The Java Card life cycle describes the various states that a Java Card can go through during its usage. These states are as follows:
- OP_READY: This is the initial state of the Java Card after it is powered on. In this state, the runtime environment shall be available and the Issuer Security Domain, acting as the selected Application, shall be ready to receive, execute and respond to APDU commands from the card reader.
The following functionality shall be present when the card is in the state OP_READY:- The runtime environment shall be ready for execution.
- The OPEN shall be ready for execution.
- The Issuer Security Domain shall be the implicitly selected Application for all card interfaces.
- Executable Load Files that were included in Immutable Persistent Memory shall be registered in the GlobalPlatform Registry.
- An initial key shall be available within the Issuer Security Domain
- INITIALIZED: In this state, the Java Card has been initialized by the application and is ready to execute the code that has been loaded onto it. This state indicates that the card has passed its self-tests and is functioning properly. The state INITIALIZED is an administrative card production state. The state transition from OP_READY to INITIALIZED is irreversible. Its functionality is beyond the scope of this Specification. This state may be used to indicate that some initial data has been populated (e.g. Issuer Security Domain keys and/or data) but that the card is not yet ready to be issued to the Cardholder.
- SECURE: In this state, the Java Card has been authenticated and is in a secure mode. This state is typically reached after a successful mutual authentication between the card and the card reader, and indicates that the card is ready to perform secure operations. The state SECURED is the intended operating card Life Cycle State in Post-Issuance. This state may be used by Security Domains and Applications to enforce their respective security policies. The state transition from INITIALIZED to SECURED is irreversible. The SECURED state should be used to indicate to off-card entities that the Issuer Security Domain contains all necessary keys and security elements for full functionality.
- CARD_LOCKED: In this state, the Java Card has been locked due to multiple incorrect authentication attempts. In order to unlock the card, a specific PIN or other authentication mechanism must be used. Setting the card to this state means that the card shall only allow selection of the application with the Final Application privilege
- TERMINATED: This is the final state of the Java Card, indicating that the card has been permanently disabled or destroyed. This state can be reached due to various reasons, such as expiration of the card, physical damage, or deliberate destruction.
The Java Card life cycle is an important concept in smart card technology, as it helps ensure that the card is secure and functioning properly throughout its usage. The card reader and the application on the card typically monitor the life cycle of the Java Card to ensure that it is being used appropriately and securely.
The card Life Cycle States OP_READY and INITIALIZED are intended for use during the Pre-Issuance phases of the card’s life.
The states SECURED, CARD_LOCKED, and TERMINATED are intended for use during the Post-Issuance phase of the card although it is possible to terminate the card at any point during its life.
Command | OP_READY | INITIALIZED | SECURED | CARD LOCKED | TERMINATED | ||||||
AM SD | DM SD | SD | AM SD | DM SD | SD | AM SD | DM SD | SD | SD | SD | |
DELETE Executable Load File | |||||||||||
DELETE Executable Load File and related Application(s) | |||||||||||
DELETE Application | X | X | X | ||||||||
DELETE Key | |||||||||||
GET DATA | X | X | X | X | X | X | X | X | X | X | X |
GET STATUS | X | X | X | X | |||||||
INSTALL [for load] | |||||||||||
INSTALL [for install] | |||||||||||
INSTALL [for load, install and | |||||||||||
make selectable] | |||||||||||
INSTALL [for install and make selectable] | X | X | X | X | X | X | |||||
INSTALL [for make selectable] | |||||||||||
INSTALL [for extradition] | |||||||||||
INSTALL [for registry update] | |||||||||||
INSTALL [for personalization] | |||||||||||
LOAD | |||||||||||
PUT KEY | X | X | X | ||||||||
SELECT | X | X | X | X | X | X | X | X | X | ||
SET STATUS | X | X | X | X | |||||||
STORE DATA | X | X | X |
AM SD: Security Domain with Authorized Management privilege
DM SD: Security Domain with Delegated Management privilege
SD: Other Security Domain
X: Support required
Blank cell: Support optional or prohibited
NOTE: If an SD does have the Final Application privilege, it may be selected and process the SELECT command in the CARD_LOCKED life cycle state. Otherwise, it may not be selected; however, it may be able to process commands received and internally forwarded to it through a trusted framework.
Related Products
Related Articles
SECORA™ ID S: highest security and flexibility for region-specific electronic ID cards and eGovernment solutions
Munich, Germany – 17 June 2020 – With SECORA™ ID, Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) offers an easy-to-integrate security platform for contactless digital ID documents. The first product variant, SECORA™ ID S, is a particularly flexible, Java
STMicroelectronics Unveils Secure Cellular-Connectivity Offering for Industrial IoT and Automotive Applications
Geneva, February 6, 2020 – STMicroelectronics (NYSE: STM), a global semiconductor leader serving customers across the spectrum of electronics applications, in collaboration with trusted partners, has created a complete ecosystem for securely connecting Industrial IoT (IIoT) and automotive systems to
GlobalPlatform Brings IoT Security to Nuremberg with SE IoT Technical Workshop
January 21, 2020 -- Able Device -- GlobalPlatform, the standard for secure digital services and devices, alongside prime sponsor Oracle and supporting sponsors STMicroelectronics and Able Device, is hosting a free technical workshop in Nuremberg on Thursday February 27, 2020. The full day
ePasslet Suite soon available on Infineon’s SECORA ID
Nov 14, 2019 -- ePasslet Suite v3 – cryptovision’s Java card framework for electronic ID documents – will be available in 2020 on SECORA™ ID, Infineon’s new Java card operating system. Using ePasslet Suite, users of SECORA™ ID can easily and flexibly
Infineon’s Secora™ ID accelerates eID project execution
Munich, Germany – 14 November 2019 – Electronic identification documents (eID) are high in demand worldwide. To address the evolving needs of the market in a fast and flexible manner, Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) has
STMicroelectronics has released the next generation of its STPay system-on-chip (SoC) payment solution
October 2019 -- STMicroelectronics has released the next generation of its STPay system-on-chip (SoC) payment solution, leveraging state-of-the-art technology to increase contactless performance and protection, reduce power demand, and significantly improve the user experience. A sample of "STPay-Topaz-1", the first