-3

I noticed that JavaCard 3.0 may have the ability to use HTTPS from the Oracle website (oracle.com/technetwork/articles/javase/javacard3-142122.html).

Are there any ways to create HTTPS connections to a normal Internet website ?

gsunnic
  • 321
  • 4
  • 9

2 Answers2

1

A1: There are no JavaCard Connected (which describes such option) devices publicly available.

A2: Classic JavaCard does not specify/allow any kind of connections.

Martin Paljak
  • 4,119
  • 18
  • 20
  • Why they are not publicly available? Do you mean I can't buy a smart card that support JavaCard Connected version application? If so why they published the specifications? –  Feb 04 '15 at 11:26
  • And btw, does those Connected version JCs support HTTPS also? or it is only HTTP protocol? (Please tag me if answer) thanks –  Feb 04 '15 at 11:28
  • 2
    Anyone can write a paper and name it a "specification". But the specification only matters if there is implementation to back it up. – Martin Paljak Feb 04 '15 at 15:32
  • 1
    Problem is that the connected spec requires a very high level chip, especially with lots of RAM. (S)RAM takes lots of space on the die, making the die bigger and therefore the chip more expensive. And smart cards are a high volume business, i.e. bugger that developer, we want the chip *cheap*. – Maarten Bodewes Feb 04 '15 at 21:07
1

Basically with Java Card Classic you are limited to the APDU interface. This interface has been specified in the Java Card API and the ISO/IEC 7816-4 standard.

It is of course possible to channel any kind of protocol through an APDU interface, but you would have to program it yourself. Furthermore, you would have to do so on the terminal side as well, because Java doesn't know anything about TCP/IP, name resolution etc. As Java Card environments are very limited, it would be tricky to create something that resembles an HTTP client.

There have been demonstrations that implemented a tiny web server on a Java Card. Those obviously also require some kind of proxy on the terminal side.

The Connected Edition - if you can find it anywhere - uses the same idea; it implements a web-server for e.g. authentication. It doesn't provide a client to my knowledge.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263