Unfortunately, this strong adherence to ISO-7816 has resulted in a smartcard platform that internally is fully object oriented, but that for communication with the outside world relies on a very arcane and primitive protocol. This has seriously hampered the development of large distributed systems involving smart cards that require the object orientedness of the card to be externally visible and usable.
The JASON project aims to bring full object oriented programming to the smart card world, with special emphasis on keeping high security standards. In the JASON paradigm, an object stored on a JavaCard is viewed as a remote object, accessible through a remote method invocation mechanism. At a higher level of abstraction, a smart card application is seen as a large collection of interconnected objects. Some of these objects are stored in back offices, others in terminals or PC's and many more stored securely on millions of smart cards.
In the JASON platform we are developing, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using JASON's Secure Method Invocation (SMI) system. This SMI system extends standard Remote Method Invocation (RMI) with access control, also securing the data in transit between caller and callee. Using an extension of Java interfaces, programmers can specify access conditions and invocation protection requirements for methods implemented by smart card objects. The SMI tools generate the necessary stubs and skeletons, and the JASON middleware layer ensures the security requirements will be met.
For more information see the source code and documentation of a beta-version of the JASON secure method invocation platform or read the CARDIS paper describing the JASON SMI concept in greater detail.
