1. Development Kit User Guide
  2. Programming With the Development Kit
  3. Using Java Card RMI
  4. Developing RMI Applications for the Java Card Platform
  5. Add Security Support
  6. Use the Service to Check the Current Security Status

Use the Service to Check the Current Security Status

In the example, the following are required security behaviors for the applet:

  • The debit method is authorized only if it is sent through a secure channel that ensures at least the integrity of input data, and if the cardholder is successfully authenticated.

  • The credit method is authorized only if it is sent through a secure channel that ensures at least the integrity of input data, and if the application issuer is successfully authenticated.

  • The getBalance method is authorized only if the cardholder or the application issuer is successfully authenticated.

The SecurityService provides methods and constants that allow the implementation to perform such checks. For instance, following is the code for the checks on the debit method: 

        if ((!security
                .isCommandSecure(SecurityService.PROPERTY_INPUT_INTEGRITY))
                || (!security
                       .isAuthenticated(SecurityService.ID_CARDHOLDER)))
           UserException.throwIt(REQUEST_FAILED);

If one of the two conditions is not satisfied, the remote object throws an exception. This exception is caught by the dispatcher and forwarded to the client.