Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


ENISA Lead Certification Expert reflects on JCF longevity & future of Java Card

In the fourth interview of the 25th Anniversary series, Eric Vétillard, Lead Certification Expert at ENISA explains ENISA’s certification mandate and discuses how Java Card certification schemes are related to the ENISA scope. He also reflects on his time as the JCF Technical Committee (TC) Chairman and how it has shaped his career path since.

It’s been a while since you were the Technical Committee Chairman of the Java Card Forum. What have you been working on since then?

The last time I joined the Java Card Forum was when I was with Oracle; I was Product Manager for Java Card. I’ve had a few jobs since, that included a stint at NXP, where I stayed in touch with the JCF through present members like Christian Kirchstaetter [current Technical Committee chairman] and Alexandre Frey, but my focus was actually more on IoT processors and certification.

In 2019, I joined ENISA, the EU Cyber Security Agency, as a Certification Expert, so here I’ve been continuing the work I was actually doing at NXP – working on Cyber Security certification, but focusing more on a scheme on cloud services. So, this is not very close to Java Card, but thanks to my experience with Java Card and more generally with Secure Elements, I’ve also been involved in other schemes that we’re developing in ENISA on Common Criteria and also on 5G, where we’re also on the Embedded UICC. We’re working as a team, so it’s very nice to have this experience and it definitely helps.

What is ENISA doing with certification?

In 2019, the Cyber Security Act made ENISA a permanent agency in the EU and, maybe most importantly, assigned new tasks to the agency. One of these tasks is to design European Cyber Security certification schemes. Our role here is to prepare the schemes, in collaboration both with the industry and with the Member States. When we’re done with that, we’ll actually give these schemes to the Commission, who will derive an implementing Act and they become part of the EU law. 

The first scheme that ENISA worked with is called EUCC – it’s a European scheme for Common Criteria. This one should be quite important for the Java Card community, as most Java Card products are certified with Common Criteria. This scheme will of course be used by at least European chip and card developers, hopefully starting next year with the first certification activities. ENISA will also continue in helping and guiding through the deployment of this scheme and other schemes that we are working on.  

How are Java Card certification schemes related to the ENISA scope?

Java Card is not something that we explicitly talk about, but it often is in the background. For instance, many of the Java Card licencees are represented in our working groups on Common Criteria and 5G, and every time we consider examples of certified products, Java Card platforms are somehow cited. They are such an important component of the supply chain in smart cards’ Secure Elements. I’m also quite confident that some Java Card products will be among the first to be certified with both the EUCC and the EU5G – maybe we’ll be lucky enough to have a Java Card product being the first one to actually be certified.

Of course, with my work on cloud services, we are much further from Java Card and smart cards in general, but it’s interesting to see that there’s always some kind of a surprise reference that comes up every time we talk about access control or authentication. We rely on products, and these products rely on Java Card technology, so the link is indirect, but it’s always there, because the technology is so present everywhere. 

Do you miss the Java Card Forum?

Well, yes I do! I’m not missing the interactions, because my work includes many interactions with the industry, with governments…But the cloud community is very large – discussions have a tendency to grow political at some points. So, what I really miss here is also the lower profile of the Java Card Forum, where you have a limited number of members; most of them are not even known to the general public and what we’re working on still remains in the background, yet we’re collaborating on the design of a product that just about everyone on the planet is using. It’s like we have the impact, but with maybe less visibility. And when you’re actually working on defining the next version of a specification, it’s easier when you work like this – a little bit hidden, especially for the technical people. For the business people this is not always seen as positive!

I’m sometimes missing the excitement of the Java Card Forum’s early days, back in the 1990s, where we were designing the first versions and all our companies were still wondering whether this would work or not. Well, 25 years later and there are a number of Billions of cards being sold every year with Java Card – I guess that now they know the answer to that question and I am very happy to see that the Java Card Forum is still here and that the technology still remains dominant. There hasn’t been another technology coming along and replacing it, and it doesn’t look like this will happen in the near future. I think the Java Card Forum is definitely a nice adventure! 

View the interview in video format here


ENISA Lead Certification Expert reflects on JCF longevity & future of Java Card

In the fourth interview of the 25th Anniversary series, Eric Vétillard, Lead Certification Expert at ENISA explains ENISA’s certification mandate and discuses how Java Card certification schemes are related to the ENISA scope. He also reflects on his time as the JCF Technical Committee (TC) Chairman and how it has shaped his career path since.


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

As part of the Java Card Forum’s 25 year Anniversary celebrations, we have been talking to leading standards organisations to highlight the importance of industry collaboration over the years.
In this interview, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance (TCA) explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.

What is the role of Java Card in Telecoms and how has it evolved over the last 25 years?

Java Card is a key pillar of the Telecoms industry; it’s a key technology for our Secure Element ecosystem. And why is it like this? Because it’s providing the capabilities our ecosystem actually needs.

First of all, it’s providing flexibility, but of course it also provides one of the main features and capabilities, which is interoperability. And due to this, many of the demands that the ecosystem has, can be answered.

The other aspect of evolution, is of course in regards to its market share – you may know that the TCA, formerly the SIMalliance, is tracking its Members’ market data and we started doing this almost 20 years ago (not quite 25 years!). We already started tracking the market share of Java Card in 2004 and back then, I think it’s not a secret if I disclose that we had a market share which was significant, but not yet reaching the level of native operating systems – we had something like 40%. Since then, the market share of Java Card and its adoption in the field steadily grew year on year and we see that this is going to grow even further in the future. So, with new exciting technologies, such as the eSIM, we see that, as far as I am aware, all the eSIMs that are commercially deployed out there in the field are all based on Java Card technology.

It has evolved significantly, because it’s adapting its requirements and capabilities to the needs of our ecosystems very well.

How have the TCA and JCF collaborated?

This started many years ago. The way that the TCA organises its work is by establishing Working Groups. And one of the first working groups that the TCA established was dealing with interoperability – a Working Group that is still alive today. Java Card was a brand new technology in the early days and even though it was claiming to be interoperable from the beginning, different vendors actually interpreted the specification slightly differently and also some of the capabilities and features requested by the customers of those same vendors, were not yet available in the Java Card specification, so proprietary extensions were implemented and that’s what was always causing problems when it comes to the interoperability. As we have key members of the TCA who are also key members of the JCF, we established some sort of “exchange”, so that findings of the TCA were then reported back into the JCF and could be brought into the specifications of Java Card, thus enhancing interoperability and also enhancing the feature set.

What benefits did this collaboration bring?

It improved interoperability – it brought benefits in particular to the whole SIM ecosystem I would say.
Maybe for the network operators it brought the benefit that they had one type of application, so it brought interoperability on the applet level in particular. The idea was to develop an applet once and to run it on all the different platforms of the various SIM vendors and that improved the network operators’ time to market, introducing new services on different SIM vendors’ platforms, because they just had to take the existing applet and put it onto the new SIM and deploy.

For the SIM vendors themselves, it also reduced their efforts, because they just had to develop their application once, and to run it, or even licence it to other SIM vendors, thus also creating additional revenue potential. So, it brought many benefits, in particular, increasing the interoperability of technical implementations.

How does the TCA see Java Card changing in line with the evolving IoT landscape?

The Internet of Things is actually very fragmented, so everyone is understanding something different by this term. You have a wide area of use cases and a wide area of different types of devices. But what they have in common, is that most of those devices need to be connected – so they have a need for connectivity again. And we think that this connectivity should be trusted. In the IoT you don’t currently have security experts, certainly not in the early days at least; they think – let’s connect a device and talk about security later. We think we have to make sure this is done at the very beginning. The technology that we are offering, with SIM technology, eSIM technology and also integrated SIM technology, provides a foundation for first of all enabling trusted connectivity, and of course also for putting additional applications on top of those platforms, that are increasing the security level of the IoT in general. So we think that with Java Card, we can inherit the benefits we have from the traditional SIM and take it and transfer it over into the IoT. And just to add on top of that, of course we also think that eSIM technology, which is based on Java Card these days, is also enabling the IoT to be trusted and more secure. There is also a lot that Java Card can bring with regards to Low Power, to Memory Sizes and so on…there are many features that Java Card is implementing already, that we can leverage off very well, so I think the future is bright for Java Card in IoT and I am very much looking forward to the continued collaboration between the 2 associations on this topic as well.

You can see this interview in video format here.


Java Card Forum celebrates its collaboration with ISO/IEC/JTC1/SC17

As the Java Card Forum celebrates its 25th Anniversary, it acknowledges the collaboration with ISO/IEC/JTC1/SC17 and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance. Moreover, Java Card offered a strong, secure environment for applications, and was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a Billion smart cards per year. Now the number has risen to over 6 Billion per year.

The Java Card Forum and ISO/IEC/JTC1/SC17

SC17 is the committee in ISO/IEC/JTC1 that deals with identification and its related documents (e.g. electronic passports), cards, security devices and tokens, and also standardizes the interfaces associated with their use in inter-industry applications and international interchange. The committee has published over 115 standards which build the base and the backbone for any secure application based on identification. The ISO/IEC 7816 series is, for example, the basis for any smartcard operating system.

Java Card and its specification follows the standards of SC17, that allows their usage in all inter-industry applications. The flexibility of the Java Card operating system allows manufacturers and customers to use one implementation of a compliant smartcard operating system with many independent applications – the implementation of applications is separated from the implementation of the operating system. With this approach, Java Card enhances SC17 standards without contradiction and becomes a major stakeholder for existing and future standards.

Future Opportunities

Some traditional applications, such as identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

SC17 and Java Card Forum have had a fruitful, long-lasting partnership and liaison and will continue to inform each other about new developments, features and requirements.

Article by Jean-Daniel Aussel, President of the Java Card Forum and Werner Ness, Business Committee, Java Card Forum


The Birth of JavaCard

By Tad Bogdan and Ted Goldstein, Ph.D.

They say that success has a thousand fathers and failure is an orphan

In the early 1990s, the smartcard industry had many hardware platforms each with their own unique operating environment. Like the computer industry decades before, each smartcard manufacturer created proprietary software tools. The manufacturers intended to optimize performance on their smartcard platforms, and to lock customers into their platforms. Customers such as MasterCard and Visa demanded an open, standardized platform from the industry before committing to a smartcard strategy. Many efforts began to answer this need, two of which were Mondex and Integrity Arts. David Everett of NatWest bank in England designed Mondex, a multi-application, multi-currency, secure, smartcard-based payment system. Meanwhile, Patrice Peyret at Gemplus formed a spinoff company called Integrity Arts that created a new programming language called TOSCA. But the tools for programming Mondex and TOSCA were not available to the public.

At the same time, the Sun Microsystems’ Java platform was trying to solve a similar problem of software applications that would work on any computer. Java implemented the ideal of Write Once, Run Anywhere (WORA) applications. Sun founder Bill Joy always proposed open portable platforms. The Java system enables binary programs to run unmodified across any computer platform using an object-oriented C-like language. The Java language uses a portable byte code that is dynamically compiled across any CPU architecture.
The Internet was just emerging as a potent technology and enabler of many new businesses. Smartcards seemed like a good way to bring physical security and identity to credit and debit cards, and government ID cards, and emerging mass-transportation systems. Before Java, smartcard developers had to program in low-level machine code, a tedious error-prone process. The Java system provided an easy-to-use, efficient, high-level language to create secure applications for commerce and the Internet. The trimmed Java system designed for smartcard applications was called JavaCard.

In 1995, seizing this opportunity, James Gosling and Ted Goldstein created JavaCard to expand Sun’s Java franchise and offer a subset of the Java language to develop secure payment applications. Java even works on the largest Cray supercomputers. Thus, having the great virtue that Java programs could then run from smartcards to supercomputers (SC-SC) —the most extensive range of computing capabilities possible. Smartcards were well established in Europe. But payment systems in the USA at the time used magnetic stripe technology and did not yet have a smartcard platform. Giant payment aggregators such as Visa and Mastercard did not want to commit to a single smartcard manufacturer. Peter Hill, Executive Vice President at Visa, recognized in JavaCard an opportunity to have a smartcard manufacturer-independent standard. Visa became the first large payment company to license JavaCard. Visa mandated JavaCard for all of Visa’s smartcard payment cards. Later, MasterCard acquired Mondex, and Peter Hill joined as their CTO, licensed JavaCard, and ported the Mondex payment platform to JavaCard.

The following fall, Ted Goldstein authored the first JavaCard 1.0 API as part of the Java Development Kit (JDK) 1.1 specification. He became Sun Microsystems’ Chief Java Commerce Officer and began presenting JavaCard publicly.

Concurrently, Tim Jurgensen and Scott Guthery of Schlumberger Inc. were developing a smartcard system based on Java. So they visited JavaSoft (a new division of Sun Microsystems) to ask whether they could license the Java name. JavaSoft had already begun working on JavaCard, so the Java team explained that the Java licensing model was not just a name and a logo. It also required that any Java product conform to interoperable manufacturer-independent standards and pass a
compliance software test suite. JavaSoft and Schlumberger decided to join forces. With Schlumberger’s endorsement, the idea of JavaCard prompted Sun to commence a licensing campaign to smartcard manufacturers and their customers.

Tad Bogdan rejoined Sun to head up the JavaCard Sales and Business Development initiative. He developed the business licensing model for JavaCard and proceeded to license JavaCard to over twenty smartcard companies, comprising 95% of the smartcard world market. Sun formally launched JavaCard at the Salon de Cartes in 1996, and the first royalty payment for JavaCard was received in June of 1997. The JavaCard forum began that same summer in Marseilles, France. Before the end of year, Sun Microsystems acquired Integrity Arts from Gemplus, giving Sun sufficient technical horsepower to support the smartcard technology and to create JavaSoft’s implementation of the JavaCard API.

There are now many billions of JavaCard products in the world. Payment and Financial Services were the original market driver, which quickly expanded to include Telecom, Set-top boxes, Government Identity, Corporate Identity, Portable Anonymous Stored-value, Transportation, Network Security, Medical, and other markets. An industry full of JavaCard Forum members, licensees, developers, and customers make JavaCard arguably the most ubiquitous operating platform in the world. Oracle acquired Sun Microsystems in 2010 and still licenses the JavaCard technology to new licensees every year!

Tad Bogdan is currently a consultant, speaker, and the author of “HOW TO MASTER THE UNIVERSE: A Guide for Mastering you Personal, Interpersonal, and Professional Lives” http://www.MasterTheUniverse.org.

Ted Goldstein, Ph.D. is a consulting CTO and investigator seeking new horizons in technology, artificial intelligence, and healthcare. Previously he was an Apple Vice President and a cancer researcher on the Faculty of Medicine at University of California at San Francisco. 

** The views expressed in this article are solely those of the authors listed and do not necessarily reflect the views of the Java Card Forum, its Members or Oracle. **


Java Card is platform of choice for first M2M eSIM certification under GSMA’s Security Assurance scheme

STMicroelectronics has the first machine to machine (M2M) eSIM certified by the GSMA’s Security Assurance scheme.

STMicroelectronics used SGS Brightside in Delft, the Netherlands, to test its ST4SIM-201v1.0.8, with the tests ratified by GSMA’s appointed Certification Body, TrustCB, also in the Netherlands.

The certification scheme by the GSM Association ensures that new eSIM products are resilient against a range of high-level attack threats and is designed to speed up the security certification process, overcome complexities, and reduce time to market for eSIM products.

The GSMA is currently seeking tenders for the provision of eSA Scheme Certification Body services.

M2M and IoT roll outs are moving to remotely configured eSIMs and integrated iSIM devices to simplify the roll out of hundreds of thousands of devices without having to individually provision separate SIM cards. However ensuring that the technology is rugged and secure is vital.

The ST4SIM-201S eSIM (above) is designed for all IoT devices and can remotely manage different MNO profiles while ensuring the appropriate security level.

The device is based on the ST33G1M2 with a tamper-resistant secure element certified by Common Criteria EAL5+, with a 32bit ARM SecurCore SC300 core. It supports a secure and interoperable Java Card environment compliant with Java Card v3.0.5 classic and integrates a dynamic memory management with Java Card garbage collection mechanism optimizing the usage of the memory.

The GSMA certification scheme requires manufacturers to prove a benchmark level of security resilience across product processes. It does this by combining high-security quality with a pragmatic evaluation implementation approach adapted for the mobile market. The processes are in line with industry and ISO requirements and reflect the highest Common Criteria security standards recognised in Europe.

“The GSMA is committed to promoting security across the entire mobile ecosystem to ensure the benefits of mobile connectivity can be enjoyed safely by all. In addition to guaranteeing the highest security – eSA ensures that eSIM products have the same level of security resilience required for chips embedded in passports – we are delighted that our processes enable faster time to market for manufacturers,” said the GSMA’s Chief Technology Officer, Alex Sinclair.

“This is a critical milestone for STMicroelectronics, and we thank the GSMA for maintaining the highest security levels for the product and their efforts to support reduced time-to-market with quick and efficient eSIM certification,” commented Laurent Degauque, Marketing Director at STMicroelectronics.

“SGS Brightsight is pleased to implement the GSMA assurance framework to maintain high security quality using a pragmatic and efficient evaluation approach. The programme ensures we focus on the topics that are fundamental to promoting a ‘security-first’ culture across the entire telecommunication and network industry,” said Adjay Gopie, Director Business Development at SGS Brightsight.

“TrustCB is delighted to issue this first eSA certification. From the very start, the eSA scheme has proved its ability to provide a high-assurance certification in a predictably short timeframe alongside experienced labs. Congratulations to ST for their certified ST4SIM-201v1.0.8 and thanks to SGS Brightsight,” said Wouter Siegers, CEO at TrustCB.

Press Release from eeNews Europe (20/7/22)


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

In the third interview of the 25th Anniversary series, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.