|
|
Java Card platform, version 2.2.1, provides support for logical channels: the ability to allow a terminal to open up to four sessions into the smart card, one session per logical channel. (Logical channels functionality is described in detail in ISO 7816-4.)
Cards receive requests for service from the CAD in the form of APDUs. The SELECT FILE APDU and MANAGE CHANNEL OPEN APDU are used by the Java Card RE to designate the active applet instance for a logical channel session. Once selected, an applet instance receives all subsequent APDUs dispatched to that logical channel, until the applet instance becomes deselected.
A new applet, written for version 2.2.1 of the Java Card platform, can be designed to take advantage of logical channel support. Such an applet can take advantage of multi-session functionality, and can be concurrently selected alongside another applet on a different logical channel and even be selected multiple times simultaneously on different logical channels. As shown in FIGURE 1, an implementation may support from 1 to 4 logical channels, each with its own distinct CLEAR_ON_DESELECT memory segment.
Only one logical channel, logical channel 0 (the basic logical channel) is active on card reset. A MANAGE CHANNEL APDU command may be issued on this logical channel to instruct the card to open a new logical channel. Applet instances can be selected on different logical channels using the SELECT FILE APDU command, just as they would in a single logical channel environment. The MANAGE CHANNEL APDU command is also used for closing a logical channel. Note that the basic logical channel is permanent and can never be closed.
Legacy applets (written for version 2.1 of the Java Card platform) running on version 2.2.1 need not be aware of logical channel support (and they shall still work correctly). The Java Card RE must guarantee that an applet that was not designed to be aware of multiple sessions is not selected more than once or concurrently with another applet from the same package.
Support for multiple logical channels (with multiple selected applet instances) requires a change to the Java Card platform version 2.1 concept of selected applet. Since more than one applet instance can be selected at the same time, and one applet instance can be selected on different logical channels simultaneously, it is necessary to differentiate the state of the applet instances in more detail.
An applet instance will be considered an active applet instance if it is currently selected in at least one logical channel, up to a maximum of 4. Each active applet instance from a distinct package executes with a distinct CLEAR_ON_DESELECT transient RAM space (see FIGURE 1). An applet instance is the currently selected applet instance only if it is processing the current command. There can only be one currently selected applet instance at a given time.
Applets having the capability of being selected on multiple logical channels at the same time, or accepting other applets belonging to the same package being selected simultaneously, are referred to as multiselectable applets. (Refer to FIGURE 2 below.)
No applet is active on the new (or only) logical channel when one of the following occurs:
Normally, applet instances become selected only via a successful SELECT FILE command. However, some smart card CAD applications require that there be a default card applet instance to become implicitly selected after every card reset. In addition, some CAD applications may also require a default applet selection when a new logical channel is opened.
The Java Card platform allows the card implementer to designate a default applet instance for each of the logical channels supported by the card. For any logical channel, the card implementation may designate an applet instance as the default applet instance for that logical channel. Alternatively, for any logical channel, the implementation may choose to designate no default applet instance at all. Logical channels may share the same applet instance as the default applet instance for more than one channel.
Upon card reset, only the basic logical channel (channel 0) is automatically opened. The default card applet instance, if any, is therefore the default applet instance for logical channel 0.
The card reset behavior is:
select method is called. If this method throws an exception or returns false, then the Java Card RE sets its state to indicate that no applet is active on the basic logical channel.
When a default card applet instance becomes active upon card reset, it shall not require its process method to be called. The applet instance’s process method is not called during default applet selection because there is no SELECT FILE APDU.
The default applet selection behavior on opening a new channel is:
When a MANAGE CHANNEL command is issued on the basic logical channel and a new logical channel is opened, the Java Card RE checks if there is a designated default applet instance for the newly opened logical channel. If so, the Java Card RE makes this applet instance the currently selected applet instance on the new logical channel, and the applet’s select method (MultiSelectable.select method if required) is called. If this method throws an exception or returns false, then the Java Card RE closes the new logical channel. (The applet instance’s process method is not called during default applet selection, because there is no SELECT FILE APDU). A default applet instance shall not require its process method to be called.
If a default applet instance was successfully selected, then APDU commands can be sent directly to the applet instance on that logical channel. If no applet is active, then only SELECT FILE commands for applet selection or MANAGE CHANNEL commands can be processed on that logical channel.
The mechanism for specifying the default applet instance for a logical channel is not defined in the Java Card API. It is a Java Card RE implementation detail and is left to the individual implementers.
Applets having the capability of being selected on multiple logical channels at the same time, or accepting other applets belonging to the same package being selected simultaneously, are referred to as multiselectable applets.
An applet’s context is active when either an instance of the applet is already active, or when another applet instance from the same package is active. For more information about contexts see Section 6.1.2 "Contexts and Context Switching.” An attempt to select an applet instance when the applet’s context is active, is referred to as a multiselection attempt. If successful, multiselection occurs, and the applet instance becomes multiselected.
Multiselectable applets shall implement the javacard.framework.MultiSelectable interface. In case of multiselection, the applet instance will be informed by invoking its methods MultiSelectable.select and MultiSelectable.deselect during selection and deselection respectively.
When an applet instance not currently active is the first one selected in its package, its Applet.select method is called. Subsequent multiselections to this applet instance or selection of other applet instances in the same package shall result in a call to MultiSelectable.select method. This method is defined in the MultiSelectable interface. Its only purpose is to inform the applet instance that it will be multiselected. The applet instance may accept or reject a multiselection attempt.
If a multiselection attempt is made on an applet which does not implement the MultiSelectable interface, the selection shall be rejected by the Java Card RE.
When a multiselected applet instance is deselected from one of the logical channels, the method MultiSelectable.deselect is called. Only when the multiselected applet instance is the last active applet instance in the applet’s context, is its regular method Applet.deselect called.
There are two cases of multiselection:
CLEAR_ON_DESELECT memory transient segment. The applet instances share objects within the context firewall as well as their transient data. The Java Card RE shall not reset this CLEAR_ON_DESELECT transient objects until all applet instances within the package are deselected.(Refer to FIGURE 2.)
CLEAR_ON_DESELECT memory segment space across logical channels. The Java Card RE shall not reset the CLEAR_ON_DESELECT transient objects until all applet instances within the package are deselected. (Refer to FIGURE 3.)
In both cases of multiselection described above, the applet(s) must implement the MultiSelectable interface. If the applet(s) do not support this feature, then the selection must be rejected by the Java Card RE.
According to Section 5.4 of the ISO 7816-4 Specification, only APDU commands that contain the following encoding of the header CLA byte contain logical channel information:
0x0X or 0x8X or 0x9X or 0xAX.
The X nibble is responsible for logical channels and secure messaging encoding. Only the two least significant bits (b2,b1*) of the nibble are used for logical channel encoding, which ranges from 0 to 3. When an APDU command is received, the Java Card RE shall process it and determine whether or not the command has logical channel information. If logical channel information is encoded, then the card dispatches the APDU command to the appropriate logical channel. All other APDU commands are forwarded to the card’s basic logical channel (logical channel 0).
The Java Card RE always forwards the command “as is” to the appropriate applet instance. In particular, the Java Card RE does not clear the least significant bits (b2,b1*) of the CLA byte.
According to Section 5.5.2 of the ISO 7816-4 Specification, there are two ways to open a logical channel in the smart card:
The Java Card RE shall intercept all APDU messages coming into the card, perform card management functions (such as selecting or deselecting applet instances), and shall forward APDU messages to the appropriate applet instance. As part of its card management functions, the Java Card RE notifies applet instances about selection events (a function it performs by calling the applet instances’ select and deselect methods), and it initiates APDU processing within the currently selected applet instance by calling the applet instance’s process method.
With the addition of logical channels in Java Card platform, the Java Card RE includes a multichannel dispatching mechanism, as well as checks to ensure applet integrity during multi-channel operations. The Java Card RE must ensure that applets written to operate in a single logical channel environment operate consistently on a multiple logical channel smart card.
Java Card platform defines a class of APDU commands, called MANAGE CHANNEL commands. The following subsections summarize the functions the Java Card RE must perform by using MANAGE CHANNEL command processing:
MANAGE CHANNEL OPEN: Open a new logical channel from an already-open logical channel. Two variations of this command are supported:
MANAGE CHANNEL CLOSE: Close a specified logical channel from another open logical channel.
In addition, the SELECT FILE APDU command to select an applet instance is extended to specify a new or already opened logical channel on which the specified applet instance is to be selected.
In the following sections, the term origin logical channel is used to refer to the logical channel on which the command was received: that is, the two least significant bits (b2,b1*) of the CLA byte, as described in Section 4.3.
There are two ways to select an applet instance in the Java Card platform: with a MANAGE CHANNEL OPEN command (Section 4.5.1), or with a SELECT FILE command, (See Section 4.5.2 "Applet Selection with SELECT FILE.”)
The Java Card RE shall guarantee that an applet that is designed to run on any logical channel can be selected on any of the available logical channels on the card. The resources accessed by the applet instance must be the same, irrespective of the logical channel it is selected on.
Upon receiving a MANAGE CHANNEL OPEN command, the Java Card RE shall run the following procedure:
0-3), INS=0x70 and P1=0. Two variants of this command are supported: 0 when the Java Card RE shall assign a new logical channel number0x6882 (SW_SECURE_MESSAGING_NOT_SUPPORTED). 0 or 0x80, or if the unsigned value of P2 is greater than 3, the Java Card RE responds with status code 0x6A81 (SW_FUNC_NOT_SUPPORTED).0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED).0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED)0 variant is used:1, the Java Card RE responds with status code 0x6C01 (SW_CORRECT_LENGTH_00+0x01).0x6A81 (SW_FUNC_NOT_SUPPORTED.)0 variant is used:
If resources for the specified logical channel are not available or the logical channel is already open, the Java Card RE responds with status code 0x6A86 (SW_INCORRECT_P1P2).
0), then:0x9000 and if the P2=0 variant is used, 1 data byte containing the newly assigned logical channel number.0x9000 and if the P2=0 variant is used, 1 data byte containing the newly assigned logical channel number.0x6985 (SW_CONDITIONS_NOT_SATISFIED).CLEAR_ON_DESELECT transient memory segment for the new logical channel:CLEAR_ON_DESELECT transient memory segment associated with that context to this logical channel.CLEAR_ON_DESELECT transient memory segment to this new logical channel.MultiSelectable.select method, where the parameter appInstAlreadyActive is set to true if the same applet instance is already active on another logical channel. A context switch into the candidate applet instance’s context occurs at this point. (For more details on contexts, see Section 6.1.2)Applet.select method. A context switch into the candidate applet instance’s context occurs at this point.0x6999 (SW_APPLET_SELECT_FAILED).0x9000 (and if the P2=0 variant is used, 1 data byte containing the newly assigned logical channel number.)Upon receiving a SELECT FILE command, the Java Card RE shall run the following procedure:
%b000000cc* (where cc in the bits (b2,b1*) specifies the logical channel to be selected: 0-3) and INS=0xA4.If the SELECT FILE command has non-zero secure messaging bits (b4,b3*) in the CLA byte, it is deemed not to be an Applet SELECT FILE command. The Java Card RE simply forwards the command to the active applet on the specified logical channel.
0x04.%b0000xx00 (b4,b3* are don’t care) and%b0001xx00 (b4,b3* are don’t care).0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED)0x6999 (SW_APPLET_SELECT_FAILED).0x6985 (SW_CONDITIONS_NOT_SATISFIED). Prior to sending the response code, if there is an active applet instance on the logical channel, then the Java Card RE may optionally deselect the applet instance, as described in Section 4.6 "Applet Deselection” and set the state so that no applet is active on the specified logical channel.CLEAR_ON_DESELECT transient memory segment for the new logical channel:CLEAR_ON_DESELECT transient memory segment to this logical channel.CLEAR_ON_DESELECT transient memory segment to this new logical channel.MultiSelectable.select(appInstAlreadyActive) method, where the parameter appInstAlreadyActive is set to true if the same applet instance is already active on another logical channel. A context switch into the candidate applet instance’s context occurs at this point (See Section 6.1.2).Applet.select method. A context switch into the candidate applet instance’s context occurs at this point.false, then the Java Card RE state is set so that no applet is active on the specified logical channel. The logical channel remains open, and the Java Card RE responds with status code 0x6999 (SW_APPLET_SELECT_FAILED).Applet.process method with the SELECT FILE APDU as the input parameter. A context switch occurs into the applet instance’s context at this point. Upon return from the applet instance’s process method, the Java Card RE sends the applet instance’s response as the response to the SELECT FILE command. An applet instance is deselected either upon receipt of a MANAGE CHANNEL CLOSE command, or as a result of a SELECT FILE command that selects a different (or the same) applet instance on the specified logical channel.
In either case, when an applet instance is deselected the following procedure shall be followed by the Java Card RE:
MultiSelectable.deselect(appInstStillActive) method, where the appInstStillActive parameter is set to true if the same applet instance is still active on another logical channel. A context switch occurs into the applet instance’s context at this point (See Section 6.1.2).Applet.deselect method. Upon return or uncaught exception, the Java Card RE clears the fields of all CLEAR_ON_DESELECT transient objects in the context of deselected applet instance.deselect method.
Upon receiving a MANAGE CHANNEL CLOSE command, the Java Card RE shall run the following procedure:
%b000000cc* (where cc in the bits (b2,b1) denotes the origin logical channel: 0-3), INS=0x70, P1=0x80 and P2 specifies the logical channel to be closed.0x6882 (SW_SECURE_MESSAGING_NOT_SUPPORTED).0 or 0x80, the Java Card RE responds with status code 0x6A81 (SW_FUNC_NOT_SUPPORTED).0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED).0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED).0) or the specified logical channel number is greater than 3, the Java Card RE responds with status code 0x6A81 (SW_FUNC_NOT_SUPPORTED).0x9000.0x6200 (SW_WARNING_STATE_UNCHANGED).When an APDU other than a SELECT FILE or MANAGE CHANNEL command is received, the logical channel to be used for dispatching the command is based on the CLA byte as described in Section 4.3 "Forwarding APDU Commands To a Logical Channel.”
When the Java Card RE receives an APDU other than a SELECT FILE or MANAGE CHANNEL command with either:
it shall respond to the APDU with status code 0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED).
If there is no active applet instance on the logical channel to be used for dispatching the command, the Java Card RE shall respond to the APDU with status code 0x6999 (SW_APPLET_SELECT_FAILED).
When an APDU other than a Applet SELECT FILE or a MANAGE CHANNEL command is received, and there is an active applet instance on the logical channel to be used for dispatching the command, the Java Card RE sets the active applet instance on the origin channel as the currently selected applet instance and invokes the process method passing the APDU as a parameter. This causes a context switch from the Java Card RE context into the currently selected applet instance’s context (For more information on contexts see Section 6.1.2 "Contexts and Context Switching.”) When the process method exits, the VM switches back to the Java Card RE context. The Java Card RE sends the response APDU and waits for the next command APDU.
Note that the Java Card RE dispatches the APDU command “as is” to the applet instance for processing via the process method. Therefore, the CLA byte in the command header will contain in its least significant bits the origin channel number. An applet designed to run on any logical channel needs to mask out these two bits before checking for specific values.
|
|
Runtime Environment Specification for the Java Card Platform Specification, 2.2.1 |
Copyright © 2003 Sun Microsystems, Inc. All rights reserved.