible.
As far as I know all SIM card produced during last ~10 years are able to run java. The problem is that you need code can be obtained from the card owner, i.e. the carrier. But carrier will not give you this code unless you are the carrier's partner...
Probably the following links can help you.
http://forums.techarena.in/software-development/1353925.htm
How to programmatically load a Java card applet ( a .cap file ) using Visual C++/PCSC
some operator provide USIM to customer by javacard.you can download applets into java card.
how can I let an SWF file to retrieve values immediately from Java application that does live calculations (Speed is a necessity).
question in other form : how can I
give my website browser immediate data
- that are bean calculated now - as fast as i
can ?
I'm going to assume the calculations are being done in a Java applet in the same browser where the flash is running.
You can call Javascript from within the applet using the following code. This code could then update the values in the flash animation.
import netscape.javascript.JSObject;
JSObject win = JSObject.getWindow(applet);
win.eval("window.alert('Hello from Java')");
If my assumption is incorrect, then where is the Java application running? On the client or server?
If it's on the server then you need Flash remoting. I believe there are a few different Flash remoting techniques. Try searching for java flash remoting. You can make it call the server every 2 seconds or so to get the latest data.
If it's running on the client I doubt you can connect to it from Flash because of security. A signed Java applet could connect anywhere it wants to. You could retrieve the data using it, then push it into Flash using the method described above. Would be a crazy hack though. Can you do the same thing with Flex? (I've never used Flex before).
If the speed is crucial, you would probably want to do it via some kind of socket connection. Usually signed applet or a WebStart Java application is able to open a listening socket. Flash application then would be able to connect to this socket and as a result you will have very fast bidirectional communication.
There are some caveats however.
You should bear in mind that user might get suspicious about weird socket activity on his machine, or it would be just blocked by a firewall - so you'll need to warn user.
In order to be able to connect from Flash to Java, you must dispatch crossdomain policy file from the listening socket (or any other below 1024 - see documentation for details; keywords: crossdomain, policy-file-request, loadPolicyFile). Also your Flash application might need to request such file manually from the Java application.
Couple of useful links on how to get certificate for your Java application: how to get free code signing certificate (Russian), similar but less detailed description in English.
However, if you are able (read: the speed is sufficient) to use Java Applet <-> JavaScript <-> Flash combination I'd advice to take advantage of it.
I'd like to be able to access the contents of my Storage Card which is in my Windows Mobile device. Normally, I'd just remove the card and shove it in a card reader, but its encrypted (and thus, locked to my WM device).
Is there an API or some sort of framework allowing read/write access to the Storage Card (while PDA is docked to PC)?
Reason is: I'm sick of having to create playlists for each album every time I upload to it. I'd like to automate this process.
Any pointers would be greatly appreciated.
When the PDA is connected to the PC you can use RAPI to access files, registry etc on a Windows Mobile device, but I don't know of a Java interface to it. Should be a piece of cake with JNI though... :-)
RAPI (Remote API) is used for accessing the WM device from the desktop, and can be used to access files.
See RAPI and CeCreateFile, or this tutorial on RAPI.
You can point it to files on the storage card by the "\Storage Card\" path.
But, as you notice, this is a C++ API... I'm not aware of any RAPI wrappers for Java, unfortunately.