Card computing devices may provide identification, authentication, data storage and application processing in a variety of systems from mobile phones to automated teller machines and drivers licenses. Various specifications and standards define interfaces and protocols for use between card computing devices and card readers, hosts or terminals. For example, the European Telecommunications Standards Institute (ETSI) has defined a set of protocols and specifications relating to communication between an application on a card computing device and a terminal application.
Java has become a common development platform for creating applications for card computing devices. For instance, Java Card™ is a small Java implementation for embedded devices including card computing devices. Many Java Card™ products also rely on the GlobalPlatform Card Specifications for secure management of applications on a card computing device.
Security of the communications between a card computing device and a host or terminal may be very important to the proper functioning of an overall system. Card computing devices are frequently used for personal identification tasks, partly because they are physically engineered to be tamper resistant. However, secure communications mechanisms between card computing devices and terminal applications are not standardized nor well defined in existing technology. Additionally, traditional security mechanisms frequently involve significant modifications to the individual applications installed on card computing devices.