如何在Java卡中存储脱机交易数据 [英] How to store offline transaction data in Java Card
问题描述
我是Java Card开发的新手.我已经创建了一个Java Card applet进行在线支付..但是我找不到方法进行离线交易.我需要知道如何在Java Card中存储脱机数据(例如余额).有什么方法可以使用文件结构来存储数据吗?
I am new to Java Card development. I have created a Java Card applet for online payment.. But I couldn't find way to how to do offline transactions. I need to know how to store offline data (such as the balance) in Java Card. Is there any way to use file structure to store data?
推荐答案
对于脱机交易,需要将数据存储在永久内存中.此外,对此持久性内存的更新应为 atomic .这意味着,如果交易正在进行中,并且出现卡撕裂,则该交易应为无效.为此,Java Card具有(恰当命名) beginTransaction 和
For offline transactions it is required that you store the data in persistent memory. Moreover, updates to this persistent memory should be atomic. This means that if a transaction is in progress and there is a card tear then the transaction should be nullified. For this, Java Card has the (aptly named) beginTransaction and abortTransaction methods in JCSystem.
对于普通EEPROM或Flash的安全级别是否足以处理诸如交易和余额之类的敏感数据,存在一些讨论.随交易一起更新(安全)校验和不会损害,因此高级攻击者无法更改智能卡上存储的数据.存储此校验和必须是原子事务的一部分.
There are some discussions if the security level of normal EEPROM or Flash is enough for sensitive data such as transactions and balances. It could not hurt to update a (secure) checksum together with the transaction so that an advanced attacker cannot alter the data stored on the smart card. Storing this checksum has to be part of the atomic transaction.
Java Card不提供任何基于文件的结构.很久以前就有一个提议的API,但是目前对ISO 7816-4 文件系统的支持以它的AID选择applet结尾.该协议的其余部分是您的责任.请注意,除了UPDATE BINARY(和朋友)以外,您不应通过其他任何方式更新基本文件的内容.通常,文件的内容应该是静态的,也可以由非实体实体生成.例如,使用记录和GET DATA会更合适-但您也必须自己编写这些记录.
Java Card does not supply any file based structure. There was a proposed API a long time ago, but currently the support for the ISO 7816-4 file system ends with the applet selection by it's AID. The rest of the protocol is your responsibility. Note that you should not update the contents of an Elementary File by anything other than UPDATE BINARY (and friends). In general the content of the files should be either static or generated by the off card entity. Using for instance records and GET DATA would be more appropriate - but you will have to program those yourself as well.
这篇关于如何在Java卡中存储脱机交易数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
