Java Card 3 Includes Java 6 Support and an Embedded Servlet Container
Originally released in 1997 Java Card technology is designed to allow smart cards, security tokens and other devices with very limited memory to run Java applets. The technology is widely used, with Sun claiming in excess of 3.5 billion Java powered smart cards deployed worldwide. Whilst six updates to the platform have been released since 1997, the core architecture has remained unchanged. With version 3 however Sun is substantially overhauling it to take advantage of the increasing power found in high end smart card hardware.
Java Card Version 3 consists of two editions, the Classic Edition and the Connected Edition. Both editions feature persistent virtual machines with persistent objects. Both allow multiple applications to execute on the virtual machine with their objects protected from intrusion by a firewall-based context-isolation mechanism. Both are compatible with Java Card 2 and will run existing applets, now referred to as "Classic applets". Here however the similarities end.
The Classic Edition is based on the existing Version 2.2.2 architecture and introduces some enhancements, including support for new cryptography algorithms such as s4096-bit RSA and NSA Suite B. As with previous versions of the Java Card platform, it uses a split virtual machine technology that allows for off-card preprocessing of the applications that will be loaded onto the card. This approach ensures that the Java Card platform can be implemented on cards with minimal memory and CPU requirements and the Classic Edition remains suitable for typical low cost cards with an 8- or 16-bit CPU.
The Connected Edition targets high-end smart cards with a 32 bit CPU. It features a new virtual machine and a number of new APIs and services. It does not rely on the split VM technique for loading applications instead using the increased power of the high end cards to support direct class file loading using the standard Java Archive (JAR) file format and on-card class file verification.
The new architecture is designed to allow a smart card to act as a secure network node, either providing security services to a network or requesting access to network resources. Developers can integrate smart cards within IP networks and web services either through an embedded Servlet 2.5 compatible web container or by managing the connections directly. By taking advantage of multithreading in the new VM the web container is able to dispatch multiple HTTP and HTTPS requests concurrently. For developers needing to directly manage network communications the platform includes the Generic Connection Framework, which provides a set of related abstractions to request and manage network or I/O connections. As well as HTTP and HTTPS the Generic Connection Framework supports a number of other protocols including TCP, TLS and, optionally, UDP.
The Connected Edition VM is based on the Connected Limited Device Configuration (CLDC) VM version 1.1 widely used in mobile phones and defined by the Java ME Platform. As well as multithreading, features supported by the Connected Edition VM but not by the Classic Edition VM include multiple packages and garbage collection. The Connected Edition VM is JDK 6 compatible and, with the exception of floating point, supports the full Java language including annotations and generics. Applets taking advantage of the new features are referred to as "Extended applets".
Despite all these enhancements the memory footprint remains impressively small. James Gosling states that it fits in "24K RAM, 128K EEPROM, 512K ROM with a 32 bit processor".
Chris Mattmann Apr 15, 2014