Is it possible to protect JavaCard application against program copying from one card to another? Also is it possible somehow access data on JavaCard and damage them?
1
There are 1 best solutions below
Related Questions in JAVACARD
- How to return a slice in Java
- Is it possible Java Card supports NIO,like event-driven, reactor
- How do I read EF.PLMNsel?
- Can't install .cap file on NXP P71D321
- How can I upload a SIM applet through OTA
- How to communicate programmatically with the JCOP simulator, how to programmatically send APDUs to a JCOP simulator?
- Problem Loading Signed CAP file directly to Supplementary Security Domain
- an error occurred while building a Java Card project in Eclipse javax/xml/bind/JAXBException
- Bitcoin Transaction signing using Javacard
- Gemalto SmartCard Get status issue
- How to use APDU I/O API in Eclipse
- InitialiseSecureChannel error during profile package installation on an eUICC
- Why euicc manager get NO_SUCH_ELEMENT aka errcode 3?
- Java Card Eclipse Plug-in: APDU I/O API is hanging on powerUp()
- What are the correct steps to have a supplementary security domain with DAP verification?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Sure, generally you cannot retrieve Java Card applets at all. You can load them using Global Platform (GP) LOAD commands and install them using INSTALL. There are however no retrieve commands as far as I know, nor are they necessary. If they were present then you'd still need the GP key set to install them. If you have a card with a default key set then you can replace the keys before or after loading the applet in your secure (pre-)personalization environment.
Usually the chips are protected e.g. using a hardware mesh and / or similar passive & active protections to avoid extraction using hardware. In the end though you should use the applets in such a way that an attacker would have a hard time getting information out even if the code is known (using derived, card specific keys for instance, calculated or loaded during (pre-)personalization).
Good cards are tested against e.g. Common Criteria. CC does publish reports and those should be referenced by the relevant product pages. Of course, that doesn't mean that they will never be hacked - the adversary may have direct access to the hardware after all, but it does provide a minimum level of security.