The Java Card Form is a collaboration of companies from the smart card, secure operating system, and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards and secure devices.
The Java Card Forum celebrates its 20th Anniversary
Back in 1997 a small group of smart card companies came together to provide recommendations for specifications to Sun Microsystems for the Java Card platform. The Java Card Forum was formed and together have worked on enhancing the specification to meet the needs of the smart security industry. And after 20 years, their work remains as relevant today as it did back in the 90s, now looking to support new markets such as IoT.
We will be celebrating the Anniversary with many different posts and activities throughout the year, so please come back to the site to join our celebrations.
Remaining relevant after 20 years; The Java Card Forum
By Volker Gerstenberger, President of the Java Card Forum
This year marks the 20th Anniversary of the Java Card Forum. At first glance one could look at the Java Card Forum as just another industry association but I think it is so much more. Of course, just like any industrial initiative, it was set up to lay down technical groundwork – but it was also there to promote Java Card technology as a whole concept and platform.
Already in the very early days, the commitment to co-operation was quite unique – with several companies coming together to lay down the technical requirements of the first Java Card specification and passing these specifications to a third party who took on the responsibility to drive, test and make ready for market use. This kind of technological breakthrough was based on successful international co-operative standardization, perhaps only surpassed by the success story of GSM and similarly, as GSM has evolved, so has Java Card technology. Both have a similar commitment to succeed with close co-operation
I wasn’t there in the early days, but I think that one of the highlights of Java Card technology was the initial establishment of the first joint specification – when the ‘baby was born’, so to speak. To my mind that must have been a very rewarding situation for the people involved in the standardization process or being active in driving this technology forward. The actual first shipment to a customer must also have been very exciting for the people behind JCF at the time. And then to witness Java Card technology soaring to new heights with respect to deployment – the ultimate proof of market acceptance.
All of this success was, in the early days, mainly driven out of the telecommunication sector. By far the most successful implementation of Java Card is on the SIM card where Java Card is now contributing to the majority of SIMs delivered since 2005. We are talking about numbers close to 20 Billion being shipped over the last 20 years. Payment and Identification implementations have also been realized from the very beginning, but in terms of volumes could not keep the pace of the telecommunication sector. In the past few years however, the Financial sector is growing rapidly in terms of Java Card deployments. Today we are seeing it expand into new areas, such as the developing area of the Internet of Things.
One of the biggest misconceptions about Java Card is to assume that the technology is only applicable to cards. Yes, it’s all in the name and therefore no one other than us marketing guys are to blame for this naming misconception! But who knew back in 1997 (when the Forum was formed) that we would one day have machines talking to each other – extensively. Even the science fiction movie ‘Terminator 3 – Rise of the Machines’ didn’t appear until 2003.
Java Card technology has always been a highly secure execution platform for innovative services: be it for SIM based services in the telecommunications area, be it for smart payment services in the banking and financial service area or for providing a secure home for identity use cases such as passports or identity and health documents. This still holds true for today’s scenarios. There are a variety of use-cases for the platform and not all of them are card based.
What is important to understand though, is how relevant Java Card technology remains today. With the advent of the age of the Internet of Things we are seeing more and more connected endpoint devices that need to be secured. We see additional new networks (such as Narrow-Band IoT, for example) that have be protected and we are seeing the emergence of a variety of completely new and unforeseen services that need to be enabled from both a user experience perspective and, more importantly, from a security perspective.
With these scenarios in mind I (and the other members of the Forum) believe the Java Card technology still has a lot to offer and we are committed to working together with our partner Oracle to ensure that the Java Card platform meets these challenges.
Without stealing all the thunder for our anniversary year, I can report that we are now working on the next version of the Java Card specification with the clear objective to address the main Internet of Things challenges. By this I mean being able to be integrated into new devices and adapting to new types of communication protocols and therefore become the new security powerhouse for IoT.
In preparation for the 20th Anniversary celebrations I was asked what my personal feelings in regard to 20 years of JCF were. It’s a tough one to answer, but I think that I would be honoured if 20 years from now I could tell my grandchildren that it was us who brought Java Card technology into the 21st Century.
I am convinced that Java Card technology still has an important role to play and there is an increasing necessity in it providing security for the coming Internet of Things. Having said that – here’s to another 20 years!
The Java Card Forum’s “Java Card Platform vs Native Cards” Whitepaper is now available for download.
“Java Card technology is widely used in high-end card markets, in which it helps increasing the value of cards through the deployment of value-added services. In these markets, issuers benefit from Java Card technology, and from the experience built over the past 15 years by vendors, in particular around quality and security. In low-end markets, on the opposite, such value-added services are not as common.
We show in this paper that Java Card can be present on such markets, simply by removing the ability to add applications after the issuance of the card. By doing that, issuers can keep most advantages of the Java Card platform, including in particular better time-to-market, as well as the ability to design a range of card platforms in their offers, ranging from a closed platform for mass deployment to a fully open platform for premium customers.”