Site Tools

Sidebar

Smart Card Solution

User Manual

JavaCard API Samples

Java Card Specification

Knowledge Sharing

javacard:jcre:6.2.1_java_card_re_entry_point_objects

6.2.1 Java Card RE Entry Point Objects

Secure computer systems must have a way for non-privileged user processes (that are restricted to a subset of resources) to request system services performed by privileged “system” routines.

In the Java Card API, this is accomplished using Java Card RE Entry Point Objects. These are objects owned by the Java Card RE context, but they are flagged as containing entry point methods.

The firewall protects these objects from access by applets. The entry point designation allows the methods of these objects to be invoked from any context. When that occurs, a context switch to the Java Card RE context is performed. These methods are the gateways through which applets request privileged Java Card RE system services. The requested service is performed by the entry point method after verifying that the method parameters are within bounds and all objects passed in as parameters are accessible from the caller's context.

Following are the two categories of Java Card RE Entry Point Objects:

  • Temporary Java Card RE Entry Point Objects

Like all Java Card RE Entry Point Objects, methods of temporary Java Card RE Entry Point Objects can be invoked from any context. However, references to these objects cannot be stored in class variables, instance variables or array components. The Java Card RE detects and restricts attempts to store references to these objects as part of the firewall functionality to prevent unauthorized reuse.

The APDU object and all Java Card RE owned exception objects are examples of temporary Java Card RE Entry Point Objects.

  • Permanent Java Card RE Entry Point Objects

Like all Java Card RE Entry Point Objects, methods of permanent Java Card RE Entry Point Objects can be invoked from any context. Additionally, references to these objects can be stored and freely re-used.

Java Card RE owned AID instances are examples of permanent Java Card RE Entry Point Objects.

The Java Card RE is responsible for the following tasks:

  • Determining what privileged services are provided to applets
  • Defining classes containing the entry point methods for those services
  • Creating one or more object instances of those classes
  • Designating those instances as Java Card RE Entry Point Objects
  • Designating Java Card RE Entry Point Objects as temporary or permanent
  • Making references to those objects available to applets as needed

Note - Only the methods of these objects are accessible through the firewall. The fields of these objects are still protected by the firewall and can only be accessed by the Java Card RE context.

Only the Java Card RE itself can designate Entry Point Objects and whether they are temporary or permanent. Java Card RE implementers are responsible for implementing the mechanism by which Java Card RE Entry Point Objects are designated and how they become temporary or permanent.

javacard/jcre/6.2.1_java_card_re_entry_point_objects.txt · Last modified: 2017/05/13 04:06 (external edit)