`Specification
`
`Sun Microsystems, Inc.
`901 San Antonio Road
`Palo Alto, CA 94303 USA
`650 960-1300
`
`Final Revision 1.0, February 24, 1999
`
`SAMSUNG 1011
`
`1
`
`
`
`Copyright © 1999 Sun Microsystems, Inc.
`
`901 San Antonio Road, Palo Alto, CA 94303 USA
`
`All rights reserved. Copyright in this document is owned by Sun Microsystems, Inc.
`
`Sun Microsystems, Inc. (SUN) hereby grants to you at no charge a nonexclusive, nontransferable, worldwide, limited license
`(without the right to sublicense) under SUN's intellectual property rights that are essential to practice the Java ™ Card ™
`Runtime Environment (JCRE) 2.1 Specification ("Specification") to use the Specification for internal evaluation purposes only.
`Other than this limited license, you acquire no right, title, or interest in or to the Specification and you shall have no right to use
`the Specification for productive or commercial use.
`
`RESTRICTED RIGHTS LEGEND
`
`Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-
`19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-1(a).
`
`SUN MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE SOFTWARE, EITHER
`EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
`FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR ANY
`DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE
`OR ITS DERIVATIVES.
`
`TRADEMARKS
`
`Sun, the Sun logo, Sun Microsystems, JavaSoft, JavaBeans, JDK, Java, Java Card, HotJava, HotJava Views, Visual Java, Solaris,
`NEO, Joe, Netra, NFS, ONC, ONC+, OpenWindows, PC-NFS, EmbeddedJava, PersonalJava, SNM, SunNet Manager, Solaris
`sunburst design, Solstice, SunCore, SolarNet, SunWeb, Sun Workstation, The Network Is The Computer, ToolTalk, Ultra,
`Ultracomputing, Ultraserver, Where The Network Is Going, Sun WorkShop, XView, Java WorkShop, the Java Coffee Cup logo,
`and Visual Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
`
`THIS PUBLICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
`INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
`PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
`
`THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES
`ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN
`NEW EDITIONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR
`CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME.
`
`2
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`Contents
`
`Preface...........................................................................................................vi
`
`1. Introduction...........................................................................................1-1
`
`2. Lifetime of the Java Card Virtual Machine..........................................2-1
`
`3. Java Card Applet Lifetime....................................................................3-1
`
`3.1
`
`3.2
`
`3.3
`
`3.4
`
`3.5
`
`The Method install ...............................................................3-1
`
`The Method select .................................................................3-2
`
`The Method process ...............................................................3-2
`
`The Method deselect.............................................................3-3
`
`Power Loss and Reset .................................................................3-3
`
`4. Selection.................................................................................................4-1
`
`4.1
`
`4.2
`
`4.3
`
`The Default Applet .....................................................................4-1
`
`SELECT Command Processing...................................................4-2
`
`Non-SELECT Command Processing...........................................4-3
`
`5. Transient Objects ..................................................................................5-1
`
`5.1
`
`Events That Clear Transient Objects............................................5-2
`
`6. Applet Isolation and Object Sharing.....................................................6-3
`
`6.1
`
`Applet Firewall...........................................................................6-3
`
`6.1.1 Contexts and Context Switching
`
`6-3
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`iii
`
`3
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`6.1.2 Object Ownership
`
`6.1.3 Object Access
`
`6.1.4 Firewall Protection
`
`6.1.5 Static Fields and Methods
`
`6-4
`
`6-4
`
`6-4
`
`6-5
`
`6.2
`
`Object Access Across Contexts...................................................6-5
`
`6.2.1 JCRE Entry Point Objects
`
`6.2.2 Global Arrays
`
`6.2.3 JCRE Privileges
`
`6.2.4 Shareable Interfaces
`
`6.2.5 Determining the Previous Context
`
`6.2.6 Shareable Interface Details
`
`6.2.7 Obtaining Shareable Interface Objects
`
`6.2.8 Class and Object Access Behavior
`
`6-6
`
`6-6
`
`6-7
`
`6-7
`
`6-9
`
`6-9
`
`6-10
`
`6-11
`
`6.3
`
`Transient Objects and Contexts.................................................6-14
`
`7. Transactions and Atomicity ..................................................................7-1
`
`7.1
`
`7.2
`
`7.3
`
`7.4
`
`7.5
`
`7.6
`
`7.7
`
`7.8
`
`7.9
`
`Atomicity ...................................................................................7-1
`
`Transactions ...............................................................................7-1
`
`Transaction Duration ..................................................................7-2
`
`Nested Transactions....................................................................7-2
`
`Tear or Reset Transaction Failure................................................7-2
`
`Aborting a Transaction ...............................................................7-3
`
`7.6.1 Programmatic Abortion
`
`7.6.2 Abortion by the JCRE
`
`7.6.3 Cleanup Responsibilities of the JCRE
`
`7-3
`
`7-3
`
`7-3
`
`Transient Objects........................................................................7-3
`
`Commit Capacity........................................................................7-3
`
`Context Switching ......................................................................7-4
`
`8. API Topics .............................................................................................8-5
`
`8.1
`
`Resource Use within the API ......................................................8-5
`
`iv
`
` Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`4
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`8.2
`
`8.3
`
`8.4
`
`8.5
`
`8.6
`
`Exceptions thrown by API classes...............................................8-5
`
`Transactions within the API........................................................8-5
`
`The APDU Class ........................................................................8-6
`
`8.4.1 T=0 specifics for outgoing data transfers
`
`8.4.2 T=1 specifics for outgoing data transfers
`
`8.4.3 T=1 specifics for incoming data transfers
`
`8-6
`
`8-8
`
`8-8
`
`The Security and Crypto packages ..............................................8-9
`
`JCSystem Class ..........................................................................8-9
`
`9. Virtual Machine Topics.........................................................................9-1
`
`9.1
`
`Resource Failures .......................................................................9-1
`
`10. Applet Installer.................................................................................... 10-1
`
`10.1 The Installer .............................................................................10-1
`
`10.1.1 Installer Implementation
`
`10.1.2 Installer AID
`
`10.1.3 Installer APDUs
`
`10.1.4 Installer Behavior
`
`10.1.5 Installer Privileges
`
`10-1
`
`10-2
`
`10-2
`
`10-2
`
`10-3
`
`10.2 The Newly Installed Applet ......................................................10-3
`
`10.2.1 Installation Parameters
`
`10-3
`
`11. API Constants...........................................................................................1
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`v
`
`5
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`Preface
`
`Java Card(cid:212)
` technology combines a portion of the Java programming language with a runtime environment
`optimized for smart cards and related, small-memory embedded devices. The goal of Java Card technology is to
`bring many of the benefits of Java software programming to the resource-constrained world of smart cards.
`
`This document is a specification of the Java Card 2.1 Runtime Environment (JCRE). A vendor of a Java Card-
`enabled device provides an implementation of the JCRE. A JCRE implementation within the context of this
`specification refers to a vendor’s implementation of the Java Card Virtual Machine (VM), the Java Card
`Application Programming Interface (API), or other component, based on the Java Card technology
`specifications. A Reference Implementation is an implementation produced by Sun Microsystems, Inc. Applets
`written for the Java Card platform are referred to as Java Card applets.
`
`Who Should Use This Specification?
`This specification is intended to assist JCRE implementers in creating an implementation, developing a
`specification to extend the Java Card technology specifications, or in creating an extension to the Java Card
`Runtime Environment (JCRE). This specification is also intended for Java Card applet developers who want a
`greater understanding of the Java Card technology specifications.
`
`Before You Read This Specification
`Before reading this guide, you should be familiar with the Java programming language, the Java Card
`technology specifications, and smart card technology. A good resource for becoming familiar with Java
`technology and Java Card technology is the Sun Microsystems, Inc. website, located at:
`http://java.sun.com.
`
`How This Specification Is Organized
`Chapter 1, “The Scope and Responsibilities of the JCRE,” gives an overview of the services required of a
`JCRE implementation.
`
`Chapter 2, “Lifetime of the Java Card Virtual Machine,” defines the lifetime of the Java Card Virtual
`Machine.
`
`vi
`
` Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`6
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`Chapter 3, “Java Card Applet Lifetime,” defines the lifetime of an applet.
`
`Chapter 4, “Selection,” describes how the JCRE handles applet selection.
`
`Chapter 5, “Transient Objects,” describes the properties of transient objects.
`
`Chapter 6, “Applet Isolation and Object Sharing,” describes applet isolation and object sharing.
`
`Chapter 7, “Transactions and Atomicity,” describes the functionality of atomicity and transactions.
`
`Chapter 8, “API Topics,” describes API functionality required of a JCRE but not completely specified in the
`Java Card 2.1 API Specification.
`
`Chapter 9, “Virtual Machine Topics,” describes virtual machine specifics.
`
`Chapter 10, “Applet Installer,” provides an overview of the Applet Installer and JCRE required behavior.
`
`Chapter 11, “API Constants,” provides the numeric value of constants that are not specified in the Java Card
`2.1 API Specification.
`
`Glossary is a list of words and their definitions to assist you in using this book.
`
`Related Documents and Publications
`References to various documents or products are made in this manual. You should have the following
`documents available:
`
`n Java Card 2.1 API Specification, Sun Microsystems, Inc.
`n Java Card 2.1 Virtual Machine Specification, Sun Microsystems, Inc.
`n Java Card Applet Developer’s Guide, Sun Microsystems, Inc.
`n The Java Language Specification by James Gosling, Bill Joy, and Guy L. Steele. Addison-Wesley, 1996,
`ISBN 0-201-63451-1.
`n The Java Virtual Machine Specification (Java Series) by Tim Lindholm and Frank Yellin. Addison-
`Wesley, 1996, ISBN 0-201-63452-X.
`n The Java Class Libraries: An Annotated Reference (Java Series) by Patrick Chan and Rosanna Lee.
`Addison-Wesley, two volumes, ISBN: 0201310023 and 0201310031.
`
`n
`ISO 7816 Specification Parts 1-6.
`n EMV ’96 Integrated Circuit Card Specification for Payment Systems.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`vii
`
`7
`
`
`
`8
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`1. Introduction
`
`The Java Card 2.1 Runtime Environment (JCRE) contains the Java Card Virtual Machine (VM), the Java Card
`Application Programming Interface (API) classes (and industry-specific extensions), and support services.
`
`This document, the Java Card 2.1 Environment (JCRE) Specification, specifies the JCRE functionality required
`by the Java Card technology. Any implementation of Java Card technology shall provide this necessary
`behavior and environment.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`1-1
`
`9
`
`
`
`10
`
`10
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`2. Lifetime of the Java Card Virtual Machine
`
`In a PC or workstation, the Java Virtual Machine runs as an operating system process. When the OS process is
`terminated, the Java applications and their objects are automatically destroyed.
`
`In Java Card technology the execution lifetime of the Virtual Machine (VM) is the lifetime of the card. Most of
`the information stored on a card shall be preserved even when power is removed from the card. Persistent
`memory technology (such as EEPROM) enables a smart card to store information when power is removed.
`Since the VM and the objects created on the card are used to represent application information that is persistent,
`the Java Card VM appears to run forever. When power is removed, the VM only stops temporarily. When the
`card is next reset, the VM starts up again and recovers its previous object heap from persistent storage.
`
`Aside from its persistent nature, the Java Card Virtual Machine is just like the Java Virtual Machine.
`
`The card initialization time is the time after masking, and prior to the time of card personalization and issuance.
`At the time of card initialization, the JCRE is initialized. The framework objects created by the JCRE exist for
`the lifetime of the Virtual Machine. Because the execution lifetime of the Virtual Machine and the JCRE
`framework span CAD sessions of the card, the lifetimes of objects created by applets will also span CAD
`sessions. (CAD means Card Acceptance Device, or card reader. Card sessions are those periods when the card
`is inserted in the CAD, powered up, and exchanging streams of APDUs with the CAD. The card session ends
`when the card is removed from the CAD.) Objects that have this property are called persistent objects.
`
`The JCRE implementer shall make an object persistent when:
`
`• The Applet.register method is called. The JCRE stores a reference to the instance of the applet object.
`The JCRE implementer shall ensure that instances of class applet are persistent.
`• A reference to an object is stored in a field of any other persistent object or in a class’s static field. This
`requirement stems from the need to preserve the integrity of the JCRE’s internal data structures.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`2-1
`
`11
`
`
`
`12
`
`12
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`3. Java Card Applet Lifetime
`
`For the purposes of this specification, a Java Card applet’s lifetime begins at the point that it has been correctly
`loaded into card memory, linked, and otherwise prepared for execution. (For the remainder of this specification,
`applet refers to an applet written for the Java Card platform.) Applets registered with the Applet.register
`method exist for the lifetime of the card. The JCRE initiates interactions with the applet via the applet’s public
`methods install, select, deselect, and process. An applet shall implement the static
`install(byte[], short, byte) method. If the install(byte[], short, byte) method is not
`implemented, the applet’s objects cannot be created or initialized. A JCRE implementation shall call an applet’s
`install, select, deselect, and process methods as described below.
`
`When the applet is installed on the smart card, the static install(byte[], short, byte) method is called
`once by the JCRE for each applet instance created. The JCRE shall not call the applet’s constructor directly.
`
`3.1 The Method install
`
`When the install(byte[], short, byte) method is called, no objects of the applet exist. The main task
`of the install method within the applet is to create an instance of the Applet subclass using its constructor,
`and to register the instance. All other objects that the applet will need during its lifetime can be created as is
`feasible. Any other preparations necessary for the applet to be selected and accessed by a CAD also can be done
`as is feasible. The install method obtains initialization parameters from the contents of the incoming byte
`array parameter.
`
`Typically, an applet creates various objects, initializes them with predefined values, sets some internal state
`variables, and calls either the Applet.register() method or the Applet.register(byte[], short,
`byte) method to specify the AID (applet IDentifier as defined in ISO 7816-5) to be used to select it. This
`installation is considered successful when the call to the Applet.register method completes without an
`exception. The installation is deemed unsuccessful if the install method does not call the
`Applet.register method, or if an exception is thrown from within the install method prior to the
`Applet.register method being called, or if the Applet.register method throws an exception. If the
`installation is unsuccessful, the JCRE shall perform all cleanup when it regains control. That is, all persistent
`objects shall be returned to the state they had prior to calling the install method. If the installation is
`successful, the JCRE can mark the applet as available for selection.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`3-1
`
`13
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`3.2 The Method select
`
`Applets remain in a suspended state until they are explicitly selected. Selection occurs when the JCRE receives
`a SELECT APDU in which the name data matches the AID of the applet. Selection causes an applet to become
`the currently selected applet.
`
`Prior to calling SELECT, the JCRE shall deselect the previously selected applet. The JCRE indicates this to the
`applet by invoking the applet’s deselect method.
`
`The JCRE informs the applet of selection by invoking its select() method.
`
`The applet may decline to be selected by returning false from the call to the select method or by throwing
`an exception. If the applet returns true, the actual SELECT APDU command is supplied to the applet in the
`subsequent call to its process method, so that the applet can examine the APDU contents. The applet can
`process the SELECT APDU command exactly like it processes any other APDU command. It can respond to
`the SELECT APDU with data (see the process method for details), or it can flag errors by throwing an
`ISOException with the appropriate SW (returned status word). The SW and optional response data are
`returned to the CAD.
`
`The Applet.selectingApplet method shall return true when called during the select method. The
`Applet.selectingApplet method will continue to return true during the subsequent process method,
`which is called to process the SELECT APDU command.
`
`If the applet declines to be selected, the JCRE will return an APDU response status word of
`ISO7816.SW_APPLET_SELECT_FAILED to the CAD. Upon selection failure, the JCRE state is set to indicate
`that no applet is selected. (See section 4.2 for more details).
`
`After successful selection, all subsequent APDUs are delivered to the currently selected applet via the process
`method.
`
`3.3 The Method process
`
`All APDUs are received by the JCRE, which passes an instance of the APDU class to the process(APDU)
`method of the currently selected applet.
`
`Note – A SELECT APDU might cause a change in the currently selected applet prior to the call to the
`process method. (The actual change occurs before the call to the select method).
`
`On normal return, the JCRE automatically appends 0x9000 as the completion response SW to any data already
`sent by the applet.
`
`At any time during process, the applet may throw an ISOException with an appropriate SW, in which case
`the JCRE catches the exception and returns the SW to the CAD.
`
`If any other exception is thrown during process, the JCRE catches the exception and returns the status word
`ISO7816.SW_UNKNOWN to the CAD.
`
`3-2 Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`14
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`3.4 The Method deselect
`
`When the JCRE receives a SELECT APDU command in which the name matches the AID of an applet, the
`JCRE calls the deselect() method of the currently selected applet. This allows the applet to perform any
`cleanup operations that may be required in order to allow some other applet to execute.
`
`The Applet.selectingApplet method shall return false when called during the deselect method.
`Exceptions thrown by the deselect method are caught by the JCRE, but the applet is deselected.
`
`3.5 Power Loss and Reset
`
`Power loss occurs when the card is withdrawn from the CAD or if there is some other mechanical or electrical
`failure. When power is reapplied to the card and on card reset (warm or cold) the JCRE shall ensure that:
`
`• Transient data is reset to the default value.
`• The transaction in progress, if any, when power was lost (or reset occurred) is aborted.
`• The applet that was selected when power was lost (or reset occurred) becomes implicitly deselected. (In
`this case the deselect method is not called.)
`
`•
`
`If the JCRE implements default applet selection (see section 4.1), the default applet is selected as the
`currently selected applet, and the default applet’s select method is called. Otherwise, the JCRE sets its
`state to indicate that no applet is selected.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`3-3
`
`15
`
`
`
`16
`
`16
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`4. Selection
`
`Cards receive requests for service from the CAD in the form of APDUs. The SELECT APDU is used by the
`JCRE to designate a currently selected applet. Once selected, an applet receives all subsequent APDUs until the
`applet becomes deselected.
`
`There is no currently selected applet when either of the following occurs:
`
`• The card is reset and no applet has been pre-designated as the default applet.
`• A SELECT command fails when attempting to select an applet via its select method .
`
`4.1 The Default Applet
`
`Normally, applets become selected only via a successful SELECT command. However, some smart card CAD
`applications require that there be a default applet that is implicitly selected after every card reset. The behavior
`is:
`
`1.
`
`After card reset (or power on, which is a form of reset) the JCRE performs its initializations and checks
`to see if its internal state indicates that a particular applet is the default applet. If so, the JCRE makes this
`applet the currently selected applet, and the applet’s select method is called. If the applet’s select
`method throws an exception or returns false, then the JCRE sets its state to indicate that no applet is
`selected. (The applet’s process method is not called during default applet selection because there is no
`SELECT APDU.) When a default applet is selected at card reset, it shall not require its process
`method to be called.
`
`2.
`
`The JCRE ensures that the ATR has been sent and the card is now ready to accept APDU commands.
`
`If a default applet was successfully selected, then APDU commands can be sent directly to this applet. If a
`default applet was not selected, then only SELECT commands for applet selection can be processed.
`
`The mechanism for specifying a default applet is not defined in the Java Card 2.1 API. It is a JCRE
`implementation detail and is left to the individual JCRE implementers.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`4-1
`
`17
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`4.2 SELECT Command Processing
`
`The SELECT APDU command is used to select an applet. Its behavior is:
`
`1. The SELECT APDU is always processed by the JCRE regardless of which, if any, applet is active.
`
`2. The JCRE searches the internal applet table which lists all successfully installed applets on the card for a
`matching AID. The JCRE shall support selecting an applet where the full AID is present in the SELECT
`command.
`
`JCRE implementers are free to enhance their JCRE to support other selection criterion. An example of this
`is selection via partial AID match as specified in ISO 7816-4. The specific requirements are as follows:
`
`Note – An asterisk indicates binary notation(%b) using bit numbering as in ISO7816. Most significant bit = b8.
`Least significant bit = b1.
`
`a) Applet SELECT command uses CLA=0x00, INS=0xA4.
`
`b) Applet SELECT command uses "Selection by DF name". Therefore, P1=0x04.
`
`c) Any other value of P1 implies that is not an applet select. The APDU is processed by the currently
`selected applet.
`
`d) JCRE shall support exact DF name (AID) selection (i.e. P2=%b0000xx00). (b4,b3* are don’t
`care).
`
`e) All other partial DF name SELECT options (b2,b1*) are JCRE implementation dependent.
`
`f) All file control information option codes (b4,b3*) shall be supported by the JCRE and interpreted
`and processed by the applet.
`
`3.
`
`If no AID match is found:
`
`a.
`
`If there is no currently selected applet, the JCRE responds to the SELECT command with status code
`0x6999 (SW_APPLET_SELECT_FAILED).
`
`b. Otherwise, the SELECT command is forwarded to the currently selected applet’s process method.
`A context switch into the applet’s context occurs at this point. (Context of an applet is defined in
`section 6.1.1.) Applets may use the SELECT APDU command for their own internal SELECT
`processing.
`
`4.
`
`If a matching AID is found, the JCRE prepares to select the new applet. If there is an currently selected
`applet, it is deselected via a call to its deselect method. A context switch into the deselected applet’s
`context occurs at this point. The JCRE context is restored upon exit from deselect.
`
`5. The JCRE now clears the fields of all CLEAR_ON_DESELECT transient objects (see section 5.1) owned
`by the applet being deselected.
`
`6. The JCRE sets the new currently selected applet. The new applet is selected via a call to its select method,
`and a context switch into the new applet’s context occurs
`
`a.
`
`If the applet’s select method throws an exception or returns false, then the JCRE state is set so
`that no applet is selected. The JCRE responds to the SELECT command with status code 0x6999
`(SW_APPLET_SELECT_FAILED).
`
`4-2 Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`18
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`b. The new currently selected applet’s process method is then called with the SELECT APDU as an
`input parameter. A context switch into the applet’s context occurs.
`
`Notes –
`
`If there is no matching AID, the SELECT command is forwarded to the currently selected applet (if any) for
`processing as a normal applet APDU command.
`
`If there is a matching AID and the SELECT command fails, the JCRE always enters the state where no applet is
`selected.
`
`If the matching AID is the same as the currently selected applet, the JCRE still goes through the process of
`deselecting the applet and then selecting it. Reselection could fail, leaving the card in a state where no applet is
`selected.
`
`4.3 Non-SELECT Command Processing
`
`When a non-SELECT APDU is received and there is no currently selected applet, the JCRE shall respond to the
`APDU with status code 0x6999 (SW_APPLET_SELECT_FAILED).
`
`When a non-SELECT APDU is received and there is a currently selected applet, the JCRE invokes the
`process method of the currently selected applet passing the APDU as a parameter. This causes a context
`switch from the JCRE context into the currently selected applet’s context. When the process method exits,
`the VM switches back to the JCRE context. The JCRE sends a response APDU and waits for the next command
`APDU.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`4-3
`
`19
`
`
`
`20
`
`20
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`5. Transient Objects
`
`Applets sometimes require objects that contain temporary (transient) data that need not be persistent across
`CAD sessions. Java Card does not support the Java keyword transient. However, Java Card technology
`provides methods to create transient arrays with primitive components or references to Object.
`
`The term “transient object” is a misnomer. It can be incorrectly interpreted to mean that the object itself is
`transient. However, only the contents of the fields of the object (except for the length field) have a transient
`nature. As with any other object in the Java programming language, transient objects within the Java Card
`platform exist as long as they are referenced from:
`• The stack
`• Local variables
`• A class static field
`• A field in another existing object
`
`A transient object within the Java Card platform has the following required behavior:
`
`• The fields of a transient object shall be cleared to the field’s default value (zero, false, or null) at the
`occurrence of certain events (see section 5.1).
`• For security reasons, the fields of a transient object shall never be stored in a “persistent memory
`technology.” Using current smart card technology as an example, the contents of transient objects can be
`stored in RAM, but never in EEPROM. The purpose of this requirement is to allow transient objects to be
`used to store session keys.
`• Writes to the fields of a transient object shall not have a performance penalty. (Using current smart card
`technology as an example, the contents of transient objects can be stored in RAM, while the contents of
`persistent objects can be stored in EEPROM. Typically, RAM technology has a much faster write cycle
`time than EEPROM.)
`• Writes to the fields of a transient object shall not be affected by “transactions.” That is, an
`abortTransaction will never cause a field in a transient object to be restored to a previous value.
`
`This behavior makes transient objects ideal for small amounts of temporary applet data that is frequently
`modified, but that need not be preserved across CAD or select sessions.
`
`Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`5-1
`
`21
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`5.1 Events That Clear Transient Objects
`
`Persistent objects are used for maintaining states that shall be preserved across card resets. When a transient
`object is created, one of two events is specified that causes its fields to be cleared. CLEAR_ON_RESET
`transient objects are used for maintaining states that shall be preserved across applet selections, but not across
`card resets. CLEAR_ON_DESELECT transient objects are used for maintaining states that must be preserved
`while an applet is selected, but not across applet selections or card resets.
`
`Details of the two clear events are as follows:
`
`• CLEAR_ON_RESET—the object’s fields (except for the length field) are cleared when the card is reset.
`When a card is powered on, this also causes a card reset.
`
`Note – It is not necessary to clear the fields of transient objects before power is removed from a card.
`However, it is necessary to guarantee that the previous contents of such fields cannot be recovered once
`power is lost.
`
`• CLEAR_ON_DESELECT—the object’s fields (except for the length field) are cleared whenever the applet
`is deselected. Because a card reset implicitly deselects the currently selected applet, the fields of
`CLEAR_ON_DESELECT objects are also cleared by the same events specified for CLEAR_ON_RESET.
`
`The currently selected applet is explicitly deselected (its deselect method is called) only when a SELECT
`command is processed. The currently selected applet is deselected and then the fields of all
`CLEAR_ON_DESELECT transient objects owned by the applet are cleared regardless of whether the SELECT
`command:
`• Fails to select an applet.
`• Selects a different applet.
`• Reselects the same applet.
`
`5-2 Final Revision 1.0 Copyright © February 24, 1999 Sun Microsystems, Inc.
`
`22
`
`
`
` Java Card ™ 2.1 Runtime Environment (JCRE) Specification
`
`6. Applet Isolation and Object Sharing
`
`Any implementation of the JCRE shall support isolation of contexts and apple