4

As far as I know, the SIM card is a Java Card and it shall implement the ETSI/3GPP specifications and the UICC configurations.

  1. If the SIM is a Java Card - does it contains a JCRE from the Suns JCRE specification?
  2. If the SIM card has a JCRE - is it actually the OS of the card or there is another layer? If there is, where can I read about it? Is there an option to interact with the JCRE with APDU and a card reader?
  3. Are the JCRE and the card manager the same entity or the card manager is a native applet? If those are different, when an OTA update via SMS received, does the JCRE handle it first and then forward it to the applet or the card manager is the receives it directly?
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Bluestar
  • 79
  • 1
  • 7

1 Answers1

3
  1. If the SIM is a Java Card - does it contains a JCRE from the Suns JCRE specification?

Yes, a JCRE compliant to "Suns" JCRE specification anyway (Sun doesn't exist anymore, it's all Oracle now).

2a. If the SIM card has a JCRE - is it actually the OS of the card or there is another layer?

There could be multiple layers. Usually you'd also have native crypto libraries and a HAL - Hardware Abstraction (or Adaptation) Layer. If there is also another / native OS depends on the card (but I don't see any reason for it for SIM cards).

2b. If there is, where can I read about it? Is there an option to interact with the JCRE with APDU and a card reader?

You'd have to consult the manufacturer of the operating system / chip for that. And, if those are not available, your contact from the reseller.

  1. Are the JCRE and the card manager the same entity or the card manager is a native applet?

The card manager is part of the Global Platform specs. Most Java Card comply with those. The card can be native, byte code or a combination. Again, that's up to the manufacturer.

If those are different, when an OTA update via SMS received, does the JCRE handle it first and then forward it to the applet or the card manager is the receives it directly?

They are usually rather intertwined. I presume that the HAL (see above) handles the direct communication and the APDU buffer, but as long as the card complies to the respective standards, anything goes.

As long as it is well described of course, if not then the manufacturer probably gets some stern talking to by a FIPS or Common Criteria certification body. But design documents are usually not published by the manufacturers.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thank you for the awesome answer! I have 2 follow up questions - the SIM has a JCRE. Can the JCRE invoke any method of any applet? If so can the invocation (of any method) be done using RMI and the INVOKE apdu (or any other way using apdu)? – Bluestar Feb 28 '17 at 08:23
  • 1
    From [`Remote`](https://docs.oracle.com/javacard/3.0.5/api/java/rmi/Remote.html): Only those methods specified in a "remote interface", an interface that extends `java.rmi.Remote` are available remotely. – Maarten Bodewes Feb 28 '17 at 10:50
  • 1
    Besides RMI, generally you can only get to the `install` method, the `process` method and the `select` method (but the last one doesn't take any parameters) - besides the additional SIM interfaces / callbacks, of course. – Maarten Bodewes Feb 28 '17 at 10:52
  • Is it possible to trigger those methods (install, process & select) with an APDU? If so which APDU? And I'm sorry about my ignorance but what do you mean by SIM interfaces and callbacks? – Bluestar Feb 28 '17 at 22:45
  • BTW - thank you very much for the response! Do you have any recommendations about resources to read about those stuff? – Bluestar Feb 28 '17 at 22:47
  • 1
    Yes, the Java Card specs, SIM card specs and Global Platform specs. They are all available online (although you may need to register). Nothing better than learning it from the source. "Java Card Technology for Smart Cards" is still a good read - the technology hasn't changed much, the API has though. – Maarten Bodewes Mar 01 '17 at 01:03
  • Yeah I read and still reading those. I have 2 last questions (I promise) - is it possible to send an APDU to a Java card and invoke methods (process, install, select or any other) of any applet besides RMI? Is there any APDU commands set for the JCRE? – Bluestar Mar 01 '17 at 10:47