Version 3 of the Java Card smart card specification, released in March 2008, overhauled the technical architecture of the smart card.
The Connected Edition of the specification introduced a significantly enhanced execution environment and a new virtual machine. It includes new network-oriented features, support for web applications with new Servlet APIs, multi-threading and support for applets with extended and advanced capabilities.
Such features add complexity to the smart card platform and the hosted applications, increasing the attack surface and introducing a multitude of vulnerabilities. The security models, testing and risk management programmes must cater for these susceptibilities.
In this article we consider the new features of the Connected Edition and identify some of the security problems that developers need to be aware of.
Click on the button to download this report