Integrating Java Card into J2ME applications
Added 31 Jul 2008
I'll pick up right where I left off in the last article, with a closer look at the e-bank application's UserPIN and EBankPIN
classes. I'll take you through the steps of authenticating the user,
employing cryptography for decryption, and extracting the session key
from encrypted data to establish a secure session.
For the remainder of the article, I will focus on the major topic of the Security and Trust Services API (SATSA), which I discussed only briefly last time. I'll explain the role of SATSA in making Java Card applications usable by J2ME devices and demonstrate the use of SATSA classes. I will also implement the J2ME-based client-side functions of the KerberosEBank application, further demonstrating the use of the SATSA API. I'll conclude the article with an overview of techniques for debugging Java Card applications.
Please note that the discussion in this article follows from the discussion in the first article. If you haven't read that article, you should do so before continuing. You may also wish to download the article source now.
In the first article in this series you got a glimpse of the simple
authentication process that underlies Java Card security. When I
installed the e-bank Java Card application onto a Java Card (see Part 1, Listing 4) the JavaCardKerberosKey applet instantiated the UserPIN class. While instantiating, it passed the user's key to the UserPIN constructor. The
KerberosSecurityService class then used the UserPIN class to authenticate the user.
When a J2ME user accesses the JavaCardKerberosKey applet, it provides the user's key
to the UserPIN class. The UserPIN class compares the key provided by the
user with the user's key stored during the installation process. If the
two keys match, the authentication succeeds; if not, it fails.