9 Verifying CAP and Export Files
Oracle’s Off-Card Verifier supports incremental verification and resolution of the set of CAP files that are installed on a Java Card technology-compliant device in a desktop environment. The unit of verification is a single CAP file. The context in which a CAP file can be executed is provided through the Application Programming Interface (API) of referenced packages as defined in their export files. Resolution is validated off-card by examining the export files of referenced packages.
Oracle’s Off-Card Verifier uses a bottom-up approach to verify the CAP files. In a nutshell, once a CAP file and its corresponding export file, if any, have been verified, it is not examined the succeeding times it is referenced. This is analogous to the process performed by an optimized Java virtual machine where, once the java.lang package has been loaded, verified, resolved, and initialized, it is not examined the succeeding times it is referenced. The same is true for a Java Card technology-compliant device.
A Java Card technology-enabled device is a secure environment. Additional security measures, such as the firewall, prevent a library from being corrupted. Once a verified CAP file has been installed on a Java Card technology-compliant device its state cannot be changed. This includes both its internal state and its context.
Off-Card verification provides a complete solution for Java Card technology-based applications when additional security constructs are applied. For more information on security measures and other details on working of the Off-Card Verifier, refer to the Off-card Verifier White paper.
This chapter contains the following sections: