Java Card OpenPlatform (JCOP) is a

smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

for the

Java Card Java Card is a software technology that allows Java platform, Java-based applications (applets) to be run securely on smart cards and more generally on similar secure small memory footprint devices which are called "secure elements" (SE). Today ...

platform developed by

IBM International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...

Zürich Research Laboratory.{{cite web , title=IBM WebSphere Everyplace Chip Operating System — JavaCard OpenPlatform. , url=https://public.dhe.ibm.com/software/pervasive/info/G507-1676-01_WECOS_Final.pdf , publisher=IBM , access-date=11 September 2024 , ref=1 On 31 January 2006 the development and support responsibilities transferred to the IBM Smart Card Technology team in

Böblingen Böblingen (; ) is a town in Baden-Württemberg, Germany, seat of Böblingen (district), Böblingen District. Sindelfingen and Böblingen are Geographic contiguity, contiguous. History Böblingen was founded by Count Wilhelm von Tübingen-Bö ...

Germany Germany, officially the Federal Republic of Germany, is a country in Central Europe. It lies between the Baltic Sea and the North Sea to the north and the Alps to the south. Its sixteen States of Germany, constituent states have a total popu ...

. Since July 2007 support and development activities for the JCOP operating system on NXP /

Philips Koninklijke Philips N.V. (), simply branded Philips, is a Dutch multinational health technology company that was founded in Eindhoven in 1891. Since 1997, its world headquarters have been situated in Amsterdam, though the Benelux headquarter ...

silicon are serviced by

NXP Semiconductors NXP Semiconductors N.V. is a Dutch semiconductor manufacturing and design company with headquarters in Eindhoven, Netherlands. It is the third largest European semiconductor company by market capitalization as of 2024. The company employs approx ...

. The title originates from the standards it complies with: *

specifications *

GlobalPlatform GlobalPlatform, Inc. (formerly Visa OpenPlatform) is a non profit Trade association, industry consortium for Technical standard, technical standards focused on the interoperability, management and security of Embedded system, embedded hardware suc ...

(formerly known as

Visa Inc Visa Inc. () is an American multinational payment card services corporation headquartered in San Francisco, California. It facilitates electronic funds transfers throughout the world, most commonly through Visa-branded credit cards, debit c ...

OpenPlatform) specifications A Java Card JCOP has a Java Card Virtual Machine (JCVM) which allows it to run applications written in

Java programming language Java is a high-level, general-purpose, memory-safe, object-oriented programming language. It is intended to let programmers ''write once, run anywhere'' ( WORA), meaning that compiled Java code can run on all platforms that support Jav ...

History

First JC/OP Masks

Mask 0 : 1998 (spring) * First prototype on Atmel 8-bit uC – Flash memory, slow Mask 1 : 1998 *

Siemens Siemens AG ( ) is a German multinational technology conglomerate. It is focused on industrial automation, building automation, rail transport and health technology. Siemens is the largest engineering company in Europe, and holds the positi ...

Infineon Infineon Semiconductor solutions is the largest microcontroller manufacturer in the world, as well as Germany's largest semiconductor manufacturer. It is also the leading automotive semiconductor manufacturer globally. Infineon had roughly 58,0 ...

SLE66 IC –

Public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...

cryptography Mask 2 and 3 : 1999 *

Gemplus International Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and ...

(now

Gemalto Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, e-wallets and managed services. It was formed in June 2006 by the merger of two companies, Axalto and ...

) licensed JC/OP * Base mask for GemXpresso product line * Public key generation * Visa OpenPlatform Mask 4 : 1999 * Contactless JC/OP on Philips

Mifare MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards. The brand includes proprietary solutions based on various levels of the ISO/IEC 14443 Type-A 13.56 MHz contactless smart card standard ...

Pro chip * 256 bytes RAM, 20 KB ROM and 8 KB EEPROM * Dual interface

JCOP01 and Cooperation with Philips

Mask 5 : 2000 * Philips P8WE smartcard microcontroller * ‘JCOP01’ is the foundation for all later versions * JCOP licensed by IBM * JCOP Tools for development Visa breakthrough program * To counter MasterCard’s

MULTOS MULTOS is a multi-application smart card operating system, that enables a smart card to carry a variety of applications, from chip and pin application for payment to on-card biometric matching for secure ID and ePassport. MULTOS is an open standar ...

* Cooperation between IBM (OS), Visa (OpenPlatform) and Philips (IC) * JCOP v1 owned by Visa JCOP v2 * Owned by IBM, sold by Philips * Philips SmartMX controller (SMX) JCOP v2.2 * GlobalPlatform 2.1.1 * Java Card 2.2.1 *

Elliptic Curve Cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys to provide equivalent security, compared to cryptosystems based on modula ...

(ECC) F2M support * JCOP Tools

Eclipse An eclipse is an astronomical event which occurs when an astronomical object or spacecraft is temporarily obscured, by passing into the shadow of another body or by having another body pass between it and the viewer. This alignment of three ...

based

JCOP Transfer

JCOP v2.2.1 – JCOP v2.3.1 * Owned by IBM, sold by Philips/NXP * Development transferred to IBM in Böblingen, Germany * USB interface JCOP v2.3.2 * JCOP technology owned by IBM * Policy change at IBM * Source code license acquired by NXP Semiconductors * To serve customer requests and projects

JCOP by NXP

JCOP v2.4 * first NXP developed JCOP version * ECC GF(p) support * Java Card 2.2.2 JCOP v2.4.1 * ECC primitive calculation support (point addition and multiplication) *

Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (International Organization for Standardization, ISO/International Electrotechnical Commission, IEC 15408) for co ...

5+ certification (CC) * EMV, Visa and MasterCard approved *

NFC NFC usually refers to: * Near-field communication, a set of communication protocols for electronic devices * National Football Conference, part of US National Football League NFC may also refer to: Psychology * Need for cognition, in psychol ...

integration into PN65N combo chip: NFC and

Secure Element A secure element (SE) is a secure operating system (OS) in a tamper-resistant processor chip or secure component. It can protect assets (root of trust, sensitive data, keys, certificates, applications) against high-level software and hardware atta ...

JCOP v2.4.2 * additional algorithms to support eGovernment use cases, i.e. AES CMAC * CC 5+ * NFC integration into PN65O

JCOP 3

mobile

Smartcard controller SmartMX2, P61, flash based persistent memory JCOP 3.0 * NFC integration into PN65T * Java Card 3.0.1 classic edition * GlobalPlatform 2.2.1 * EMV platform certification JCOP 3.1 * NFC integration into PN66T

card

SMX2, P60, EEPROM based persistent memory JCOP 3.x (not released as of Dec 26, 2014)

Technical Overview

JCOP is an operating system for a security sensitive embedded system environment, smartcard or secure element controllers in particular. The functional architecture can be partitioned into three parts: * Java Card, for development of applications, i.e. API and structure of card applets similar to class files * GlobalPlatform, for administration of applications and operating system, i.e. loading and access control * JCOP proprietary features, mainly Java Card API extensions, i.e. ECC primitive calculation or

MIFARE MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards. The brand includes proprietary solutions based on various levels of the ISO/IEC 14443 Type-A 13.56 MHz contactless smart card standard ...

DESFIRE management NXP offers also MIFARE emulations for Classic and DESFIRE on the same chip as additional (native) operating systems. While JCOP is based on open standards, MIFARE technology is NXP specific. Java Card applets running in JCOP can then be used to manage the MIFARE memory through Java Card API. MIFARE Plus and MIFARE Ultralight are not (yet) supported.

GlobalPlatform

GP is a high-level standard with many options. As of JCOP 3, support for GP 2.2.1 was added, in particular to support mobile use cases JCOP 3 is fully Secure Element configuration compliant. GP 2.2.1 card specification, core * issuer centric or simple model * delegated management * authorized management * verification authority (GP 2.1.1 controlling authority) * Data Authentication Pattern (DAP) * Secure Channel Protocol 02 (SCP), pseudo random, C-MAC, C-ENC, R-MAC, R-ENC * all the privileges are supported Amendment A - Confidential Card Content Management (C3M) * see implementation details in UICC configuration and Amendment E Amendment C - Contactless Services * every protocol but

FeliCa FeliCa is a contactless RFID smart card system from Sony in Japan, primarily used in electronic money cards. The name stands for ''Felicity Card''. First utilized in the Octopus card system in Hong Kong, the technology is used in a variety of cards ...

is supported * additionally MIFARE Classic and DESFIRE is supported * HCI notifications are supported Amendment D - Secure Channel Protocol 03 (AES) * only AES-128 * all options are supported (random) Amendment E - Security Upgrade * SHA-256 and EC-256 * C3M scenario #3 UICC configuration * scenarios #1, #2A and #2B * SCP 80 and 81 is not supported (ETSI) Secure Element configuration * JCOP 3 is fully compliant

Java Card

From the optional packages JCOP 3 does not support the javacardx.framework. From the crypto and signature classes, some algorithms are not supported, i.e. MD5 and EC F2M. The key lengths (amongst others) supported are AES-128, DES, 2DES3, 3DES3, EC up to 521 bit, RSA up to 2048 bit.

Communication Protocols

JCOP 3 supports ISO-7816, ISO-14443 type A and B (through SWP - NFC controller) and SWP/HCI. USB low speed was supported only on JCOP v2.3.1.

Extensions

JCOP 3 supports various extensions, i.e. MIFARE DESFIRE management support for MIFARE4Mobile. It is important to know that usage of extensions used in applets (not part of Java Card and GlobalPlatform specifications) makes this applications not portable to other Java Card and GlobalPlatform compliant operating systems.

JCOP Tools

JCOP Tools were initially developed by IBM. The first module was a command line tool called JCOP Shell or JCShell. The development tools is a plugin to

IDE. NXP has maintained JCOP Tools and extended it with a CryptoPlugin and new JCOP simulations. The tools are offered for

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

and

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

platforms.

JCShell

JCShell is a Java program, command line tool which also supports scripting. The JCShell scripting language is sophisticated to create test and verification scripts. JCShell has a plugin structure where existing base plugin (similar to Eclipse plugins) which supports the most basic on-card APDU commands such as raw send is extended with GlobalPlatform and crypto functionality. All the plugins are extendable by own functionality (in

Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...

). There is a standalone JCShell version without the need to install Eclipse and an Eclipse-based version embedded in form of a View in the Debug perspective of JCOP Tools plugin.11

References

External links

Java Card technology page at Oracle

Java Card Forum
Smart cards Java platform Embedded operating systems