Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Why STMicroelectronics and G+D Mobile Security have chosen Java Card technology for their In-Vehicle system-on-chip solution for Secure Car Access

STMicroelectronics has announced a new platform to accelerate the introduction of digital car keys giving consumers keyless access to vehicles via their mobile device.

In addition to strengthening security, digital car keys can deliver greater owner conveniences, including customizable usage privileges while continuing to secure the vehicle. Activities such as car sharing, fleet management, and vehicle rental gain benefits such as easier key issuance, usage controls, and access for valeting and servicing.

Based on the most recent ST Automotive grade Secure Element hardware, the global solution, developed in collaboration with Giesecke+Devrient (G+D), supports the latest Car Connectivity Consortium (CCC) Digital Key release 3.0 standard, ensuring the highest security and protection currently available.

Leading automotive brands can now quickly build standards-based, secure car-access solutions that deliver added value for vehicle owners and users,” said Laurent Degauque, Marketing Director, Secure Microcontrollers, STMicroelectronics. “Our solution based on automotive Grade embedded secure element ensures state-of-the-art protection to lead widespread market adoption of digital keys for connected cars.”

“As a long-standing partner in security and connectivity for the automotive sector, G+D contributes a wealth of experience in the field of access control for cars”, says Mario Feuerer, Global Vice President Product Management Connectivity at G+D.“Our G+D Digital Key® application, based on the new ST chip platform, is highly resistant to attacks and features smart and convenient customer access solutions based on NFC, Ultra-Wide-Band and BLE.”

ST’s STSAFE-VJ100-CCC in-vehicle system-on-chip solution is based on CC EAL6+ certified, automotive-grade 2 ST33K-A secure IC, integrating Java Card applications. The SoC stores credentials and other sensitive information, and performs cryptographic operations required to implement CCC Digital Key Release 3 use cases like owner pairing, key sharing, key termination/deletion. This provides a robust foundation for customers to build their digital car-key solutions.

More about ST’s digital car access systems can be found here.

More about G+D’s digital car key solutions can be found here.

JCF Technical Committee Members discuss the challenges that Java Card technology will address in the coming years

In the second interview of the 25th Anniversary series, 3 members of the Java Card Technical Committee: Christian Kirchstaetter (Technical Committee Chairman), Luca Di Cosmo and Alexandre Frey (past winners of the annual Bertrand Award) discuss how the Java Card specification is changing in response to new markets and the impact this will have for developers.

The last 25 years have led to quite some changes to the specification. What will the work of the technical committee look like over the next 10 years. Or differently asked, what will the specification look like after 10 years?
Java Card will still be the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, Global Platform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal.
In the past we learnt that we needed to look into the market requirements and translate this into the evolution of the specification. We see that the coming years will be challenging due to the increased complexity of our ecosystems. We need to add more flexibility in the provided mechanisms of Java Card, while maintaining the backward compatibility and security.

What challenges is the Java Card Forum facing in new markets?
Traditionally, smart card products have always been associated with the card form factor but, more recently, secure elements soldered on PCBs and integrated secure elements came into play, introducing new technical issues to solve, as well as new kinds of security concerns. As Java Card Forum technical experts, we have wide experience with security evaluation methodologies (Common Criteria, EMVco, etc.) and we collaborate with Oracle in maintaining the Java Card Protection Profile to ease evaluations of Java Card products – but new markets will bring new challenges as well. For instance, the Automotive market defines its own cybersecurity assessment methodology (ISO 21434): fostering integration of Java Card secure elements in the automotive market means looking at the best ways to harmonize smart card security with automotive cybersecurity concerns, including the production of supporting documents.

What are the biggest advantages of using the Java Card Platform?
* Java Card provides a perfect separation between the actual application domain knowledge and the required know-how to securely and efficiently use hardware platforms.

* Application developers can utilize a subset of the Java language and a standardized Java Card API to implement their applications.

* In the past, the number of different use cases has increased due to new markets and requirements. Java Card allows adoption to new environments much faster than specialized native solutions can.

* The biggest advantages compared to native solutions are when it comes to scenarios where different applications need to be served by one product. This also holds true when it comes to the certification of the individual applications.

When you look at the evolution of the Java Card specification over the next few years, will it be necessary to update application code to comply with latest Java Card specs?
No, this not be required. Being a specification designed with backward compatibility in mind, applications not using the latest features will run unchanged on the newest Java Card platforms, thus allowing seamless integration of existing applications with state-of-the-art Java Card platforms. We have seen in the past how important it is to keep backward compatibility. Platform users take legacy applets and install them unchanged on new platforms, together with other applets, creating new product variants. Differently said, an update of the Java Card specification with the exchange of the platform does not cause problems for legacy applets. New applets can benefit from the new features.

What do you find technically interesting about Java Card?
Java Card is the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, GlobalPlatform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal. We like to work on the challenge to utilize the Java language in very small deeply-embedded devices with only kilobytes of memory. It is amazing to see how all impacting factors finally lead to a sound picture in the form of a specification.
It is exciting to work on a specification that leads to broadly spread products in various markets. We talk about billions of devices and the most used operating system on this planet.
We are excited to participate in the success story of a specification that is only 25 years old and will continue to evolve to open up new markets. Java Card is not only a standard; from a technical point of view it is also a very complex platform providing a high amount of functionality used by applets.

You can view the actual interview below:

JCF President shares his insights into the success of Java Card over the last 25 years & plans for the future

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Why do you think Java Card has been so successful?

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance.  Moreover, Java Card offered a strong, secure environment for applications, and Java Card was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a billion smart cards per year. 

There are several major benefits of Java Card:

  • Application interoperability, with one single solution in terms of coding, testing, certification and executing on different vendor platforms 
  • Hardware independence, with the ability to support any type of secure element, such as removable smart cards, embedded secure elements or integrated, so that vendors can reuse the sample Java Card platform for different markets and products 
  • Market segment independence, as the same Java Card platform can be deployed to host payment, identity, telecommunications or IoT applications
  • Perfect fit for secure element requirements, in terms of security, footprint, or performance
    • Recognition and very close alignment with the technology evolution and standardisation in various major standard organisations referencing Java Card
    • A high degree of backward compatibility of the specifications – continuity of product portfolios

How was the Java Card Forum instrumental for the success of Java Card?

Early on, the pioneers of Java Card realised that this technology was a major shift that required standardisation to ensure interoperability. They decided to join efforts within a newly created Java Card Forum and provide recommendations to the owner of the Java language – at that time Sun – for the maintenance and evolution of the Java Card technology. 

The Java Card Forum is the key place and indispensable environment where Java Card technology is defined and developed, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology). 

The Java Card Forum is an open Forum where recommendations are discussed to influence the future features of Java Card and shape the evolution of Java Card, making it the major platform for smart cards.

What is the outlook of Java Card from a Java Card Forum perspective?  

We see some evolution on two major levels, due to the increasing demand for security solutions. 

Some traditional applications, such as the SIM cards, payment cards or identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

Moreover, we see new applications that can benefit from Java Card’s unique features, for example, Internet-of-Things devices or gateways, which are bound to rise exponentially with 5G and massive IoT. Here again, efficient power management, communication with external sensors, as well as lightweight cryptographic or communication protocols with the cloud, is key.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

If companies are interested in joining the Java Card Forum, how would they go about it?

The Java Card Forum is an open Forum and there is only one condition – that you have to be an Oracle licencee. Then you can apply for membership and help shape the future of Java Card. We look forward to welcoming you. [Find out more about membership here.]

You can see this interview in video format below:

Java Card Forum celebrates its 25th Anniversary and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

In the interview below, Jean-Daniel Aussel, President of the Java Card Forum, explains how far the technology has come over the last 25 years and what new challenges the Forum faces with emerging markets such as 5G and IoT.

Why Infineon have Java Card technology at the heart of their SECORA™ ID solution

Java Card accelerates regional ID Integration – whatever the requirements

SECORA™ ID is a new member of Infineon’s SECORA™ family based on SECORA™ Pay. It supports, in addition to SECORA™ Pay, all the features necessary to serve typical ID use cases. Typical ID applications are standardized to a high extent.

Identification is mostly based on the ICAO 9303, which defines the MRTD (machine readable travel document). This standard, primarily developed for electronic passports (ePP), is also used for National electronic ID (NeID) cards and a variation for the electronic Driving License (eDL). Authentication needed for applications such as NeID or electronic health cards is predominately based on ISO and CEN (European Committee for Standardization) standards, as well as newer standards such as FIDO.

However, every country has its own system and solution based on national requirements and applications. It is these scenarios that demonstrate the benefits from developing with Java Card technology. Java Card based technology provides a high flexibility to support various use cases and interfaces. The open platform allows the user to implement their own applet through the use of sophisticated tools from Infineon. Additionally, the customer can use a ready-to-go solution, comprising of applets for eGovernment applications.

Performance and security are key for governmental applications. SECORA™ ID is secured by a security controller based on high-speed 100MHz CPU technology, equipped with state-of- the-art security features. Both the hardware and SECORA™ ID are certified on highest security levels CC EAL 6+ and EMVCo based on the Java Card protection profile.

Find out more:

Luca Di Cosmo is announced as the third Annual “Bertrand” Award Winner during Java Card Forum’s Autumn Plenary

Luca Di Cosmo is recognised by his peers for his exceptional contribution to Forum’s work

To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF who sadly passed away in February 2019), the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF was keen to showcase the “Bertrand” as a visible recognition of the continued drive and dedication still shown by its Members, more than 24 years since its inception.

Each year the Business and Technical Committee Chairs nominate up to four Members who have made a significant contribution to the Forum and voting is then open to each individual JCF participant. This year’s nominees were Luca Di Cosmo (Technical Committee) from ST, Alexandre Frey (Technical Com-mittee) from NXP, Werner Ness (Business Committee) from G+D and Michele Scarlatella (Business Committee) from ST – all strong candidates for the Award. Although the Autumn Plenary was held virtually, Members were present online to congratulate Luca Di Cosmo on his win and Ettore Toscano, ST’s Business Committee representative, presented Luca with the Award in person.

Luca Di Cosmo (right) receiving the Award from Ettore Toscano (left)

“Luca is a well-deserved winner,” said Jean-Daniel Aussel, President of the JCF. “Luca is a long-standing contributor to the Java Card Forum’s Technical Committee, demonstrating extensive industry experience and specification knowledge. Thanks to his background, dedication, and common-sense approach to feasibility, the discussions within the Technical Committee are both lively and fruitful. We are delighted to finally have the opportunity to thank him more formally for all of his hard work and dedication.”

“I’m surprised and delighted to win this Award,” declared Luca Di Cosmo. “I’ve been part of the JCF for over 15 years, which has helped to strengthen my knowledge and expertise in the field of Java Card technology and has allowed me to actively contribute to the evolution of the specification. It’s wonderful to know that the effort I’ve put into the JCF has been recognised in this way and I feel honoured that JCF colleagues have voted for me.”