Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Java Card enables innovative biometric cards

To further improve the performance and production effectiveness of biometric payment cards, Infineon Technologies AG and its strategic partner Fingerprints™ are developing the all-in-one solution SECORA™ Pay Bio.

This turnkey solution will come with a pre-certified Java Card operating system including Mastercard and Visa bio-applets. It will enable a cost-efficient, scalable production based on state-of-the-art card manufacturing equipment.

SECORA™ Pay Bio will extend Infineon’s well-established SECORA™ Pay turnkey solution family (all based an Java Card technology) to address the fast growing segment of biometric banking cards. SLC39B is Infineon’s advanced system-on-chip (SoC) cryptoprocessor with integrated power source, large memory size and diverse peripherals as well as best-in-class contactless performance. The company’s BCoM is a tailored innovative dual-interface Coil on Module (CoM) for SECORA™ Pay Bio, which integrates Fingerprints’ advanced sensor and Infineon’s upcoming Secure Element into a single package. With the inductive coupling technology, no wire-connection between the card antenna and the module is needed. This allows to significantly improve the robustness and long-term reliability of biometric payment cards. With its innovative concept and enhanced capabilities, SECORA™ Pay Bio will make touchless payments more convenient without the need of  low transaction limits.

Java Card technology as a flexible smart card platform combined with GlobalPlatform card management features ennables fast innovation. With the standardized Java Card API, that separates the application layer from the operating system layer, payment networks can focus on the application design, whereas platform providers innovate at the operating system and chip level. The integration of new interfaces to sensors or libraries to extract and match fingerprint information does not result in a complete re-design of the system, but results in new Java Card APIs that can be used by all players in the industry. All this allows interoperability in the market andwill provide added value for all players in the value chain.

More information is available at Payments-in-Motion.


ETSI celebrates its collaboration with the Java Card Forum

As part of the Java Card Forum’s 25 year celebrations, we asked ETSI SET why collaboration with the JCF has been so important over the years and what topics the 2 organisations will be working on together in the future.

By Denis Praca, Chairman of ETSI SET group

Java Card is the de-facto standard referenced by ETSI in TS 102 241 since 2004, for the support of interoperable applications on the UICC platform. Java Card is currently implemented by billions of UICCs, aka SIM cards, probably making this one of the most successful standardin the IT industry. Close collaboration between ETSI SCP, now ETSI SET, has been a key factor for this success.

With the fast growth of the eSIM market, interoperability is becoming more stringent, because of the split between the eUICC platform on one side, issued under OEMs or eUICC manufacturer control, and the Profile issued under the MNO control on the other. Java Card is playing a crucial role in providing this interoperability, allowing the MNOs to continue to deploy their favorite applications in the eSIM ecosystem.

UICC standards are still under constant evolution, in order to adapt to new use cases. ETSI SET has recently issued a new release of its specifications supporting Multiple Logical interfaces allowing the UICC to host several virtual Secure Elements coexisting logically separated and addressed independently through the same physical interface. This offers the means to embed independent identity (e.g. eIDAS), payment or transport applications in the same physical secure element as the eSIM. These new use cases require evolutions of Java Card, especially isolation and management of the different logical SEs and support of new APIs.

Beside the UICC, another technology is emerging in TC SET: the SSP platform. SSP offers more flexibility for its integration in devices with the support of various physical and logical interfaces, as well as for the deployment of secure applications no longer relying on the APDU protocol. Support from the Java Card runtime environment is the next step, for which ETSI SET expect to collaborate with the Java Card Forum.

** The views expressed in this article are solely those of the author listed and do not necessarily reflect the views of the Java Card Forum, its Members or Oracle. **


25 Year Celebration Dinner

On 22nd November 2022, the Java Card Forum celebrated its 25th Anniversary during the Autumn Plenary in Bremen. We were delighted that Eduard Karel de Jong, who was part of the orginal Java Card development team, was able to join us and share some of his stories from “the good old days”! It was a very enjoyable evening, topped off with a delicious celbration cake. Congratulations to all of you who have been part of the Java Card Forum over the years, working hard to make it into the most pervasive technology for enabling certified security in end products.


Java Card – A Foundation for the Future

As part of the 25 Year Anniversary celebrations, the JCF has produced an Infographic to demonstrate the unique benefits of the Java Card platform in providing secure solutions across converging industry segments.

To view the Infographic as a PDF, please click here.


ENISA Lead Certification Expert reflects on JCF longevity & future of Java Card

In the fourth interview of the 25th Anniversary series, Eric Vétillard, Lead Certification Expert at ENISA explains ENISA’s certification mandate and discuses how Java Card certification schemes are related to the ENISA scope. He also reflects on his time as the JCF Technical Committee (TC) Chairman and how it has shaped his career path since.

It’s been a while since you were the Technical Committee Chairman of the Java Card Forum. What have you been working on since then?

The last time I joined the Java Card Forum was when I was with Oracle; I was Product Manager for Java Card. I’ve had a few jobs since, that included a stint at NXP, where I stayed in touch with the JCF through present members like Christian Kirchstaetter [current Technical Committee chairman] and Alexandre Frey, but my focus was actually more on IoT processors and certification.

In 2019, I joined ENISA, the EU Cyber Security Agency, as a Certification Expert, so here I’ve been continuing the work I was actually doing at NXP – working on Cyber Security certification, but focusing more on a scheme on cloud services. So, this is not very close to Java Card, but thanks to my experience with Java Card and more generally with Secure Elements, I’ve also been involved in other schemes that we’re developing in ENISA on Common Criteria and also on 5G, where we’re also on the Embedded UICC. We’re working as a team, so it’s very nice to have this experience and it definitely helps.

What is ENISA doing with certification?

In 2019, the Cyber Security Act made ENISA a permanent agency in the EU and, maybe most importantly, assigned new tasks to the agency. One of these tasks is to design European Cyber Security certification schemes. Our role here is to prepare the schemes, in collaboration both with the industry and with the Member States. When we’re done with that, we’ll actually give these schemes to the Commission, who will derive an implementing Act and they become part of the EU law. 

The first scheme that ENISA worked with is called EUCC – it’s a European scheme for Common Criteria. This one should be quite important for the Java Card community, as most Java Card products are certified with Common Criteria. This scheme will of course be used by at least European chip and card developers, hopefully starting next year with the first certification activities. ENISA will also continue in helping and guiding through the deployment of this scheme and other schemes that we are working on.  

How are Java Card certification schemes related to the ENISA scope?

Java Card is not something that we explicitly talk about, but it often is in the background. For instance, many of the Java Card licencees are represented in our working groups on Common Criteria and 5G, and every time we consider examples of certified products, Java Card platforms are somehow cited. They are such an important component of the supply chain in smart cards’ Secure Elements. I’m also quite confident that some Java Card products will be among the first to be certified with both the EUCC and the EU5G – maybe we’ll be lucky enough to have a Java Card product being the first one to actually be certified.

Of course, with my work on cloud services, we are much further from Java Card and smart cards in general, but it’s interesting to see that there’s always some kind of a surprise reference that comes up every time we talk about access control or authentication. We rely on products, and these products rely on Java Card technology, so the link is indirect, but it’s always there, because the technology is so present everywhere. 

Do you miss the Java Card Forum?

Well, yes I do! I’m not missing the interactions, because my work includes many interactions with the industry, with governments…But the cloud community is very large – discussions have a tendency to grow political at some points. So, what I really miss here is also the lower profile of the Java Card Forum, where you have a limited number of members; most of them are not even known to the general public and what we’re working on still remains in the background, yet we’re collaborating on the design of a product that just about everyone on the planet is using. It’s like we have the impact, but with maybe less visibility. And when you’re actually working on defining the next version of a specification, it’s easier when you work like this – a little bit hidden, especially for the technical people. For the business people this is not always seen as positive!

I’m sometimes missing the excitement of the Java Card Forum’s early days, back in the 1990s, where we were designing the first versions and all our companies were still wondering whether this would work or not. Well, 25 years later and there are a number of Billions of cards being sold every year with Java Card – I guess that now they know the answer to that question and I am very happy to see that the Java Card Forum is still here and that the technology still remains dominant. There hasn’t been another technology coming along and replacing it, and it doesn’t look like this will happen in the near future. I think the Java Card Forum is definitely a nice adventure! 

View the interview in video format here


ENISA Lead Certification Expert reflects on JCF longevity & future of Java Card

In the fourth interview of the 25th Anniversary series, Eric Vétillard, Lead Certification Expert at ENISA explains ENISA’s certification mandate and discuses how Java Card certification schemes are related to the ENISA scope. He also reflects on his time as the JCF Technical Committee (TC) Chairman and how it has shaped his career path since.


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

As part of the Java Card Forum’s 25 year Anniversary celebrations, we have been talking to leading standards organisations to highlight the importance of industry collaboration over the years.
In this interview, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance (TCA) explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.

What is the role of Java Card in Telecoms and how has it evolved over the last 25 years?

Java Card is a key pillar of the Telecoms industry; it’s a key technology for our Secure Element ecosystem. And why is it like this? Because it’s providing the capabilities our ecosystem actually needs.

First of all, it’s providing flexibility, but of course it also provides one of the main features and capabilities, which is interoperability. And due to this, many of the demands that the ecosystem has, can be answered.

The other aspect of evolution, is of course in regards to its market share – you may know that the TCA, formerly the SIMalliance, is tracking its Members’ market data and we started doing this almost 20 years ago (not quite 25 years!). We already started tracking the market share of Java Card in 2004 and back then, I think it’s not a secret if I disclose that we had a market share which was significant, but not yet reaching the level of native operating systems – we had something like 40%. Since then, the market share of Java Card and its adoption in the field steadily grew year on year and we see that this is going to grow even further in the future. So, with new exciting technologies, such as the eSIM, we see that, as far as I am aware, all the eSIMs that are commercially deployed out there in the field are all based on Java Card technology.

It has evolved significantly, because it’s adapting its requirements and capabilities to the needs of our ecosystems very well.

How have the TCA and JCF collaborated?

This started many years ago. The way that the TCA organises its work is by establishing Working Groups. And one of the first working groups that the TCA established was dealing with interoperability – a Working Group that is still alive today. Java Card was a brand new technology in the early days and even though it was claiming to be interoperable from the beginning, different vendors actually interpreted the specification slightly differently and also some of the capabilities and features requested by the customers of those same vendors, were not yet available in the Java Card specification, so proprietary extensions were implemented and that’s what was always causing problems when it comes to the interoperability. As we have key members of the TCA who are also key members of the JCF, we established some sort of “exchange”, so that findings of the TCA were then reported back into the JCF and could be brought into the specifications of Java Card, thus enhancing interoperability and also enhancing the feature set.

What benefits did this collaboration bring?

It improved interoperability – it brought benefits in particular to the whole SIM ecosystem I would say.
Maybe for the network operators it brought the benefit that they had one type of application, so it brought interoperability on the applet level in particular. The idea was to develop an applet once and to run it on all the different platforms of the various SIM vendors and that improved the network operators’ time to market, introducing new services on different SIM vendors’ platforms, because they just had to take the existing applet and put it onto the new SIM and deploy.

For the SIM vendors themselves, it also reduced their efforts, because they just had to develop their application once, and to run it, or even licence it to other SIM vendors, thus also creating additional revenue potential. So, it brought many benefits, in particular, increasing the interoperability of technical implementations.

How does the TCA see Java Card changing in line with the evolving IoT landscape?

The Internet of Things is actually very fragmented, so everyone is understanding something different by this term. You have a wide area of use cases and a wide area of different types of devices. But what they have in common, is that most of those devices need to be connected – so they have a need for connectivity again. And we think that this connectivity should be trusted. In the IoT you don’t currently have security experts, certainly not in the early days at least; they think – let’s connect a device and talk about security later. We think we have to make sure this is done at the very beginning. The technology that we are offering, with SIM technology, eSIM technology and also integrated SIM technology, provides a foundation for first of all enabling trusted connectivity, and of course also for putting additional applications on top of those platforms, that are increasing the security level of the IoT in general. So we think that with Java Card, we can inherit the benefits we have from the traditional SIM and take it and transfer it over into the IoT. And just to add on top of that, of course we also think that eSIM technology, which is based on Java Card these days, is also enabling the IoT to be trusted and more secure. There is also a lot that Java Card can bring with regards to Low Power, to Memory Sizes and so on…there are many features that Java Card is implementing already, that we can leverage off very well, so I think the future is bright for Java Card in IoT and I am very much looking forward to the continued collaboration between the 2 associations on this topic as well.

You can see this interview in video format here.