Java Card OpenPlatform

Java Card OpenPlatform is a smart card operating system for the Java Card platform developed by IBM Zürich Research Laboratory.
On 31 January 2006 the development and support responsibilities transferred to the IBM Smart Card Technology team in Böblingen, Germany.
Since July 2007 support and development activities for the JCOP operating system on NXP / Philips silicon are serviced by NXP Semiconductors.
The title originates from the standards it complies with:

Java Card specifications
GlobalPlatform specifications

A Java Card JCOP has a Java Card Virtual Machine which allows it to run applications written in Java programming language.

WWW Official Site

History

First JC/OP Masks

Mask 0 : 1998

First prototype on Atmel 8-bit uC – Flash memory, slow

Mask 1 : 1998

Siemens/Infineon SLE66 IC – Public key cryptography

Mask 2 and 3 : 1999

Gemplus International licensed JC/OP
Base mask for GemXpresso product line
Public key generation
Visa OpenPlatform

Mask 4 : 1999

Contactless JC/OP on Philips Mifare Pro chip
256 bytes RAM, 20 KB ROM and 8 KB EEPROM
Dual interface

JCOP01 and Cooperation with Philips

Mask 5 : 2000

Philips P8WE smartcard microcontroller
‘JCOP01’ is the foundation for all later versions
JCOP licensed by IBM
JCOP Tools for development

Visa breakthrough program

To counter MasterCard’s MULTOS
Cooperation between IBM, Visa and Philips
JCOP v1 owned by Visa

JCOP v2

Owned by IBM, sold by Philips
Philips SmartMX controller

JCOP v2.2

GlobalPlatform 2.1.1
Java Card 2.2.1
Elliptic Curve Cryptography F2M support
JCOP Tools Eclipse based

JCOP Transfer

JCOP v2.2.1 – JCOP v2.3.1

Owned by IBM, sold by Philips/NXP
Development transferred to IBM in Böblingen, Germany
USB interface

JCOP v2.3.2

JCOP technology owned by IBM
Policy change at IBM
Source code license acquired by NXP Semiconductors
To serve customer requests and projects

JCOP by NXP

JCOP v2.4

first NXP developed JCOP version
ECC GF support
Java Card 2.2.2

JCOP v2.4.1

ECC primitive calculation support
Common Criteria 5+ certification
EMV, Visa and MasterCard approved
NFC integration into PN65N combo chip: NFC and Secure Element

JCOP v2.4.2

additional algorithms to support eGovernment use cases, i.e. AES CMAC
CC 5+
NFC integration into PN65O

JCOP 3

mobile

Smartcard controller SmartMX2, P61, flash based persistent memory
JCOP 3.0

NFC integration into PN65T
Java Card 3.0.1 classic edition
GlobalPlatform 2.2.1
EMV platform certification

JCOP 3.1

NFC integration into PN66T

card

SMX2, P60, EEPROM based persistent memory
JCOP 3.x

Technical Overview

JCOP is an operating system for a security sensitive embedded system environment, smartcard or secure element controllers in particular. The functional architecture can be partitioned into three parts:

Java Card, for development of applications, i.e. API and structure of card applets similar to class files
GlobalPlatform, for administration of applications and operating system, i.e. loading and access control
JCOP proprietary features, mainly Java Card API extensions, i.e. ECC primitive calculation or MIFARE DESFIRE management

NXP offers also MIFARE emulations for Classic and DESFIRE on the same chip as additional operating systems. While JCOP is based on open standards, MIFARE technology is NXP specific. Java Card applets running in JCOP can then be used to manage the MIFARE memory through Java Card API. MIFARE Plus and MIFARE Ultralight are not supported.

GlobalPlatform

GP is a high-level standard with many options. As of JCOP 3, support for GP 2.2.1 was added, in particular to support mobile use cases JCOP 3 is fully Secure Element configuration compliant.
GP 2.2.1 card specification, core

issuer centric or simple model
delegated management
authorized management
verification authority
Data Authentication Pattern
Secure Channel Protocol 02, pseudo random, C-MAC, C-ENC, R-MAC, R-ENC
all the privileges are supported

Amendment A - Confidential Card Content Management

see implementation details in UICC configuration and Amendment E

Amendment C - Contactless Services

every protocol but FeliCa is supported
additionally MIFARE Classic and DESFIRE is supported
HCI notifications are supported

Amendment D - Secure Channel Protocol 03

only AES-128
all options are supported

Amendment E - Security Upgrade

SHA-256 and EC-256
C3M scenario #3

UICC configuration

scenarios #1, #2A and #2B
SCP 80 and 81 is not supported

Secure Element configuration

JCOP 3 is fully compliant

Java Card

From the optional packages JCOP 3 does not support the javacardx.framework. From the crypto and signature classes, some algorithms are not supported, i.e. MD5 and EC F2M. The key lengths supported are AES-128, DES, 2DES3, 3DES3, EC up to 521 bit, RSA up to 2048 bit.

Communication Protocols

JCOP 3 supports ISO-7816, ISO-14443 type A and B and SWP/HCI. USB low speed was supported only on JCOP v2.3.1.

Extensions

JCOP 3 supports various extensions, i.e. MIFARE DESFIRE management support for MIFARE4Mobile. It is important to know that usage of extensions used in applets makes this applications not portable to other Java Card and GlobalPlatform compliant operating systems.

JCOP Tools

JCOP Tools were initially developed by IBM. The first module was a command line tool called JCOP Shell or JCShell. The development tools is a plugin to Eclipse IDE. NXP has maintained JCOP Tools and extended it with a CryptoPlugin and new JCOP simulations. The tools are offered for Windows, macOS and Linux platforms.

JCShell

JCShell is a Java program, command line tool which also supports scripting. The JCShell scripting language is sophisticated to create test and verification scripts. JCShell has a plugin structure where existing base plugin which supports the most basic on-card APDU commands such as raw send is extended with GlobalPlatform and crypto functionality. All the plugins are extendable by own functionality. There is a standalone JCShell version without the need to install Eclipse and an Eclipse-based version embedded in form of a View in the Debug perspective of JCOP Tools plugin.11