Secure Box in JCOP card

Question

JCOP V2.4.2 Revision 3 Security Target:

Page 11-12

A Secure Box concept is implemented within JCOP 2.4.2 R3. The Secure Box is a construct which allows to run non certified third party native code and ensures that this code cannot harm, influence or manipulate the JCOP 2.4.2 R3 operating system or any of the applets executed by the operating system.The separation of the native code in the Secure Box from other code and/or data residing on the hardware is ensured by the Hardware MMU which has been certified in the hardware evaluation

I have some of the described card and I want to have experience in working with the Secure Box also! Searching in Java Card v3.0.1 Specifications , Global Platform v2.2.1 card specification aND JCOP v2.4.2 r3 Administrator Manual didn't helped. There is almost nothing in the mentioned documents about Secure Box.

So :

Does anybody have any idea/experience that how I can use the Secure Box in JCOP cards? What kind of program/code we can upload in Secure Box? Does those programs written in Java Card language and are in the form of CAP files also? Or those are written in C++ or Assembly for example?

How to upload and install them on the card? And what is the advantages of this Secure Box?

Answer 1

No they are native modules that need to implement a rather generic Java Card defined - byte array oriented - method interface (it's in the JCOP extensions, look for it). Normally you would need to program in C, e.g. using the Keil dev. kit and then send the resulting code to NXP.

CAP files need to comply to the Java Card specifications, I don't remember any option to include native code in .cap files, so they are an unlikely transport vehicle for it.