(JavaCard)JavaCard222VM Spec（JavaCard 2.2.2 虚拟机规范-中英文对照，第一章）

CHAPTER 1
Introduction

第一章

介绍

1.1Motivation

1.1 功能

Java Card technology enables programs written in the Java programming language
to be run on smart cards and other small, resource-constrained devices. Developers
can build and test programs using standard software development tools and
environments, then convert them into a form that can be installed onto a Java Card
technology-enabled device. Application software for the Java Card platform is called
an applet, or more specifically, a Java Card applet or card applet (to distinguish it
from browser applets).

JavaCard技术使得用Java编程语言编写的程序可以运行在智能卡和其他小的资源紧张的设备上。开发人员可以用标准的软件开发工具和环境来编译和调试程序，然后把程序转化成能被JavaCard支持的的格式。JavaCard上的应用程序被称为Applet，或者更明确的称为Java Card Applet或者Card Applet（为了和浏览器Applets做区分）

While Java Card technology enables programs written in the Java programming
language to run on smart cards, such small devices are far too under-powered to
support the full functionality of the Java platform. Therefore, the Java Card platform
supports only a carefully chosen, customized subset of the features of the Java
platform. This subset provides features that are well-suited for writing programs for
small devices and preserves the object-oriented capabilities of the Java programming
language.

Java Card技术使得用Java语言编写的程序可以在智能卡上运行，然而如此小的设备远不足以支持Java平台的全部功能。因此，Java Card平台仅仅支持一个被仔细挑选，定制的Java平台属性的的子集。这个子集使得写的程序在小设备上有更好适应性，并且保持了Java语言的面向对象的特性。

A simple approach to specifying a Java Card virtual machine would be to describe
the subset of the features of the Java virtual machine that must be supported to
allow for portability of source code across all Java Card technology enabled devices.
Combining that subset specification and the information in Java Virtual Machine
Specification, smart card manufacturers could construct their own Java Card
technology-based implementations (“Java Card implementations”). While that
approach is feasible, it has a serious drawback. The resultant platform would be
missing the important feature of binary portability of Java Card applets.

一个简单的途径是定义一个代码可以在所有JavaCard环境下移植的Java虚拟机的子集。结合JVM的子集规定和信息，智能卡提供商可以在JavaCard规范上构建自己的工具。虽然手段是可行的，但有一个严重的缺点，目标平台将会丧失字节码的移植性。

The standards that define the Java platform allow for binary portability of Java
programs across all Java platform implementations. This “write once, run
anywhere” platform. Part of the motivation for the creation of the Java Card platform was to
bring just this kind of binary portability to the smart card industry. In a world with
hundreds of millions or perhaps even billions of smart cards with varying
processors and configurations, the costs of supporting multiple binary formats for
software distribution could be overwhelming.

Java平台的规范允许Java的代码在所有Java平台上移植，Java的“写一次，所有地方运行”的属性或许是平台的最重要的特性。部分JavaCard平台创建的工作就是为了把这种代码移植性带到智能卡行业。在世界上有千百万的不同处理器和配置的智能卡，为支持软件派发所支持的多种代码格式的代价是不能承受的。

This Virtual Machine Specification for the Java Card Platform, Version 2.2.2 is the key to
providing binary portability. One way of understanding what this specification does
is to compare it to its counterpart in the Java platform. The Java virtual machine
specification defines a Java virtual machine as an engine that loads Java class files
and executes them with a particular set of semantics. The class file is a central piece
of the Java architecture, and it is the standard for the binary compatibility of the Java
platform. The Virtual Machine Specification for the Java Card Platform, Version 2.2.2 also
defines a file format that is the standard for binary compatibility for the Java Card
platform: the CAP file format is the form in which software is loaded onto devices
which implement a Java Card virtual machine.

这个JavaCard的虚拟机规范（版本2.2.2)是提供代码移植性的的关键。理解这个规范做了什么的一个方法是和Java平台的对应副本进行比较。Java虚拟机规范定义了一个引导和按指令集执行Java类文件的引擎。类文件是Java体系结构里面核心的部分，并且是代码移植性的支柱。JavaCard的虚拟机规范（版本2.2.2）还定义了一个实现了JavaCard平台代码移植性的文件格式：CAP文件格式是软件被导入到实现了JavaCard虚拟机规范的设备的格式。

 

1.2The Java Card Virtual Machine

1.2 JavaCard虚拟机

The role of the Java Card virtual machine is best understood in the context of the
process for production and deployment of software for the Java Card platform.
There are several components that make up a Java Card system, including the Java
Card virtual machine, the Converter for the Java Card platform (“Java Card
Converter”), a terminal installation tool, and an installation program that runs on
the device, as shown in FIGURE1-1 and FIGURE1-2.

JavaCard虚拟机的角色在JavaCard平台的生产和开发流程下很好理解。JavaCard虚拟机和若干个组件组成一个JavaCard系统，一个Converter(转换器),一个终端安装工具，和一个运行在设备上的安装程序。如下图1-1和1-2

 

Development of a Java Card applet begins as with any other Java program: a
developer writes one or more Java classes, and compiles the source code with a Java
compiler, producing one or more class files. The applet is run, tested and debugged
on a workstation using simulation tools to emulate the device environment. Then,
when an applet is ready to be downloaded to a device, the class files comprising the
applet are converted to a CAP (converted applet) file using a Java Card Converter.
The Java Card Converter takes as input all of the class files which make up a Java
package. A package that contains one or more non-abstract subclasses, direct or
indirect, of the javacard.framework.Applet class is referred to as an applet package.
Otherwise the package is referred to as a library package. The Java Card Converter
also takes as input one or more export files. An export file contains name and link
information for the contents of other packages that are imported by the classes being
converted. When an applet or library package is converted, the converter can also
produce an export file for that package.

开发一个JavaCard应用和开发其它的Java程序一样：一个开发者写出一个或者多个类文件，应用使用模拟设备环境的模拟器模拟运行，测试和调试，包含应用的类文件被JavaCard Coverter转化成一个CAP文件。Converter把构成一个Java包的所有类作为输入。一个包含了一个或者多个非抽象的直接或者非直接的javacard.framework.Applet的子类的包被称作一个应用包(appet package)。否则被称为一个库包（library package)。Converter也可以把一个或者多个导出文件（export file）作为输入。一个导出文件包含了被转化类需要的导入的其它类的名字和链接信息。当一个应用或者库包被转化，转化器也可以产生这个包的导出文件。

After conversion, the CAP file is copied to a card terminal, such as a desktop
computer with a card reader peripheral. Then an installation tool on the terminal
loads the CAP file and transmits it to the Java Card technology-enabled device. An
installation program on the device receives the contents of the CAP file and prepares
the applet to be run by the Java Card virtual machine. The virtual machine itself
need not load or manipulate CAP files; it need only execute the applet code found in
the CAP file that was loaded onto the device by the installation program.

经过转化，CAP文件被拷贝到一个卡片终端，例如一个带有读卡器设备的桌面计算机。然后一个在终端上的安装工具载入CAP文件并且传输到JavaCard设备里。一个存在于JavaCard设备上的安装程序接收CAP文件的内容并且准备好被JavaCard虚拟机运行的应用。虚拟机自己不需要导入或者操作CAP文件，它只需要执行在被安装程序导入的CAP文件中发现的应用的代码。

The division of functionality between the Java Card virtual machine and the
installation program keeps both the virtual machine and the installation program
small. The installation program may be implemented as a Java program and
executed on top of the Java Card virtual machine. Since instructions for the Java
Card platform (“Java Card instructions”) are denser than typical machine code, this
may reduce the size of the installer. The modularity may enable different installers
to be used with a single Java Card virtual machine implementation

 

JavaCard虚拟机和安装程序工程的区分使得两者都更小，安装程序可以被实现为一个Java程序并且在JavaCard虚拟机的上层执行。因为Java虚拟机的指令比典型的机器码更稠密，这样做可以降低安装器的大小。组件性可以使得在一个JavaCard虚拟机实现上可以使用不同的安装器。

 

 

1.3Java Language Security

1.3Java语言安全

One of the fundamental features of the Java virtual machine is the strong security
provided in part by the class file verifier. Many devices that implement the Java
Card platform may be too small to support verification of CAP files on the device
itself. This consideration led to a design that enables verification on a device but
does not rely on it. The data in a CAP file that is needed only for verification is
packaged separately from the data needed for the actual execution of its applet. This
allows for flexibility in how security is managed in an implementation.

一个Java虚拟机的基本属性是通过类文件校验实现的强大的安全性。许多实现了JavaCard平台的设备可能太小不足以支持在自己设备上的校验。这个考虑使得设计上允许在设备上认证但是并不信赖它。CAP文件中校验相关的数据被和应用执行的真正数据分开放置。到允许安全管理更灵活的被实现。

There are several options for providing language-level security on a Java Card
technology-enabled device. The conceptually simplest is to verify the contents of a
CAP file on the device as it is downloaded or after it is downloaded. This option
might only be feasible in the largest of devices. However, some subset of verification
might be possible even on smaller devices. Other options rely on some combination
of one or more of: physical security of the installation terminal, a cryptographically
enforced chain of trust from the source of the CAP file, and pre-download
verification of the contents of a CAP file.

在JavaCard设备上有几个提供语言级别安全的选项。概念上最简单的是在CAP文件下载时和下载后验证文件内容。这个选项通常在比较大的设备上可行。其它的选项信赖一些捆绑的属性：安全终端的物理安全，在下载时候的算法校验过程，在下载之前预校验CAP文件。

 

The Java Card platform standards say as little as possible about CAP file installation
and security policies. Since smart cards must serve as secure processors in many
different systems with different security requirements, it is necessary to allow a
great deal of flexibility to meet the needs of smart card issuers and users.

JavaCard平台规范在CAP文件安装和安全规则这儿尽量的少说。因为智能卡在不同的安全需求的不同系统里作为安全的处理器，有必要允许很多灵活性来适应智能卡发行人和用户。

 

1.4Java Card Runtime Environment Security

1.4 Java运行环境安全

The standard runtime environment for the Java Card platform is the Java Card
Runtime Environment. The Java Card RE consists of an implementation of the Java
Card virtual machine along with the Java Card API classes. While the Java Card
virtual machine has responsibility for ensuring Java language-level security, the Java
Card RE imposes additional runtime security requirements on devices that
implement the Java Card RE, which results in a need for additional features on the
Java Card virtual machine. Throughout this document, these additional features are
designated as Java Card RE-specific.

JavaCard平台的标准运行环境叫做JCRE，JCRE由JavaCard虚拟机以及JavaCard API的类构成，既然JavaCard虚拟机有保证Java语言层安全的责任，JCRE保证附加的运行态的安全。这部分的附加属性在JCRE规范中。

The basic runtime security feature imposed by the Java Card RE enforces isolation of
applets using what is called an applet firewall. The applet firewall prevents the
objects that were created by one applet from being used by another applet. This
prevents unauthorized access to both the fields and methods of class instances, as
well as the length and contents of arrays.

JCRE最基本的运行态安全特性是用一个应用防火墙把应用隔离开。应用防火墙阻止一个应用创建的对象被其它的应用访问，阻止了对未授权的实例的属性和方法的访问（访问数组的长度类似）

Isolation of applets is an important security feature, but it requires a mechanism to
allow applets to share objects in situations where there is a need to interoperate. The
Java Card RE allows such sharing using the concept of shareable interface objects.
These objects provide the only way an applet can make its objects available for use
by other applets. For more information about using shareable interface objects, see
the description of the interface javacard.framework.Shareable in the Application
Programming Interface, Java Card Platform, Version 2.2.2 specification. Some
descriptions of firewall-related features make reference to the Shareable interface.

应用的隔绝是一个重要的安全属性，但是它需要一个机制来允许应用间在需要内部操作的时候共享对象。JCRE允许允许使用共享接口对象（shareable interface object）的概念来进行这样的共享。这些对象提供了一个应用让它的对象可能被其他应用使用的唯一的方式。更多的使用共享接口对象的信息参见API手册中javacard.framework.Shareable接口的描述。一些防火墙相关的属性的描述为共享接口提供了一定的参考。

The applet firewall also protects from unauthorized use the objects owned by the
Java Card RE itself. The Java Card RE can use mechanisms not reflected in the Java
Card API to make its objects available for use by applets. A full description of the
Java Card RE-related isolation and sharing features can be found in the Runtime
Environment Specification, Java Card Platform, Version 2.2.2.

应用防火墙还避免了对JCRE自身拥有的对象的未授权使用。JCRE可以使用不在JCAPI中体现的机制使得它的对象可以被应用使用。JCRE隔离和共享的相关属性可以在JCRE规范中得到体现。