Thomas Schack Frank Seliger. Smart Card Application. Development Using Java . With 98 Figures, 16 Tables and a Multi Function Smart Card. Springer. optimized for smart cards and related, small-memory embedded devices. cards developed using the Java Card Application Environment (JCAE), allowing. Smart card technology has continued to develop unobtrusively in the for many helpful tips on programming Java cards, Christoph Schiller for convincing me.
|Language:||English, Spanish, Indonesian|
|Genre:||Business & Career|
|ePub File Size:||20.45 MB|
|PDF File Size:||11.54 MB|
|Distribution:||Free* [*Regsitration Required]|
Request PDF on ResearchGate | Smart Card Application Development Using Java | From the Publisher: In today's world, smart cards play an increasingly. The first € price and the £ and $ price are net prices, subject to local VAT. Prices indicated with * include VAT for books; the €(D) includes 7% for. Germany, the. Smart Card Application Development Using Java DRM-free; Included format: PDF; ebooks can be used on all reading devices; Immediate eBook download.
Hence this client software bridges the gap between graphical user interface components and on-card applications as it could be seen in data flows 1 and 2 given in Figure 3. In this paper, a smart card based healthcare information system is developed. If PIN is valid, card session will be successfully opened and terminal application communicates with the remote server over system protocol to get messages for related doctor. Figure 3 shows whole system architecture with components. When a doctor card is inserted in CAD, a secure channel is established between host application and smart card. SCHS presents a communication protocol in which both data security and digital identity verification are duly provided.
When a doctor card is inserted in CAD, a secure channel is established between host application and smart card. After mutual authentication, card PIN is requested. If PIN is valid, card session will be successfully opened and terminal application communicates with the remote server over system protocol to get messages for related doctor.
Remote database server address is obtained from smart card. Doctor personal data including DSA private key is temporarily transmitted to application from smart card. This data will be available during doctor session. Now doctor session is open and host application waits for patient smart cards. So, a patient card can only be accepted when a doctor card is also present in reader. However this can only be possible in CADs with two slots and advanced mutual card authentication capabilities.
We have used a single-slotted CAD with a simpler structure. In our system, opening a doctor session before patient session is sufficient for operation. Figure 1 represents the doctor session. Figure 1 approximately here When an open doctor session condition is satisfied, application can accept patient smart cards and open patient sessions. Like doctor session, a secure channel is established and mutual authentication is realized when a patient card is inserted on CAD.
Entered PIN is validated and remote messages for patient are received in same manner. Using system private distributed protocol, terminal receives requested data from clinic server in an encrypted form. Data is encrypted with patient DES key and to decrypt it on client side, terminal needs same DES key stored on patient smart card.
In addition to general health information, decrypted clinic specific patient health data are displayed. Reverse procedure will be carried out on the server side: Notice that the required DES and DSA keys are obtained from hospital central database on server side using database network addresses sent from client terminal. Data update on clinic database is completed if everything is in order.
Result of remote process is returned to terminal and patient session is closed.
Figure 2 demonstrates patient session. Figure 2 approximately here After examination, patient will apply to system administration unit to record new inspection and prescription data stored on smart card to hospital database and to realize prescription approval. Basically that unit is responsible to manage hospital database. However in such a system, client software components will completely depend on database server and related database software. To overcome the dependency problem, instead of the clients directly being involved in database related processes, an extra control structure is added to manage queries.
This lets each component to be designed independent of the others and provides software reusability. In MVC pattern, view components communicate with system data model by means of a controller mechanism.
So, client applications only include view components user interfaces such as forms, dialogs, etc. Java RMI technology lets distributed remote objects to communicate with each other without depending on network infrastructure. Authentication of client for that operation and data update are performed by that remote object.
Implementation of MVC pattern and RMI also provides digital signature and data encryption key usage in system authentication and data security respectively. One of the important aims of the system is to access clinic databases in a secure and authenticated way in which smart cards play an active role.
Data is transmitted as encrypted and signed on protocol.
RMI has already facilities like object serialization and parameter marshalling on its channel so encapsulated data are not purely transferred. Figure 3 shows whole system architecture with components.
This package contains both the Java card applet and model classes to hold patient data discussed in section 2. This software manages bytes of patient data.
Applet class and it communicates with off- card smart card applications to serve patient data in a secure way. It is called tr. OCF is expected to be integrated in most of the smart card based healthcare solutions . Smart card client package running on client computer carries out both doctor and patient smart card communication. Thus, user interface components can use prepared objects provided by this package especially in APDU byte vector formation without struggling with limited smart card data structure conversions.
Hence this client software bridges the gap between graphical user interface components and on-card applications as it could be seen in data flows 1 and 2 given in Figure 3. Object model of this client software is shown in Figure 5. User interface components access card data over those objects without striving for APDU communication. Therefore it could be processed in interface components in a very simple way. As it is mentioned before, client computers do not contain any software component which is responsible to access databases and perform queries.
Remote objects fulfill those operations instead of client software.
Client software only contains user interface components instances of Java Foundation Classes and forms view layer of MVC architecture. Card terminals in a department take service from RMI servers located in the same department. Remote objects, whose methods are called by clients, exist on those servers. RMI server application creates objects with remote interfaces and registers them to RMI registry on server.
When a client object wants to use a remote method, it first connects to the RMI registry on server and obtains interfaces of relevant remote objects. Then they can call remote methods by using those interfaces according to RMI protocol . Stub prepares data and sends it to remote object.
Object controls authentication of client, decrypts data, prepares proper query and updates data on remote database. Operation result or exception if occurred is returned to client over the same channel. So, all control and database connection operations are abstract to clients. Remote objects on RMI servers fulfill those operations on behalf of clients and form controller layer of MVC architecture of the system.
Relational model of the central database is given in Figure 6. Allergies, surgical operations, immunizations, medications and former diseases are stored in corresponding database tables with their unique IDs. IDs have been generated automatically during system implementation except in medications.
Barcode number on each medication is given to the related medication as its system ID. This record is associated with the related patient and the disease via their unique IDs. As it is mentioned before, clinic based patient data are stored on separate clinic databases to provide both flexibility and modularity of the system.
Due to non-standard form of the information systems and database structures used in clinics of many hospitals as in the Ege University Hospital, our design seems most appropriate. So, smart card terminal applications communicate with those remote objects and doctors can access the local patient data during examination as described in above sections.
Model is completely independent from use and view of data. So, databases form the model layer of the MVC architecture. Controller components map proper bean objects to tables of those databases. Hence, transmission of data is realized over secure protocols both in smart card and remote database communications.
These secure communications are discussed here in detail. This involves comparing keys, which are stored in a key file. The real value of the mother key is provided by the card manufacturer with the card.
Every smart card session begins with authentication stage in which both entities perform the check: After successful authentication, a secure communication channel is established between the two entities. Given PIN is checked by smart card itself and successful entry opens the card session.
In case of three consecutive wrong entries, smart card blocks itself for any communication. This requires a network communication over a secure protocol. In RMI, incoming and outgoing data are transferred in a serialized form meaning that data encapsulated by objects are not purely transferred over RMI channel. Receiver of the data should know the type of the object to deserialize content for if otherwise, it only gets a meaningless data stream.
From this point of view, SCHS specific communication protocol provides a degree of security. SCHS presents a communication protocol in which both data security and digital identity verification are duly provided. Data to be updated is first encrypted, then signed and finally serialized before network transmission. Both signed and encrypted data is encapsulated by an object and this object is serialized and sent over the RMI channel to remote side.
Figure 8 gives flowchart of this protocol. All database communications are logged in system servers.
Figure 9 approximately here On the other hand, key management should be taken into consideration. Generation, cancellation and replacement of security and authentication keys are all managed by system administration unit within SCHS. The key is stored on card in a serialized form.
Essentially this is a byte stream and this stream is again transformed into the real DES key on authorized host applications during their processes.
On the other hand, system administration unit prepares DSA key pairs for healthcare professionals so that they can work within the SCHS. Of course DES is potentially vulnerable to a brute-force attack and it may need to be replaced with an algorithm containing multiple encryptions with multiple keys such as 3DES.
However smart card programmers can only use Patient card software needs more space approximately 14K both for software and permanent data objects. Note that any smartcard that complies with JavarCard specifications and provide sufficient data space can be used in implementation of our design. That is, our design is platform independent and by using JavaCard framework , our system can be ported to different platforms without modifying any software.
It is connected to a terminal PC with baud data transmission rate. It has Java 1. System administration software is also deployed and tested on this computer. Server components are deployed to a PC with Intel P4 1. It does not contain any smart card software. Over lines of code are written to develop the whole system that includes seven software modules.
To write bytes of data to smart card and receive response from card takes approximately 2 seconds. Furthermore, it takes approximately 9 seconds to start a user session and display PIN entry dialog after insertion of smart card into CAD. To provide some flavor of the developed environment, the clinic program developed for Neurosurgery Department of Ege University Hospital is discussed with its selected screenshots.
Figure 10 is the screenshot taken in runtime of the SCHS clinic application in which a doctor has recently opened a doctor session using her personal smart card. Depending on the access information on the smart card, application has also communicated with the central hospital database to retrieve personal message for the doctor if any exists.
Now the doctor is ready to accept patients for examination. Like in doctor session, when a patient smart card is opened on a clinics application, the application immediately communicates with the central database to retrieve any existing message for the patient. The doctor can also access other patient information e.
Her record request is validated at the RMI server of the neurosurgery department and patient information is transferred to the clinic application in an encrypted form. Figure 12 approximately here 5. Hence, SCHS is currently ready to be used in Neurosurgery Department and is expected to be fully operational in near future, upon fulfillment of some system deployment issues.
However, contribution of other departments into the system will be fast and easy, owing to above mentioned modular software design of the SCHS. SCHS can be considered as a powerful healthcare automation with integration of smart card use into existing hospital information systems.
Its distributed protocol enables mobile and secure access to the patient records and facilitates roles of both healthcare professionals and patients. Similar studies introduced in Section 1 also aim to provide system enhancements via smart card use. However, contribution of smart cards in those studies is limited even in the systems that are currently in use.
For example system in  has a restricted design in which smart cards only behave as a portable health report card. Potential security and authorization features are not fully presented. On the other hand, protocol introduced with SCHS allows use of cards in both data storage and security in addition to mobile data carriage.
It should also be noted that architecture of SCHS takes care of the easy integration of the currently working health information systems in a hospital with the help of its layered approach. Hence, users of the old information system both health professionals and patients can adapt to the new system easily and quickly.
For example clinic module shown in Figure 12 has exactly the same GUI and usage procedure with the previous system used in Neurosurgery Department of Ege University Hospital. A collaborative study has been performed with healthcare professionals employed in Neurosurgery Department of Ege University Hospital during requirement determination, domain analysis and evaluation phases of the SCHS. It is essential that doctors have knowledge of evaluation issues in order that they can assess the strengths and weaknesses of evaluation studies and thus interpret their results meaningfully .
Contribution to the design and implementation of such studies provide system developers with useful information. Our colleagues preferred a practical assessment based on their experience instead of a methodological one in this study.
Hence SCHS seems to be widely used in the department after a relatively short learning period when it becomes fully deployed. Weaknesses of the SCHS should also be considered. SCHS is currently not fully operational and therefore it has met a limited number of user requirements. Controller layer of its software architecture should be strengthened with up to date technologies those are mentioned in Section 6. So, concurrent database accesses especially for central databases will be optimized with already implemented connection pool mechanism to enhance performance.
Finally, it needs to be studied on the current electronic prescription data structure to make it fully compatible with working pharmacy softwares in Turkey.
In addition to carrying mobile information, system smart cards are used in security and authentication processes. The most important problem encountered during system development is the lack of medical data store and retrieval standardization in healthcare sector.
Our system has its own specific medical data coding in databases. However as standardization occurs, the database can be redesigned to meet those standards. The capacity increase and cheaper costs will improve quality of smart card services. For example, the present patient cards of the SCHS can only store last inspection and prescription data as indicated before. With use of such high capacity smart cards, we also intend to store extra medical information like x- ray films and test documents on smart cards.
Another further system development that we take into account is the integration of pharmacies to system and processing of electronic prescriptions currently stored in smart cards. Such integration provides a paperless environment for prescription protocols between hospitals and pharmacies. We also intend to improve the distributed object protocol of the system by the use of advanced RMI facilities and Enterprise Java Bean architecture in J2EE platform especially for an easier and more efficient process management.
We believe that those modifications can be easily done by means of layered system architecture of SCHS. Tunali, S.
Yildirim and T. Dalbasti, The use of smart cards in health care, Hermes Project Workshop , pp. Pagetti, C. Mazini, M. Pierantoni, G. Gualandi and H. Novak , G. Kandus and D. Trcek, Further development of a smart-card based health care information system in Slovenia, presented at the Fifth International Congress on Conference and Exhibition on Cards Applications in Health Care: Health Cards'99, Milan Italy, This book provides a guide for the rapid development of smart card applications using Java and the OpenCard Framework.
It gives you the basic information you need about smart cards and how they work. It shows in detail how to develop applications that use smart cards by guiding you through examples step by step. A smart card provided with the book will help you to quickly get some first hands-on experience.
Free Preview. Buy eBook. Buy Softcover. FAQ Policy. About this book In todays world, smart cards play an increasingly important role in everyday life. Show all. Hansmann, Uwe et al. Pages