FIG. 1A is a block diagram that illustrates a resource-rich device. Resource-rich devices are generally-considered those that are relatively unrestricted in memory and/or computing power or speed. A typical desktop computer is an example of a resource-rich device. A resource-rich device 100 may allow multiple independent execution modes 105 that allow multiple code spaces within programs that execute with different privileges. A kernel or secure execution mode is associated with relatively more privileges, allowing application programmers relatively more freedom in using the code space. An application or unsecure execution mode is associated with relative less privileges, allowing application programmers relative less freedom in using the code space.
FIG. 1B is a block diagram that illustrates a resource-constrained device. Resource-constrained devices 110 are generally considered to be those that are relatively restricted in memory and/or computing power or speed and have a single execution mode 115, as compared to typical desktop computers (reference numeral 100 of FIG. 1A) and the like. Resource-constrained devices include, by way of example, smart cards, cellular telephones, boundary scan devices, field programmable devices, personal digital assistants (PDAs) and pagers and other miniature or small footprint devices.
Smart cards, also known as intelligent portable data-carrying cards, are a type of resource-constrained device. Smart cards are typically made of plastic or metal and have an electronic chip that includes an embedded microprocessor or microcontroller to execute programs and memory to store programs and data. Such devices, which can be about the size of a credit card, typically have computer chips with 8-bit or 16-bit architectures. Additionally, these devices typically have limited memory capacity. For example, some smart cards have less than one kilobyte (1K) of random access memory (RAM) as well as limited read only memory (ROM), and/or non-volatile memory such as electrically erasable programmable read only memory (EEPROM).
A Java™ virtual machine executes programs written in the Java™ programming language and is designed for use on desktop computers, which are relatively rich in memory. It would be desirable to write programs that use the full implementation of the Java™ virtual machine for execution on resource-constrained devices such as smart cards. However, due to the limited architecture and memory of resource-constrained devices such as smart cards, the full Java™ virtual machine platform cannot be implemented on such devices. Accordingly, a separate Java Card™ (the smart card that supports the Java™ programming language) technology supports a subset of the Java™ programming language for resource-constrained devices.
Development of an applet for a resource-constrained device, such as a smart card 110, begins in a manner similar to development of a Java program. In other words, a developer writes one or more Java classes and compiles the source code with a Java compiler to produce one or more class files. The applet can be run, tested and debugged, for example, on a workstation using simulation tools to emulate the environment on the card 110. When the applet is ready to be downloaded to the card 110, the class files are converted to a converted applet (CAP) file by a converter. The converter can be a Java application being executed by a desktop computer.
A smart card 110 has an input/output (I/O) port, which can include a set of contacts through which programs, data and other communications are provided. The card 110 also includes a loader for receiving the contents of the CAP file and preparing the applet for execution on the card 110. The installation tool can be implemented, for example, as a Java program and can be executed on the card 110. The card 110 also has memory, including impersistent mutable memory such as a RAM. The card 110 also has a persistent immutable memory such as a ROM and a mutable persistent memory, such as an EEPROM. The applet prepared by the loader can be stored in the EEPROM. Java Card™ technology is described in Z. Chen, Java Card™ Technology for Smart Cards—Architecture and Application Programmer's Guide, Boston, Addison-Wesley, (2000).
A need exists in the art for a solution that allows a resource-constrained device to execute multiple programs having instructions with separate privileges. A further need exists for such a solution that performs runtime checks. A further need exists for such a solution that obeys memory zoning. A further need exists for such a solution that allows relatively complex operations to be securely expressed in relatively simple instructions.