Java Card OpenPlatform

{{Infobox OS
, name = Java Card OpenPlatform
, logo =
, screenshot =
, caption =
, developer = IBM, > 2007 NXP
, source_model =
, kernel_type =
, supported_platforms = Java Card
, ui =
, family = Embedded operating systems
, released =
, latest_release_version = JCOP 3.1
, latest_release_date =
, latest_test_version =
, latest_test_date =
, marketing_target = Smart cards, Secure Elements, USB security tokens, Telematics
, programmed_in =
, prog_language = Java Card
, language =
, updatemodel =
, package_manager =
, working_state = Current
, license =
, website


Java Card OpenPlatform (JCOP) is a smart card operating system for the Java Card platform developed by IBM Zürich Research Laboratory.
On 31 January 2006 the development and support responsibilities transferred to the IBM Smart Card Technology team in Böblingen, Germany.
Since July 2007 support and development activities for the JCOP operating system on NXP / Philips silicon are serviced by NXP Semiconductors.

The title originates from the standards it complies with:
* Java Card specifications
* GlobalPlatform (formerly known as Visa Inc OpenPlatform) specifications

A Java Card JCOP has a Java Card Virtual Machine (JCVM) which allows it to run applications written in Java programming language.

History

First JC/OP Masks

Mask 0 : 1998 (spring)
* First prototype on Atmel 8-bit uC – Flash memory, slow
Mask 1 : 1998
* Siemens/Infineon SLE66 IC – Public key cryptography
Mask 2 and 3 : 1999
* Gemplus International (now Gemalto) licensed JC/OP
* Base mask for GemXpresso product line
* Public key generation
* Visa OpenPlatform
Mask 4 : 1999
* Contactless JC/OP on Philips MifarePro chip
* 256 bytes RAM, 20 KB ROM and 8 KB EEPROM
* Dual interface

JCOP01 and Cooperation with Philips

Mask 5 : 2000
* Philips P8WE smartcard microcontroller
* ‘JCOP01’ is the foundation for all later versions
* JCOP licensed by IBM
* JCOP Tools for development
Visa breakthrough program
* To counter MasterCard’s MULTOS
* Cooperation between IBM (OS), Visa (OpenPlatform) and Philips (IC)
* JCOP v1 owned by Visa
JCOP v2
* Owned by IBM, sold by Philips
* Philips SmartMX controller (SMX)
JCOP v2.2
* GlobalPlatform 2.1.1
* Java Card 2.2.1
* Elliptic Curve Cryptography (ECC) F2M support
* JCOP Tools Eclipse based

JCOP Transfer

JCOP v2.2.1 – JCOP v2.3.1
* Owned by IBM, sold by Philips/NXP
* Development transferred to IBM in Böblingen, Germany
* USB interface
JCOP v2.3.2
* JCOP technology owned by IBM
* Policy change at IBM
* Source code license acquired by NXP Semiconductors
* To serve customer requests and projects

JCOP by NXP

JCOP v2.4
* first NXP developed JCOP version
* ECC GF(p) support
* Java Card 2.2.2
JCOP v2.4.1
* ECC primitive calculation support (point addition and multiplication)
* Common Criteria 5+ certification (CC)
* EMV, Visa and MasterCard approved
* NFC integration into PN65N combo chip: NFC and Secure Element
JCOP v2.4.2
* additional algorithms to support eGovernment use cases, i.e. AES CMAC
* CC 5+
* NFC integration into PN65O

JCOP 3

mobile

Smartcard controller SmartMX2, P61, flash based persistent memory

JCOP 3.0
* NFC integration into PN65T
* Java Card 3.0.1 classic edition
* GlobalPlatform 2.2.1
* EMV platform certification
JCOP 3.1
* NFC integration into PN66T

card

SMX2, P60, EEPROM based persistent memory

JCOP 3.x
(not released as of Dec 26, 2014)

Technical Overview

JCOP is an operating system for a security sensitive embedded system environment, smartcard or secure element controllers in particular. The functional architecture can be partitioned into three parts:
* Java Card, for development of applications, i.e. API and structure of card applets similar to class files
* GlobalPlatform, for administration of applications and operating system, i.e. loading and access control
* JCOP proprietary features, mainly Java Card API extensions, i.e. ECC primitive calculation or MIFARE DESFIRE management

NXP offers also MIFARE emulations for Classic and DESFIRE on the same chip as additional (native) operating systems. While JCOP is based on open standards, MIFARE technology is NXP specific. Java Card applets running in JCOP can then be used to manage the MIFARE memory through Java Card API. MIFARE Plus and MIFARE Ultralight are not (yet) supported.

GlobalPlatform

GP is a high-level standard with many options. As of JCOP 3, support for GP 2.2.1 was added, in particular to support mobile use cases JCOP 3 is fully Secure Element configuration compliant.

GP 2.2.1 card specification, core
* issuer centric or simple model
* delegated management
* authorized management
* verification authority (GP 2.1.1 controlling authority)
* Data Authentication Pattern (DAP)
* Secure Channel Protocol 02 (SCP), pseudo random, C-MAC, C-ENC, R-MAC, R-ENC
* all the privileges are supported
Amendment A - Confidential Card Content Management (C3M)
* see implementation details in UICC configuration and Amendment E
Amendment C - Contactless Services
* every protocol but FeliCa is supported
* additionally MIFARE Classic and DESFIRE is supported
* HCI notifications are supported
Amendment D - Secure Channel Protocol 03 (AES)
* only AES-128
* all options are supported (random)
Amendment E - Security Upgrade
* SHA-256 and EC-256
* C3M scenario #3
UICC configuration
* scenarios #1, #2A and #2B
* SCP 80 and 81 is not supported (ETSI)
Secure Element configuration
* JCOP 3 is fully compliant

Java Card

From the optional packages JCOP 3 does not support the javacardx.framework. From the crypto and signature classes, some algorithms are not supported, i.e. MD5 and EC F2M. The key lengths (amongst others) supported are AES-128, DES, 2DES3, 3DES3, EC up to 521 bit, RSA up to 2048 bit.

Communication Protocols

JCOP 3 supports ISO-7816, ISO-14443 type A and B (through SWP - NFC controller) and SWP/HCI. USB low speed was supported only on JCOP v2.3.1.

Extensions

JCOP 3 supports various extensions, i.e. MIFARE DESFIRE management support for MIFARE4Mobile. It is important to know that usage of extensions used in applets (not part of Java Card and GlobalPlatform specifications) makes this applications not portable to other Java Card and GlobalPlatform compliant operating systems.

JCOP Tools

JCOP Tools were initially developed by IBM. The first module was a command line tool called JCOP Shell or JCShell. The development tools is a plugin to Eclipse IDE. NXP has maintained JCOP Tools and extended it with a CryptoPlugin and new JCOP simulations. The tools are offered for Windows, macOS and Linux platforms.

JCShell

JCShell is a Java program, command line tool which also supports scripting. The JCShell scripting language is sophisticated to create test and verification scripts. JCShell has a plugin structure where existing base plugin (similar to Eclipse plugins) which supports the most basic on-card APDU commands such as raw send is extended with GlobalPlatform and crypto functionality. All the plugins are extendable by own functionality (in Java). There is a standalone JCShell version without the need to install Eclipse and an Eclipse-based version embedded in form of a View in the Debug perspective of JCOP Tools plugin.11

External links

Java Card technology page at Oracle

Java Card Forum

JavaCard development tools

Smart cards
Java platform
Embedded operating systems