Java Card Classic Development Kit 3.0.5u2

The Java Card Development Kit includes a complete, standalone development environment in which applications written for the Java Card platform can be developed and tested.

JAVA CARD CLASSIC PLATFORM SPECIFICATION 3.0.5

Java Card technology is the leading open, interoperable platform that enables smart cards and other resource-constrained devices to securely run Java technology-based applications. Java Card 3.0.5 Specification continues the traditional cross-platform and cross-vendor applet interoperability that exist in the Java Card 3.0.x and 2.2.x platforms.

The Java Card Platform specification, consists of two editions: Classic Edition, and Connected Edition. In this latest release, only the Classic Edition has been modified, so its version number has changed to 3.0.5.

The Classic Edition is based on an evolution of the Java Card Platform, Version 2.2.2 and targets resource-constrained devices that support applet-based applications. Release 3.0.5 is the third release of the Classic Edition.  Bug fixes and clarifications against the Java Card 3.0.4 specifications and new security algorithms have been added, while backwards compatibility is maintained. In addition, several new features have been added, for instance related to security and static cryptography. Specification documents include:

Virtual Machine Specification for the Java Card Platform, Classic Edition provides the instruction set of the Java Card Virtual Machine (VM), the supported subset of the Java language, and the file formats used to install applets and libraries into Java Card technology-enabled devices. This VM mirrors those VMs found in previous releases of the Java Card platform, including v2.2.2.

Runtime Environment Specification for the Java Card Platform, Classic Edition defines the necessary behavior of the runtime environment (RE) in any implementation of Java Card technology. The RE includes the implementation of the Java Card Virtual Machine, the Java Card API classes, and runtime support services such as the selection and deselection of applets. This RE mirrors those REs found in previous releases of the Java Card platform, including v2.2.2.
Application Programming Interface for the Java Card Platform, Classic Edition complements the Java Card RE Specification, and describes the application programming interface of the Java Card technology. It contains the class definitions required to support the Java Card VM and the Java Card RE. This API mirrors those APIs found in previous releases of the Java Card platform, including v2.2.2.

The documents are accessible on any computer system with an unzip utility, Adobe Acrobat Reader (version 4.0 or later), and a CSS-compliant web browser.

HTML can be viewed with any CSS-compliant browser software, such as:

• Internet Explorer, version 5.0 or later
• Mozilla Firefox, version 11.0 or later
• PDF files can be viewed in your web browser with an appropriate plugin or in Adobe® Acrobat Reader. Most recent browsers include the PDF reader plugin. If your browser does not, you can download the plugin from the browser vendor's web site or the Adobe web site at http://www.adobe.com/products/acrobat/readstep.html.

Download and unzip the specifications bundle

The bundle unzips into the subdirectory javacard_specifications-3_0_5-RR, within which you will find the subdirectory classic. Within the classic subdirectory you will find the specifications:

• api_classic - contains the Java Card API specification for the Classic Edition in JavadocTM tool HTML format. These can be viewed in most browsers but do notrender well in Mozilla Firefox 3.0.10.
• jcre_classic - contains the Java Card runtime environment specification for the Classic Edition in PDF format (JCREspecCLASSIC-3_0_5-RR.pdf).
• jcvm_classic - contains the Java Card virtual machine specification for the Classic Edition in PDF format (JCVMspecCLASSIC-3_0_5-RR.pdf) 

JAVA CARD PROTECTION PROFILE DOWNLOADS

Java Card technology provides a secure environment for applications that run on smart cards and other devices with very limited memory and processing capabilities. Multiple applications can be deployed on a single card, and new ones can be added to it even after it has been issued to the end user. Java Card also includes a set of unique tools for developing new products.

To help creators of products based on Java Card technology meet the demand by banks, governments, and other card issues for security evaluations that comply with rigorous, widely accepted standards, the Java Card Protection Profile provides a modular set of security requirements designed specifically for the characteristics of the Java Card platform. It reduces the time and cost for developers of Java Card-based products to complete security evaluations under the Common Criteria for IT Security Evaluation. This work is part of Oracle's Global Initiative on Common Criteria (CC).

A profile defines a set of security requirements for the Java Card Runtime Environment, the Java Card Virtual Machine, the Java Card API Framework, and the on-card Installer components. It provides guidelines to develop a secure Java Card platform and obtain high-level security certifications.

The design strategy behind protection profiles represents a breakthrough in the world of security evaluations, as it specifically accommodates the flexible, modular, and open characteristics of Java Card technology. In Particular, it is intended to complement existing protection profiles available for Java Card technology-based smart cards.

Java Card Protection Profile version 3.0.5

The Java Card Protection Profile version 3.0.5, is aligned with the Java Card Specifications version 2.2.x, 3.0.1, 3.0.4 and 3.0.5.

This version of the Protection Profile has been certified by BSI (Bundesamt für Sicherheit in der Informationstechnik) to a certification level of CC EAL4+, ALC_DVS.2, AVA_VAN.5 and can be used to reach certification levels of EAL4+ and above for Java Card products. It relies on CC version 3.1 revision 5.

Java Card Protection Profile v3.0.5 Open Configuration is registered under the reference BSI-CC-PP-0099-2017, and applies to evaluations of Java Card - based smart cards or similar devices that support post-issuance downloading of applications. It replaces the Java Card Protection Profile v 3.0 Open Configuration.

The following sections describe the changes to the Classic Edition specifications for the Java Card platform since the Version 3.0.4 release.

Application Programming Interface, Version 3.0.5, Classic Edition

This section describes the changes to the Application Programming Interface Specification, Java Card Platform, Version 3.0.5, Classic Edition since the Version 3.0.4 release.

The export files associated with the API packages of the Java Card Platform, Classic Edition, are included in the reference implementation bundle. The export files are subject to change until the final release. The new package version numbers are:

• javacard.framework - version 1.6
• javacard.security - version 1.6
• javacardx.crypto - version 1.6
• javacardx.apdu.util - version 1.0
• javacardx.biometry1toN - version 1.0
• javacardx.security -version 1.0

Updates to the API specification, Version 3.0.5, since Version 3.0.4 include:

• javacard.framework
  • javacard.framework.APDU
    • Added the new constants - PROTOCOL_MEDIA_CONTACTLESS_TYPE_F and PROTOCOL_MEDIA_HCI_APDU_GATE to support JIS X 6319-4:2010 transport protocol Type F and Transport protocol Media - APDU over HCI defined for the APDU gate in ETSI TS 102 622 respectively.
  • javacard.framework.OwnerPINBuilder
    • New class - OwnerPINBuilder. This class is factory for Owner PIN objects.
  • javacard.framework.OwnerPINx
    • New interface - OwnerPINx. This interface represents an Owner PIN, extends Personal Identification Number functionality as defined in the PIN interface, and provides the ability to update the PIN, update the try limit and try counter and thus owner functionality.
  • javacard.framework.OwnerPINxWithPredecrement
    • New interface - OwnerPINxWithPredecrement. This interface extends the OwnerPINx interface, to support the decrementing of the tries counter before any PIN validation attempts.
  • javacard.framework.SensitiveArrays
    • New class - SensitiveArrays. This class provides methods for creating and handling integrity-sensitive array objects.
  • javacard.framework.Util
    • Added methods arrayFill which fills an array in an atomic way, and arrayEqual. which compares two arrays.
• javacard.security
  • Diffie-Hellman modular exponentiation
    • New interfaces - DHKey, DHPrivateKey, and DHPublicKey. These interfaces support Diffie-Hellman modular exponentiation.
  • Domain Data Conservation
    • Added constants ALG_TYPE_DH_PARAMETERS, ALG_TYPE_DSA_PARAMETERS, ALG_TYPE_EC_F2M_PARAMETERS, ALG_TYPE_EC_FP_PARAMETERS and method buildKeyWithSharedDomain(byte algorithmicKeyType, byte keyMemoryType, Key domainParameters, boolean keyEncryption) to class javacard.security.KeyBuilder to support Domain Data Conservation for Diffie-Hellman, Elliptic Curve and DSA keys
  • OneShot inner classes
    • Added classes javacard.security.Signature.OneShot, javacard.security.RandomData.OneShot, javacard.security.InitializedMessageDigest.OneShot and javacard.security.MessageDigest.OneShot to support efficient one-shot, signing, verification, random number generation and hashing operations.
  • RSA 3K support
    • Added new constant LENGTH_RSA_3072 to support 3K length for RSA keys.
  • javacard.security.RandomData
    • Added new constants ALG_FAST, ALG_KEY_GENERATION, ALG_PRESEEDED_DRBG ALG_TRNG and methods getAlgorithm() and nextBytes(byte[] buffer, short offset, short length) to class javacard.security.RandomData.
  • javacard.security.MessageDigest
    • Added new constants ALG_SHA3_224, ALG_SHA3_256, ALG_SHA3_384, ALG_SHA3_512, LENGTH_SHA3_224, LENGTH_SHA3_256, LENGTH_SHA3_384 and LENGTH_SHA3_512 to support SHA3
  • javacard.security.Signature
    • Added method verifyPreComputedHash(byte[] hashBuff, short hashOffset, short hashLength, byte[] sigBuff, short sigOffset, short sigLength) to support verification of pre-computed hash.
    • Added constants SIG_CIPHER_ECDSA_PLAIN to support plain ECDSA.
    • Added new constants ALG_AES_CMAC_128 and SIG_CIPHER_AES_CMAC128 to support AES CMAC signature algorithm
• javacardx.apdu.util
  • Extension package javacardx.apdu.util added that contains APDUUtil class which contains utility functions to parse CLA byte from a command APDU.
• javacardx.biometry1toN
  • Extension package javacardx.biometry1toN added that contains functionality for implementing a 1:N biometric framework on the Java Card platform.
• javacardx.crypto
  • javacardx.crypto.Cipher
    • Added new constants ALG_SHA3_224, ALG_SHA3_256, ALG_SHA3_384, ALG_SHA3_512, LENGTH_SHA3_224, LENGTH_SHA3_256, LENGTH_SHA3_384 and LENGTH_SHA3_512 to support SHA3
    • Added new extension class javacardx.crypto.Cipher.OneShot to support efficient one-shot cryptographic operations.
    • Added new constant ALG_AES_CTR to support a cipher using AES in counter (CTR) mode.
    • Added new constants PAD_PKCS1_OAEP_SHA224, PAD_PKCS1_OAEP_SHA256, PAD_PKCS1_OAEP_SHA384 and PAD_PKCS1_OAEP_SHA512 to extend PKCS#1-OAEP scheme support to SHA224, SHA256, SHA384 and SHA512
  • javacardx.crypto.AEADCipher
    • New abstract class javacardx.crypto.AEADCipher to support Authenticated Encryption with Associated Data (AEAD) ciphers. Only GCM and CCM modes of operation for AES are supported in this version of the spec.
• javacardx.security
  
  • Extension package javacardx.security added that contains functionality, for implementing security countermeasures to protect security relevant applet assets on the Java Card platform. The package contains SensitiveResult class which provides methods for asserting results of sensitive functions. List of API functions that have been updated to support usage of this functionality can be found in the specification for this class
• javacardx.framework.util
  
  • Added methods arrayFillGeneric and arrayFillGenericNonAtomic to class ArrayLogic.

Runtime Environment Specification, Version 3.0.5, Classic Edition

This section describes the changes to the Runtime Environment Specification, Java Card Platform, Version 3.0.5, Classic Edition since the Version 3.0.4 release.

Summary

Updates to the Runtime Environment specification, Version 3.0.5, since Version 3.0.4 include: 

• Reformatting and bug fixes

Virtual Machine Specification, Version 3.0.5, Classic Edition

Tools related to CAP file generation and verification in the Java Card Development Kit by Oracle, have been updated to support JDK 7 class format. Virtual Machine Specification, Java Card Platform, Classic Edition, however, were not changed to provide this support. The changes to the Virtual Machine Specification, Java Card Platform, Version 3.0.5, Classic Edition since the Version 3.0.4 release include:

• Reformatting and bug fixes

Bugs Fixed in Version 3.0.5

This section describes the bugs that have been fixed in this release of the Java Card specifications, Classic Edition, Version 3.0.5.

Product Information

The Java Card technology web site is http://www.oracle.com/technetwork/java/javacard.

Visit this website to access most up-to-date information on the following:

• Product news and reviews
• Release notes and product documentation