How to store offline transaction data in Java Card

StackOverflow https://stackoverflow.com/questions/20699325

Question

I am new to Java Card development. I have created a Java Card applet for online payment.. But I couldn't find way to how to do offline transactions. I need to know how to store offline data (such as the balance) in Java Card. Is there any way to use file structure to store data?

Was it helpful?

Solution

For offline transactions it is required that you store the data in persistent memory. Moreover, updates to this persistent memory should be atomic. This means that if a transaction is in progress and there is a card tear then the transaction should be nullified. For this, Java Card has the (aptly named) beginTransaction and abortTransaction methods in JCSystem.

There are some discussions if the security level of normal EEPROM or Flash is enough for sensitive data such as transactions and balances. It could not hurt to update a (secure) checksum together with the transaction so that an advanced attacker cannot alter the data stored on the smart card. Storing this checksum has to be part of the atomic transaction.

Java Card does not supply any file based structure. There was a proposed API a long time ago, but currently the support for the ISO 7816-4 file system ends with the applet selection by it's AID. The rest of the protocol is your responsibility. Note that you should not update the contents of an Elementary File by anything other than UPDATE BINARY (and friends). In general the content of the files should be either static or generated by the off card entity. Using for instance records and GET DATA would be more appropriate - but you will have to program those yourself as well.

OTHER TIPS

A JavaCard is a little different from Java on your PC. Everything you do in your applet is persistent. Only if you explicitly allocate a variable in RAM the content is lost upon card reset (or power loss).

Therefore every field variable e.g. in your applet class can be used for storing your offline data.

  1. Create a persistent array for offline balance

    ex. balance = new byte[length_of_balance];

  2. Create a transient array to calculate offline balance

    ex. temp_balance = JCSystem.makeTransientByteArray(length_of_balance, CLEAR_ON_DESELECT);

  3. when the new amount is received,

    a. load the balance to temp_balance

    b. accumulate new amount to temp_balance

    c. copy temp_balance to balance using Util.arrayCopy

Hope this helps~

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top