The Design And Implementation Of A Secure Run-Time Environment On Java Smart Card

With the rapid development of information technology and the continuous progress of information construction, Java Card has been widely applied in the fields of identification, electronic payment and information security. Java Card is a kind of smart card which can run Java programs. It has become the major application of the smart card because of many new features, such as multi-application, good security, object-oriented programming, and dynamic loading. At the same time, Java Card has also been the focus of research and development in smart card field. With the extensive application, the security of the multi-application smart card received more and more attention. Although Java Card provides a firewall mechanism to isolate the different applications, there are still many various attacks which can threaten Java Card applications.In order to improve the multi-application security level, we do some research work in the following areas. Firstly, the paper reviews the status of Java Card technology and summarizes the characters of Java Card run-time environment. Secondly, we analyze the standard and security mechanism of Global Platform cards with a view to improve Java Card security. Thirdly, some security mechanisms based on management of keys and secure channel protocol are designed, such as secure download, identification of the off-card entity, and measurement schemes of applications in Java Card. These mechanisms will ensure the reliability of programs' downloading and running, and verify the identity of entities so as to ensure that only the authorized entities have the right to access the application on the card. Finally, the paper proposes an open environment that is compatible with instruction formats of both GP and Java Card. Therefore, users can freely choose the way of loading applications. If in the GP way, only the applications signed by the issuer can be downloaded. If in the Java Card way, measurement schemes provided by the issuer will be downloaded together with the application. When the application programs are running, the environment can measure it according the measurement schemes. In this way, we can prevent running attack, and ensure that the application runs in accordance with the issuer's intent.