Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


PRESIDENT’S PERSPECTIVE 2020

JCF addresses key security challenges at its virtual Plenary meeting

The JCF held its 2nd Annual Plenary Meeting from October 13th to 15th, 2020. This was the opportunity to reflect on the Java Card 3.1 specification released a little less than two years ago and prepare for the new challenges ahead.

As Java Card is more and more deployed for the security of IoT devices, key features have been discussed for this market, such as the improved control of sensors or actuators, more efficient protocols and transports, as well as improved power management features for the power constrained IoT devices. The requirements imposed by the trend for some markets of moving the platform from a dedicated secure element to the system-on-chip, also known as the integrated secure element, were discussed.

The impact of post-quantum cryptography was addressed, in anticipation of the upcoming standards and regulations around the world. Several regional initiatives are progressing fast, such as the NIST PQC standard contest entering the third selection round with a handful of candidates, or the German BSI recently issued recommendations. As Java Card is deployed on billions of secure devices and this trend is most likely to continue, the support of post-quantum cryptography is a key requirement.

Finally, the support of TLS 1.3 was debated, as this new release is gaining fast adoption and the TLS protocol is at the center of end-to-end security in numerous use cases, especially IoT.

The virtual meeting was also the opportunity to reflect on past achievements and recognising outstanding contributors. This year, this is with great pleasure that I have seen the Bertrand Award awarded to Volker Gerstenberger, our past President who contributed to a large extent to so many aspects of the Java Card Forum for the past 20 years.

Once again, the Java Card Forum has proven to be an amazing place to drive the evolution of the Java Card technology: to meet future challenges to remain this open, trusted and interoperable security platform that is Java Card.

Yours truly,
Jean-Daniel Aussel
President of the Java Card Forum


How Thales uses Java Card technology to secure IoT end-to-end communication

While device growth brings transformative effects to several industries and to people’s daily lives, it also induces an additional level of system complexity to the infrastructure that will handle device data.

In parallel, there is a strong imperative to be able to trust the data that gets acquired and acted on by IoT solutions. The effects of corrupted devices or data on systems that make instant, analytics-based decisions can have a severe cost. As a result, there is an increasing need for solutions that secure the source of data at the edge, creating end-to-end security up to the cloud and beyond to connected devices.

Recognising this need for scalable security, the GSMA (Global System for Mobile Communications) has recently published a specification to establish end-to-end, chip-to-cloud security for IoT products and services called IoT Safe (IoT SIM Applet For Secure End-End Communication), that establishes the SIM or eSIM as the hardware root of trust.

A secure element running Java Card can play a critical role to ensure trust between the cloud and connected device. It can be leveraged by the device to delegate the provisioning of device identity and to manage the initial on-boarding process. It can further secure the cloud authentication and authorisation process and store the related credentials securely.

Thales (one of the Java Card Forum Members) has implemented the GSMA IoT SAFE specifications, leveraging on field proven and standardized SIM and eSIM security solutions to deliver scalable IoT Security. Find out how they use:
Secure Elements to deliver scalable trust for IoT applications (Infographic)
Secure Elements to address the three key IoT security requirements
Secure Elements to enable mutual authentication between IoT devices and the cloud


What’s Hot?

The work of the Java Card Forum is never complete – even before the latest Version of the Java Card platform has been published, JCF Members are already compiling recommendations for the next Release.

Below are some of the areas that the JCF is currently working on:

  • Keeping Java Card Specifications up-to-date to reflect technology evolution by staying in synch with relevant standardization organisations, e.g. GSMA, ETSI, 3GPP, GlobalPlatform, etc.
  • Considering industry requirements based on feedback from the field/product deployments
  • Optimizing footprint and execution speed of the Java Card Runtime for traditional markets (Payment, ID, Telco , etc.)
  • Designing new APIs for emerging markets in need of security, e.g. IoT, enabling up-to-date security functionality in Tools and Runtime
  • Studies/analysis and white papers with regard to emerging technologies

If you feel that your company could contribute to the work of the JCF, contact us to find out how to join the Forum (please note: membership is ONLY open to companies/organisations and not individuals – check out our joining criteria).


PRESIDENT’S PERSPECTIVE

JCF continues to drive IoT Security at its Plenary meeting in Bucharest

The JCF held its 2nd Annual Plenary Meeting in Bucharest from October 15th -17th hosted by Oracle. As already established with the latest JC 3.1 specification released in January, IoT security was still very much center stage, with connected device volumes projected to increase exponentially. And all of these new to-be-connected device classes are expected to have new requirements on the security platform, depending on their use cases and area of deployment. Sensors, actuators and controllers will be deployed in so many heterogeneous usage fields, with completely different resource, connectivity and risk contexts: V2X and autonomous driving, smart grid and power management or complete campus networks for the factory of the future – just to name a few. All of those require different communication interfaces, different form factors, different power management and different security capabilities.

It is really exciting to drive the evolution of Java Card technology to become the open, trusted and interoperable state-of-the-art security platform for the IoT.

Yours truly,
Volker Gerstenberger
President of the Java Card Forum

Volker_G h&s


JAVA CARD FORUM SELECTS FIRST ANNUAL “BERTRAND” AWARD WINNER

Alexandre Frey is recognised by his peers
for exceptional contribution to Forum’s work

alexandre + volkerPicture: Alexandre Frey (left) receiving his “Bertrand” Award from Volker Gerstenberger (right), President of the JCF

Bucharest, 16th October 2019 – To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF), who sadly passed away in February 2019, the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF was keen to showcase the “Bertrand” as a visible recognition of the continued drive and dedication still shown by its Members, over 20 years since its inception.

Each year the Business and Technical Committee Chairs nominate a maximum of 4 Members who have made a significant contribution to Java Card technology and voting is then open to each individual JCF participant. Nominees must demonstrate one or more of the following attributes:

  • A major contribution to the current Java Card specification
    (e.g. use case proposal(s), solution(s) for identified issue(s))
  • A significant contribution to future Java Card specifications
    (e.g. use case proposal(s), potential new feature(s), solution(s) for identified issue(s))
  • A major contribution to the advancement of the usage of Java Card technology, either within traditional or new markets

The Award is then presented at each Autumn Plenary meeting.

This year’s nominees were Jean-Daniel Aussel from Thales, Olivier Chamley from IDEMIA, Luca di Cosmo from ST and Alexandre Frey from NXP – all strong candidates for the Award. During an Award Ceremony at the Plenary meeting in Bucharest, Alexandre Frey was announced as the winner of the first ever “Bertrand”.

“Alexandre was a well-deserved winner,” said Volker Gerstenberger, President of the JCF, who presented the Award. “Members were clearly impressed by the leadership qualities he demonstrated during the finalisation of the Java Card 3.1 specification recommendations and he embodies the spirit of involvement within the Forum that this Award was intended to recognise.”

“I’m delighted to win this Award,” declared Alexandre Frey, a Member of the JCF Technical Committee, “and feel honoured that my colleagues have voted for me. It’s wonderful to know that the hard work we all put into the Forum is appreciated by others in the industry.”


A Visionary

B0BW2506

Bertrand du Castel was a true visionary, in both his technical leadership and the charm and wit he brought to scientific gatherings. From its inception, he was the outspoken champion of the Java Card platform. As one of its founders, his was an early voice for the Java Card Forum as it sought to lend credence to the use of mainstream computer system technology in the highly constrained world of “smart cards.” It is fitting that the JCF celebrate his life – his dedication, passion, belief and determination helped establish a new paradigm in the world of massively distributed, high security computer architectures. However, his vision extended beyond the technical. He recognized that we all live in the progression of history; and, he had a knack for recognizing episodes of historic importance, from the profound to the seemingly mundane.

Bertrand graduated from the prestigious Ecole Polytechnique in Paris, where he completed his PhD in Theoretical Computer Science with a focus on linguistics. He started his career at IBM before moving to Schlumberger in the late 1970s. At that time, the company was often touted as the “IBM of the oil patch” in an era of profound and pervasive change in the oil and gas industry.

In the mid-1990’s, Bertrand was selected to lead a new project to develop a “post-issuance, programmable” smart card. This would allow what were typically thought of as “tokens” to become highly personal and highly portable computers in their own right. Few besides Bertrand appreciated that this somewhat speculative company venture would change the entire industry. To ensure the success of the project, he soon had to prove his leadership skills – drawing together the best technical minds, uniting internal departments to work together, maintaining management’s belief in the final outcome, and opening up the development work to the industry at large; surely the most controversial aspect of the process.

B0BW2442_1As it emerged that ultimate success would require all smart card competitors to have access to the new non-proprietary technology licensed from Sun Microsystems, Bertrand understood that the industry as a whole had to work together, and in close concert with Sun Microsystems.

So, in a truly prescient move, just days after the first Java Card was produced by Schlumberger, the Java Card Forum was formed on 12th February 1997. Bertrand served as the Chair of the Technical Committee and was instrumental in driving forward each new version of the Java Card platform specification: 2.1 in 1999 (interoperable file format), 2.2.2 in 2006 (ETSI and contactless) – and although he left the Forum in 2006, his vision of a connected card led to the release of Java Card 3.0 in 2008.

In 2005, Bertrand’s contribution to the smart card industry was formally recognised when Card Technology Magazine (the main publication of the smart card industry in its day) named him Visionary of the Year and ran a major article about his work.

Bertrand was a fiercely driven man, who led from the front and never shied away from controversy. Discussions within the Java Card Forum could be intense, but progress was always made. He was a character who injected life into the JCF meetings and, beyond the technical world, he relished the opportunity to be part of the passing history in which we all live. Bertrand also had a love of travel and a profound sense of adventure, exemplified by the time he rode a bus for a couple of days and nights on a trip from Austin to central Mexico to see the destination of the migration of millions of Monarch butterflies from all across North America.

Bertrand loved soccer, both watching and playing the game. He organized weekly “pick up” soccer games in a dusty field at the Schlumberger facility in Austin and in 1998 he immediately vetoed scheduling a JCF meeting during the World Cup Finals at the Stade de France in Paris. One simply did not over schedule such a day.

Bertrand’s esoteric style and deep insights into art, literature and language delighted those in the audience for the myriad presentations and publications in which he sprinkled in these references. There are those that still fondly remember his presentation on “Smart Cards and the Washing Machine.” In latter years, he delved deeply into the realm of neuro-science and the human brain, publishing a peer-reviewed paper in a well-recognized neuroscience journal. He was a complex, charismatic and brilliant man who will be sadly missed – but whose Java Card legacy will continue to evolve and provide secure solutions for many years to come.

DSC09800


The term “visionary” has been tossed around a lot over the years, but for Bertrand du Castel, the title fit.

He saw things not the way they are but the way they could be. And he would persuade, cajole, urge and exhort others to see the possibilities, as well.

A true enabler of innovation–including the creation of the hugely successful Java Card platform for the smart card industry–Bertrand had a knack for consensus building as he convinced others to adopt his vision. If they resisted, he used persistence, an abundant wit and his quirky charm to overcome their reservations.

He will be sorely missed.

Dan Balaban is a journalist and author of a 2005 profile on Bertrand du Castel, “Keeping an Eye on the Future,” in Card Technology magazine.


 

Many thanks to Tim Jurgensen and Bertrand’s family for their contributions to this feature.

Photos:
All photos re-printed with kind permission from Will van Overbeek, www.willvano.com

Sources:
• Personal History of the Java Card; 2009, Bertrand du Castel
• Keeping an Eye on the Future; 2005, Dan Balaban for Card Technology
• Wikipedia entry for Bertrand du Castel


RELEASE OF JAVA CARD 3.1 PROVIDES THE FOUNDATION FOR IOT SECURITY

Berlin, 16th January 2019 – The Java Card Forum (JCF) and Oracle proudly announce the release of Java Card 3.1, which is a major milestone platform update, facilitating the development of advanced security services for existing markets and the emerging Internet of Things (IoT) sector. The JCF have been working in close co-operation with Oracle, providing recommendations for the new specification and the release is a testament to this long-standing partnership of over 20 years.

For current Java Card users, the new version offers a developer-focused technology update to existing secure elements and facilitates the deployment and reuse of large applications. Development of the latest version has also focused on the heightened concern about security and trust in the IoT arena (as more machines and devices become connected), providing new functionality to accelerate development of IoT use cases and support for communication over IoT protocols, and secure access to peripherals.

“I strongly believe in the potential of Java Card technology to benefit new fields of deployment – especially in the Internet of Things,” explains Volker Gerstenberger JCF President and Business Committee Chairman. “With the advent of the IoT age we are seeing more and more connected endpoint devices that need to be connected and secured. We see additional new networks (such as Narrow-Band IoT, for example) that have to be protected and the emergence of a variety of completely new and unforeseen services that need to be enabled, from both a user experience perspective and more importantly, from a security perspective.”

Christian Kirchstaetter, head of the Technical Committee agrees: “The Java Card 3.1 specification has a clear objective to address the Internet of Things security challenges. By this I mean new features supporting integration into IoT devices and new types of communication protocols and therefore becoming the new security powerhouse for IoT.”

“Java Card 3.1 is the most significant feature release of Java Card in over 10 years,” adds Florian Tournier, Senior Director for Java and IoT at Oracle. “The close partnership between Java Card Forum and Oracle has delivered a flexible platform that can fulfil the fast-changing security requirements of Internet of Things devices.”

Java Card 3.1 Documentation can be found here.

Trademarks:
Oracle, Java Card and Java are registered trademarks of Oracle and/or its affiliates.