The following example demonstrates how to implement a security service.
package com.sun.javacard.samples.SecureRMIDemo; import javacard.framework.*; import javacard.framework.service.*; public class MySecurityService extends BasicService implements SecurityService { // list IDs of known parties... private static final byte[] PRINCIPAL_APP_PROVIDER_ID = {0x12, 0x34}; private static final byte[] PRINCIPAL_CARDHOLDER_ID = {0x43, 0x21}; private OwnerPIN provider_pin, cardholder_pin = null; // and the security-related session flags ... public MySecurityService() { // initialize the PINs ... } public boolean processDataIn(APDU apdu) { if(selectingApplet()) { // reset all flags ... } else { return preprocessCommandAPDU(apdu); } } public boolean isCommandSecure(byte properties) throws ServiceException { // return the value of appropriate flag .... } public boolean isAuthenticated(short principal) throws ServiceException { // return the value of appropriate flag .... } private byte authenticated; private boolean preprocessCommandAPDU(APDU apdu) { receiveInData(apdu); if(checkAndRemoveChecksum(apdu)) { // set DATA_INTEGRITY flag } else { // reset DATA_INTEGRITY flag } return false; // other services may also preprocess the data } private boolean checkAndRemoveChecksum(APDU apdu) { // remove the checksum // return true if checksum OK, false otherwise } public boolean processCommand(APDU apdu) { if(isAuthenticate(apdu)) { receiveInData(apdu); // check PIN // set AUTHENTICATED flags return true; // processing of the command is finished } else { return false; // this command was addressed to another // service - no processing is done } } public boolean processDataOut(APDU apdu) { // add checksum to outgoing data return false; // other services may also postprocess outgoing data } private boolean isAuthenticate(APDU command) { // check values of CLA and INS bytes } }