getting started with java card on sim cards - javacard

I'm looking to write a simple beginner program using Java Card to run on sim cards. Can anyone point me to some very basic information on getting started? I've seen some descriptions of the toolkit api, but I'm looking for things like: what capabilities are supported by the sim card, how to upload my code to the card (do i need special hardware?), how do I tell whether a sim card supports java card, that sort of thing.
EDIT: I'm specifically looking to run code on sim cards. I've seen some very high level tutorials online, but nothing that goes as far as connecting to a sim card or uploading code. I have a USB sim card reader and a variety of cards to test, but I can't find any detail on how to work with them.

To upload your code to a sim card, it seems to require one of these tools:
GPShell from the GlobalPlatform project
JCardManager which is part of the Gemalto Developer Suite
SIMAlliance CAT Loader
I've not got any of these to recognise my ebay sim card reader, so I think I'll have buy a different reader (probably from gemalto)
Edit: I bought the ACS ACR38 SDK, which includes 3 card readers and a selection of cards, along with drivers, code samples and tools. These card readers are working nicely with the Gemalto Developer Suite.
The Usability Lab tutorial provided with the Gemalto Developer Suite is a pretty good way of diving into sim card development.
Very interesting thing to note: it's pretty hard to get your code running on commercial mobile network operator SIM cards. They typically require the correct certificate before you can write to them.
There are hardware workarounds to this. I'm currently investigating TurboSIM and RebelSIM.
I finally gave up on this project due to other pressures. I was not able to get any Java Card running except on the dev cards, which are not compatible with real devices on a mobile network. The cutout cards such as TurboSIM and RebelSIM are a possibility but quite frustrating to work with.

there is a nice quickstart tutorial on the netbeans page
http://netbeans.org/kb/docs/javame/java-card.html

Related

using java card instead of SIM in android with SEEK

I've patched android with SEEK for Galaxy S3 and after some struggle I'm now able to send APDUs to SIM card and get proper responses.
I want to place my own applet inside SIM but since there is no way we can get the access to do so, I start to wonder if there is anyway we can issue a java card to work like a SIM card. All I need is a java card that the phone can't distinguish from a SIM, no network coverage is needed and I know it is almost impossible to create a SIM that works OK with operator and gives network coverage.
The reason for all this is I need to send APDUs and work with my applet, but if I insert a java card instead of a SIM card in GS3, it gives me no access at all.
So my question is this:
Is it possible to issue a java card so that it looks like a SIM by the phone (and not the operator)?
or Is it possible to change android so that it gives needed access when there is a java card in it, i.e. RIL works as usual?
EDIT
Okay, I think I'll try to issue a Java Card with following properties:
First, it will have an auto selected applet (default applet) that from now on will be call fake-UICC.
Second, in fake-UICC we'll emulate the file system of UICC (according to http://www.in2eps.com/fo-uicc/tk-fo-uicc-mf.html).
Third, since different class is used for SIM APDUs (0xA0) so All APDUs sent from RIL will be directed to fake-UICC by JCRE, since class+instruction is not recognized by normal Java Card. e.g. 0xA0A4 is select for SIM but 0x00A4 is select command for Java Card.
In last step, we will try to send exact same responses a real SIM would send to each APDU.
Maybe it won't work but I think it's worth a try.
SIM Card (UICC) accessed through SEEK is not the only secure element you can use in your cellphone.
On the market there are other Java Card solutions: mostly based on microSD slot (provided e. g. by GoTrust or Feitian Technologies), which you should be able to access through SEEK.
Some cellphones (Galaxy S3 is not this case, unfortunately) are equipped with a special secure element slot, which you can insert common smart card (mostly by Oberthur) into and access through SEEK (see http://www.nfcworld.com/technology/embedded-secure-element-ese/ for some devices with this feature).
There is an interesting article about SE options: http://nelenkov.blogspot.cz/2012/08/accessing-embedded-secure-element-in.html
If you know some other vendors offering microSD Java Card products, please write them down in comments and I will add them to my post. This answer is not supposed to be any advertisement for the companies mentioned above.
Well, Actually I'm not sure if this solution works or not, and as dear #Vojta mentioned in the comments under his answer I would like to discourage people from the following attempts. It will be difficult, time-consuming and probably with no useful results. He knows a lot more than me in this field.
Anyway, as you wanted I posted my suggestion:
Each file in the system file of the SIM/USIM card is linked to a hexadecimal number as its addresses (AID). These AIDs are defined in GSM and ETSI standards (GSM 11.11 for example). You can write some Javacard applets to simulate that system file.
As SIM/USIM card's AIDs are shorten than JavaCard AIDs, you might need to choose a Java Card that support partial AID selection and use this capability to refer incoming command to its associated applet.
I think you can simulate all the system file inside a single applet also and then make that applet default selected applet.
If you had any success with this solution, please inform us. :)

Using SIM card info on a USB Card Reader to secure usage of windows software

i have developed a windows desktop application and it is ready for distribution. Target buyers are in the order of few hundreds only. Yet wishing to protect it from unauthorized use.
First idea was to use something like HASP key etc. Found costly for my case. Then googled about machine fingerprint etc to write my own code. Found mixed opinion about it. Especially the fact that it might not be that end-user-friendly when they upgrade hardware.
Why should the fingerprinting be from machine.. it could be from something else which is unique and yet connected to the machine (hoping sim card is unique), right.? Put a sim card on a usb reader and plug it into the system. The application shall read the sim card id for authentication. Assuming i supply the sim card and pre-code their ids in the application. Is this idea sane and possible?
Thanks, Chandra.

NFC handover to Bluetooth or WiFi for data transfer

I'm currently working on a project for an interactive visitor centre in Laguna Beach, CA.
There are many touchscreen devices around the space, which we are developing some cool software for, however one of the client requests is to allow visitors to transfer image, pdf and video files from an interactive coffee table touchscreen onto their phone.
The client has seen this on YouTube/CES etc.. You know, where someone puts a phone on a the interactive surface and then magically swipes images onto the phone from the screen.
Of course, if the visitor had a custom app on their phone, and was already on the same WiFi this would not be so much of a problem. I suspect this is what happens on these magic demos that we see.
In our situation, we don't want the visitor to download an app really, we just want the easiest solution and experience for the visitor. We have a public WiFi available to us, and we can install an NFC device on the touchscreen and the touchscreen also has bluetooth.
My ideal scenario would be for the user to pop their NFC enabled phone on the table, the table recognises it, pairs with BT or WiFi and away we go! I'm not sure how practical this is though having researched around. Clearly thats not going to work on an iPhone. I don't mind a couple of mechanisms i.e. one for Android/other NFC phones and one for iPhone.
Does anyone have any experience of this kind of thing and suggestions of how to handle it?!
Here's a mock up of our 32" Coffee Table touchscreen just for some context
Thanks for reading through and having a think :-)
I know that there is standardized way to pair Bluetooth device using NFC tag. I think this is the best solution for you. The authority that is standardizing this format is called NFC Forum. You can find more info about the topic in this document: Bluetooth Secure Simple Pairing Using NFC

SIMcard applets development - hardware recommendations

I want to develop JavaCard 2.2.x applet, load to developer SIM card. I also need to connect to the SIM card through PCSC-Lite on Ubuntu (because of SEEK-FOR-ANDROID).
However, I don't know what hardware should I buy...I've already bought few (cheap) PC/SC smart card readers from Ebay and so, but there are not recognized by Gemalto Card Manager or any other soft for loading applets to SIMs.
I can't afford to try "real-deal" dev kits, as those are quite expensive for me (...student). I need to be sure before buying any of those. So my question is...
Would you give me some recommendations which JavaCard Dev kits (Reader + dev SIM card) should I buy? I've read, that ACR38 Dev Kit works nicely with Gemalto Dev Suite but there are no DEV SIM cards in the kit (at least, there are not mentioned in specs).
Thanks!!
Frankly speaking I don't know any cheap kit which includes sample cards except expensive (for students) Gemalto Card Admin and Gemalto Dev Suite.
For the reader I can recommend you Gemalto PCTwin reader, which you can buy online from Gemalto Web store here.
At the same time officially Gemalto Dev Suite is not working on Ubuntu and trial version which you can download from Gemalto Dev Network has limitation - you can use only Card Simulator and not real reader. May be it was the reason why you couldn't use your reader as if it is PCSC reader there is no difference for Dev Suite.
What I can propose you as a student - participation to Gemalto SIMAgine contest for students. In this case you'll receive all tools and cards for free.

Has anyone got a tutorial up on getting your own smartcard and getting pkcs#11 working on it?

Has anyone got a tutorial up on getting your own smartcard and getting pkcs#11 working on it? In Linux? (Windows would be fine too).
Most of the vendors seem to assume you'll be wanting enough for your whole company, not one or two.
This heavily depends on the driver and application you use. We use OpenSC/OpenCT for all non-Enterprise Smartcard uses. They have decent documentation.
Yes, check out what OpenSC supports.
Make sure that you know what you want - USB tokens or full-size smart cards. There are pros and cons with both solutions - USB tokens require drivers, often by the manufacturer, to use on some platforms (eg Windows7 or OSX can be troublesome). But they are easy to use once set up and sometimes offer better performance than ISO smartcards. Casual smart cards on the other hand have also contactless interfaces and can be used with pinpad readers which provide higher security than USB tokens.
If you're into fancier features and may want to extend your card infra further than just pkcs#11 crypto, javacards might be useful (OpenSC can not work with JavaCards directly but certain applets are supported, like Muscle) Otherwise look for a supported card operating system.

Resources