| Development Kit User's Guide |     |
Glossary |
Third Generation Partnership Project (3GPP) formed by telecommunications associations to develop 3rd Generation Mobile System specifications for systems deployed across the GSM market. These specifications are available on the 3GPP web site.
defined by ISO 7816, a string used to uniquely identify card applet applications and certain types of files in card file systems. An AID consists of two distinct pieces: a 5-byte RID (resource identifier) and a 0 to 11-byte PIX (proprietary identifier extension). The RID is a resource identifier assigned to companies by ISO. The PIX identifiers are assigned by companies.
A unique AID is associated with each applet class in an applet application module. In addition, a unique AID is assigned to each applet instance during installation. This applet instance AID is used by an off-card client to select the applet instance for APDU communication sessions.
Applet instance URIs are constructed from their applet instance AID using the "aid" registry-based namespace authority as follows:
where <RID> (resource identifier) and <PIX> (proprietary identifier extension) are components of the AID.
a platform-independent software tool written in the Java programming language that is used for automating build processes.
an acronym for Application Protocol Data Unit as defined by ISO 7816-4 specifications. ISO 7816-4 defines the application protocol data unit (APDU) protocol as an application-level protocol between a smart card and an application on the device. There are two types of APDU messages, command APDUs and response APDUs. For detailed information on the APDU protocol see the ISO 7816-4 specifications.
APDU-based application environment
consists of all the functionalities and system services available to applet applications, such as the services provided by the applet container.
an acronym for Application Programming Interface. The API defines calling conventions by which an application program accesses the operating system and other services.
a stateless software component that can only execute in a container on the client platform. Within the context of this document, a Java Card applet, which is the basic component of applet-based applications and which runs in the APDU application environment.
an application that consists of one or more applets.
contains applet-based applications and manages their lifecycles through the applet framework API. Also provides the communication services over which APDU commands and responses are sent.
an API that enables applet applications to be built.
see descriptor.
The producer of an application. The output of an application developer is a set of application classes and resources, and supporting libraries and files for the application. The application developer is typically an application domain expert. The developer is required to be aware of the application environment and its consequences when programming, including concurrency considerations, and create the application accordingly.
a set of one or more applications executing in a common group context.
a URI uniquely identifying an application instance on the platform.
a property of transactions that requires all operations of a transaction be performed successfully for the transaction to be considered complete. If all of a transaction’s operations cannot be performed, none of them can be performed.
applets with the same capabilities as those in previous versions of the Java Card platform and in the Classic Edition.
one of the two editions in the Java Card 3 Platform. The Classic Edition is based on an evolution of the Java Card Platform, Version 2.2.2 and is backward compatible with it, targeting resource-constrained devices that solely support applet-based applications.
one of the two editions in the Java Card 3 Platform. The Connected Edition has a significantly enhanced runtime environment and a new virtual machine. It includes new network-oriented features, such as support for web applications, including the Java
Servlet APIs, and also support for applets with extended and advanced capabilities. An application written for or an implementation of the Connected Edition may use features found in the Classic Edition.
a peice of software that preprocesses all of the Java programming language class files of a classic applet application that make up a package, and converts the package into a standalone classic applet application module distribution format (CAP file). The Converter also produces an export file.
indicates that a web application of a module or an application group, that was loaded by load, needs to be created. As a result, the required application is accessible through some Web-Context root.
indicates that a web application instance created by create needs to be deleted.
the European Telecommunications Standards Institute (ETSI) is an official European Standards Organization that develops and publishes standards for information and communications technologies. Additional information is available on the ETSI web site.
a document that describes the configuration and deployment information of an application. A deployment descriptor conveys the elements and configuration information of an application between application developers, application assemblers, and deployers. A runtime descriptor describes the configuration and deployment information of an application that are specific to an operating environment to which the application is to be deployed.
structure and encoding of a distribution or deployment unit intended for public distribution.
an applet with extended and advanced capabilities (compared to a classic applet) such as the capabilities to manipulate String objects and open network connections.
the process by which dynamically allocated storage is automatically reclaimed during the execution of a program.
an applet environment array objects accessible from any context.
the scope of a user authentication that can be tracked globally (card-wide). Global authentication is restricted to card-holder-users. Authorization to access resources protected by a globally authenticated card-holder-user identity is granted to all users.
an international association of companies and organizations that establish and maintain interoperable specifications for single and multi-application smart cards, acceptance devices, and infrastructure systems. Additional information is available on the GlobalPlatform web site.
protected object space associated with each application group and Java Card RE. All objects owned by an application belong to the context of the application group.
the International Standards Organization (ISO) is a non-governmental organization of national standards institutes that develops and publishes international standards for both public and private sectors. Additional information is available on the ISO web site.
an acronym for Java Archive file, which is a file format used for aggregating and compressing many files into one.
consists of the Java Card virtual machine and the associated native methods.
Java Card Virtual Machine (Java Card VM)
a subset of the Java virtual machine, which is designed to be run on smart cards and other resource-constrained devices. The Java Card VM acts an engine that loads Java class files and executes them with a particular set of semantics.
an acronym for Java Development Kit. The JDK software is a Sun Microsystems, Inc. product that provides the environment required for software development in the Java programming language. The JDK software is available for a variety of operating systems, for example Sun Microsystems Solaris OS and Microsoft Windows.
a virtual machine for small devices, the KVM is derived from the Java virtual machine (JVM) but is written in the C programming language and has a smaller footprint than the JVM. The KVM supports a subset of the JVM features.
indicates that the client is requesting information about all loaded application groups and instances.
indicates that a module or an application group needs to be deployed onto the card but not yet made accessible.
refers to embedding the Java Card virtual machine, runtime environment, and applications in the read-only memory of a smart card during manufacture.
designates the type or protocol of communication (HTTPS, SSL/TLS, SIO...) and the mode of operation (client or server) that characterizes a communication endpoint.
a unit of distribution and deployment of component applications. Modules or component applications are individual applications (standalone) and can be assembled into application groups. Applications that rely on a single component application can be deployed directly as standalone application modules in addition to deployment as application groups.
MultiMediaCard (MMC) is a flash memory card standard developed and published by the MultiMediaCard Association.
a set of names in which all names are unique.
memory that is expected to retain its contents between card tear and power up events or across a reset event on the smart card device.
normalization (classic applet)
the process of transforming and repackaging a Java application packaged for the Java Card Platform, Version 2.2.2, for deployment on both the Java Card 3 Platform, Connected Edition and the Java Card 3 Platform, Classic Edition.
the process of removing unnecessary "." and ".." segments from the path component of a hierarchical URI.
in the Connected Edition, a backwards compatibility tool that allows Java applications programmed for the Java Card Platform, Version 2.2.2, to be deployed on both the Java Card 3 Platform, Connected Edition and on the Java Card 3 Platform, Classic Edition. It also allows Java applications packaged for Version 2.2.2 to be transformed through the normalization process and then repackaged for deployment on both the Connected and Classic Editions.
In the Classic Edition, a compatibility tool that enables developers to generate application modules for Java Card 3 platform classic applets they are creating or from classic applets created for previous versions of the Java Card platform. These application modules contain CAP files and are downloadable on both the Java Card 3 platform Classic Edition and Connected Edition smart cards.
see off-card client application.
an application that is not resident on the card, but runs at the request of a user’s actions.
the off-card application that transmits the application and library executables to the card manager application running on the card.
a namespace within the Java programming language that can have classes and interfaces.
a set of permissions granted to an application or group of applications by the platform security policy. A platform protection domain is defined by two sets of permissions: a set of included permissions that are granted and a set of excluded permissions that are denied and can never be granted.
the permission-based security policy that maps application models to sets of permissions granted to applications implementing these application models. For each of the application models, the platform security policy guarantees the consistency and integrity of the applications implementing the application model.
see protected resource.
an application or system resource that is protected by an access control mechanism.
a set of permissions granted to an application or group of applications.
temporary working space for storing and modifying data. RAM is non-persistent memory; that is, the information content is not preserved when power is removed from the memory cell. RAM can be accessed an unlimited number of times and none of the restrictions of EEPROM apply.
a fully functional and compatible implementation of a given technology. It enables developers to build prototypes of applications based on the technology.
blue print-like applications that demonstrate the interactions between various applications on the card using advanced features such as SIO and events.
an user whose identity may be assumed by a remote entity, such as a remote card administrator.
remotely accessible web application
an application that is not expected to interact with the card holder but with other-users, potentially remote.
an object implementing the Runnable interface that has been registered for recurrent execution over card sessions. A task executes in its own thread.
a Java Card RE facility that is used for registering tasks for recurrent execution over card sessions.
the required security characteristics for a particular secure communication being established by either an application or by the web container on behalf of a web application.
an on-card application that provides a service to its clients.
a shareable interface object that a server application uses to provide a set of well-defined functionalities to its clients.
a Java Card RE facility (or subsystem) that is used for inter-application communications.
an object that the Java Card RE invokes to create a service - on behalf of the server application that registered that service - for a client application that looked up the service.
the core component of the service facility. The service facility is used for registering and looking up services.
a URI that uniquely identifies a service provided by a server application.
a web application component, managed by a container, that generates dynamic web content and that runs in the web application environment.
see web application container.
a container-managed object that defines a servlet’s view of the web application within which the servlet is running. A servlet context is rooted at a known path within a web server: a context path.
a servlet definition that is associated by a servlet container with a URL path pattern. All requests to that path pattern are handled by the servlet associated with the servlet definition. See Java Servlet Specification, Connected Edition.
an interface that defines a set of shared methods. These interface methods can be invoked from an application in one group context when the object implementing them is owned by an application in another group context.
shareable interface object (SIO)
an object that implements the shareable interface.
shareable interface object-based service
see service.
a card that stores and processes information through the electronic circuits embedded in silicon in the substrate of its body. Unlike magnetic stripe cards, smart cards carry both processing power and information. They do not require access to remote databases at the time of a transaction.
Secure Socket Layer (SSL), like the later TLS protocol, is a cryptographic protocol for securely transmitting documents by using a two key cryptographic system (a public key and a private key) to encrypt and decrypt data.
is typically a computer in its own right with an interface which connects with a smart card to exchange and process data.
the basic unit of program execution. A process can have several threads running concurrently each performing a different job, such as waiting for events or performing a time consuming job that the program doesn't need to complete before going on. When a thread has finished its job, it is suspended or destroyed.
when an object instance method is invoked, the owning context of the object becomes the currently active context for that particular thread of execution. Synonymous with currently active context.
an atomic operation in which the developer defines the extent of the operation by indicating in the program code the beginning and end of the transaction.
a Java Card RE facility that enables an application to complete a single logical operation on application data atomically, consistently and durably within a transaction.
the state of transient objects do not persist from one card session to the next, and are reset to a default state at specified intervals. Updates to the values of transient objects are not atomic and are not affected by transactions.
classes whose instances can have their ownership transferred to a context different from their currently owning context. Transferable classes are of two types:
Implicitly transferable classes - Classes whose instances are not bound to any context (group contexts or Java Card RE context) and can, therefore, be passed and shared between contexts without any firewall restrictions. Examples are Boolean and literal String objects.
Explicitly transferable classes - Classes whose instances must have their ownership explicitly transferred to another application’s group context in order to be accessible to that other application. Examples are arrays and newly created String objects.
a Java Card RE facility that allows for an application to transfer the ownership of objects it owns to an other application. Only instances of transferable classes can have their ownership transferred.
an on-card or off-card application client that an on-card application trusts on the basis of credentials presented by the client.
credentials that an on-card application uses to ascertain the identity of clients it trusts.
Transport Layer Security (TLS), like the earlier SSL protocol, is a cryptographic protocol for securely transmitting documents either by endpoint authentication of the server or by mutual authentication of the server and the client.
indicates that the module or application group that was loaded by load needs to be removed completely from the card. By default, if there are some instance(s) created, then unload will fail. Optional -f (or -force) will attempt to delete all instances before unloading.
uniform resource identifier (URI)
a compact string of characters used to identify or name an abstract or physical resource. A URI can be further classified as a uniform resource locator (URL), a uniform resource name (URN), or both. See RFC 3986 for more information.
uniform resource locator (URL)
a compact string representation used to locate resources available via network protocols or other protocols. Once the resource represented by a URL has been accessed, various operations may be performed on that resource. See RFC 1738 for more information. A URL is a type of uniform resource identifier (URI).
Universal Serial Bus (USB) is a serial bus specification developed and published by the USB Implementers Forum that when implemented enables external devices such as flash drives, PDAs, and printers to connect to a host controller.
a process performed on an application or library executable that ensures that the binary representation of the application or library is structurally correct.
memory that is not expected to retain its contents between card tear and power up events or across a reset event on the smart card device.
an object that is ideally suited to be stored in volatile memory. This type of object is intended for a short-lived object or an object which requires frequent updates. A volatile object is garbage collected on card tear (or reset).
a collection of servlets, HTML documents, and other web resources that might include image files, compressed archives, and other data. A web application is packaged into a web application archive.
All compatible servlet containers must accept a web application and perform a deployment of its contents into their runtime. This may mean that a container can run the application directly from a web application archive file or it may mean that it will move the contents of a web application into the appropriate locations for that particular container. See Java Servlet Specification, Connected Edition.
the physical representation of a web application module. A single file that contains all of the components of a web application. This archive file is created by using standard JAR file tools, which allow any or all of the web components to be signed.
A web application archive file is identified by the .war extension and is often referred to as a WAR file. A new extension is used instead of .jar because that extension is reserved for files which contain a set of class files and that can be placed in the classpath. As the contents of a web application archive are not suitable for such use, a new extension was required. See Java Servlet Specification, Connected Edition.
contains and manages web applications and their components (for example, servlets) through their lifecycle. Also provides the network services over which HTTP requests and responses are sent and manages security of web applications.
in addition to the Java Card RE, consists of all the functionalities and system services available to web applications, such as the services provided by the web application container.
an off-card entity that requests services from an on-card web application. A typical example is a web browser.
| Development Kit User's Guide | May 2009 | |
Copyright © 2009 Sun Microsystems, Inc. All rights reserved.