Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Java Card Forum celebrates its collaboration with ISO/IEC/JTC1/SC17

As the Java Card Forum celebrates its 25th Anniversary, it acknowledges the collaboration with ISO/IEC/JTC1/SC17 and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance. Moreover, Java Card offered a strong, secure environment for applications, and was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a Billion smart cards per year. Now the number has risen to over 6 Billion per year.

The Java Card Forum and ISO/IEC/JTC1/SC17

SC17 is the committee in ISO/IEC/JTC1 that deals with identification and its related documents (e.g. electronic passports), cards, security devices and tokens, and also standardizes the interfaces associated with their use in inter-industry applications and international interchange. The committee has published over 115 standards which build the base and the backbone for any secure application based on identification. The ISO/IEC 7816 series is, for example, the basis for any smartcard operating system.

Java Card and its specification follows the standards of SC17, that allows their usage in all inter-industry applications. The flexibility of the Java Card operating system allows manufacturers and customers to use one implementation of a compliant smartcard operating system with many independent applications – the implementation of applications is separated from the implementation of the operating system. With this approach, Java Card enhances SC17 standards without contradiction and becomes a major stakeholder for existing and future standards.

Future Opportunities

Some traditional applications, such as identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

SC17 and Java Card Forum have had a fruitful, long-lasting partnership and liaison and will continue to inform each other about new developments, features and requirements.

Article by Jean-Daniel Aussel, President of the Java Card Forum and Werner Ness, Business Committee, Java Card Forum


The Birth of JavaCard

By Tad Bogdan and Ted Goldstein, Ph.D.

They say that success has a thousand fathers and failure is an orphan

In the early 1990s, the smartcard industry had many hardware platforms each with their own unique operating environment. Like the computer industry decades before, each smartcard manufacturer created proprietary software tools. The manufacturers intended to optimize performance on their smartcard platforms, and to lock customers into their platforms. Customers such as MasterCard and Visa demanded an open, standardized platform from the industry before committing to a smartcard strategy. Many efforts began to answer this need, two of which were Mondex and Integrity Arts. David Everett of NatWest bank in England designed Mondex, a multi-application, multi-currency, secure, smartcard-based payment system. Meanwhile, Patrice Peyret at Gemplus formed a spinoff company called Integrity Arts that created a new programming language called TOSCA. But the tools for programming Mondex and TOSCA were not available to the public.

At the same time, the Sun Microsystems’ Java platform was trying to solve a similar problem of software applications that would work on any computer. Java implemented the ideal of Write Once, Run Anywhere (WORA) applications. Sun founder Bill Joy always proposed open portable platforms. The Java system enables binary programs to run unmodified across any computer platform using an object-oriented C-like language. The Java language uses a portable byte code that is dynamically compiled across any CPU architecture.
The Internet was just emerging as a potent technology and enabler of many new businesses. Smartcards seemed like a good way to bring physical security and identity to credit and debit cards, and government ID cards, and emerging mass-transportation systems. Before Java, smartcard developers had to program in low-level machine code, a tedious error-prone process. The Java system provided an easy-to-use, efficient, high-level language to create secure applications for commerce and the Internet. The trimmed Java system designed for smartcard applications was called JavaCard.

In 1995, seizing this opportunity, James Gosling and Ted Goldstein created JavaCard to expand Sun’s Java franchise and offer a subset of the Java language to develop secure payment applications. Java even works on the largest Cray supercomputers. Thus, having the great virtue that Java programs could then run from smartcards to supercomputers (SC-SC) —the most extensive range of computing capabilities possible. Smartcards were well established in Europe. But payment systems in the USA at the time used magnetic stripe technology and did not yet have a smartcard platform. Giant payment aggregators such as Visa and Mastercard did not want to commit to a single smartcard manufacturer. Peter Hill, Executive Vice President at Visa, recognized in JavaCard an opportunity to have a smartcard manufacturer-independent standard. Visa became the first large payment company to license JavaCard. Visa mandated JavaCard for all of Visa’s smartcard payment cards. Later, MasterCard acquired Mondex, and Peter Hill joined as their CTO, licensed JavaCard, and ported the Mondex payment platform to JavaCard.

The following fall, Ted Goldstein authored the first JavaCard 1.0 API as part of the Java Development Kit (JDK) 1.1 specification. He became Sun Microsystems’ Chief Java Commerce Officer and began presenting JavaCard publicly.

Concurrently, Tim Jurgensen and Scott Guthery of Schlumberger Inc. were developing a smartcard system based on Java. So they visited JavaSoft (a new division of Sun Microsystems) to ask whether they could license the Java name. JavaSoft had already begun working on JavaCard, so the Java team explained that the Java licensing model was not just a name and a logo. It also required that any Java product conform to interoperable manufacturer-independent standards and pass a
compliance software test suite. JavaSoft and Schlumberger decided to join forces. With Schlumberger’s endorsement, the idea of JavaCard prompted Sun to commence a licensing campaign to smartcard manufacturers and their customers.

Tad Bogdan rejoined Sun to head up the JavaCard Sales and Business Development initiative. He developed the business licensing model for JavaCard and proceeded to license JavaCard to over twenty smartcard companies, comprising 95% of the smartcard world market. Sun formally launched JavaCard at the Salon de Cartes in 1996, and the first royalty payment for JavaCard was received in June of 1997. The JavaCard forum began that same summer in Marseilles, France. Before the end of year, Sun Microsystems acquired Integrity Arts from Gemplus, giving Sun sufficient technical horsepower to support the smartcard technology and to create JavaSoft’s implementation of the JavaCard API.

There are now many billions of JavaCard products in the world. Payment and Financial Services were the original market driver, which quickly expanded to include Telecom, Set-top boxes, Government Identity, Corporate Identity, Portable Anonymous Stored-value, Transportation, Network Security, Medical, and other markets. An industry full of JavaCard Forum members, licensees, developers, and customers make JavaCard arguably the most ubiquitous operating platform in the world. Oracle acquired Sun Microsystems in 2010 and still licenses the JavaCard technology to new licensees every year!

Tad Bogdan is currently a consultant, speaker, and the author of “HOW TO MASTER THE UNIVERSE: A Guide for Mastering you Personal, Interpersonal, and Professional Lives” http://www.MasterTheUniverse.org.

Ted Goldstein, Ph.D. is a consulting CTO and investigator seeking new horizons in technology, artificial intelligence, and healthcare. Previously he was an Apple Vice President and a cancer researcher on the Faculty of Medicine at University of California at San Francisco. 

** The views expressed in this article are solely those of the authors listed and do not necessarily reflect the views of the Java Card Forum, its Members or Oracle. **


Java Card is platform of choice for first M2M eSIM certification under GSMA’s Security Assurance scheme

STMicroelectronics has the first machine to machine (M2M) eSIM certified by the GSMA’s Security Assurance scheme.

STMicroelectronics used SGS Brightside in Delft, the Netherlands, to test its ST4SIM-201v1.0.8, with the tests ratified by GSMA’s appointed Certification Body, TrustCB, also in the Netherlands.

The certification scheme by the GSM Association ensures that new eSIM products are resilient against a range of high-level attack threats and is designed to speed up the security certification process, overcome complexities, and reduce time to market for eSIM products.

The GSMA is currently seeking tenders for the provision of eSA Scheme Certification Body services.

M2M and IoT roll outs are moving to remotely configured eSIMs and integrated iSIM devices to simplify the roll out of hundreds of thousands of devices without having to individually provision separate SIM cards. However ensuring that the technology is rugged and secure is vital.

The ST4SIM-201S eSIM (above) is designed for all IoT devices and can remotely manage different MNO profiles while ensuring the appropriate security level.

The device is based on the ST33G1M2 with a tamper-resistant secure element certified by Common Criteria EAL5+, with a 32bit ARM SecurCore SC300 core. It supports a secure and interoperable Java Card environment compliant with Java Card v3.0.5 classic and integrates a dynamic memory management with Java Card garbage collection mechanism optimizing the usage of the memory.

The GSMA certification scheme requires manufacturers to prove a benchmark level of security resilience across product processes. It does this by combining high-security quality with a pragmatic evaluation implementation approach adapted for the mobile market. The processes are in line with industry and ISO requirements and reflect the highest Common Criteria security standards recognised in Europe.

“The GSMA is committed to promoting security across the entire mobile ecosystem to ensure the benefits of mobile connectivity can be enjoyed safely by all. In addition to guaranteeing the highest security – eSA ensures that eSIM products have the same level of security resilience required for chips embedded in passports – we are delighted that our processes enable faster time to market for manufacturers,” said the GSMA’s Chief Technology Officer, Alex Sinclair.

“This is a critical milestone for STMicroelectronics, and we thank the GSMA for maintaining the highest security levels for the product and their efforts to support reduced time-to-market with quick and efficient eSIM certification,” commented Laurent Degauque, Marketing Director at STMicroelectronics.

“SGS Brightsight is pleased to implement the GSMA assurance framework to maintain high security quality using a pragmatic and efficient evaluation approach. The programme ensures we focus on the topics that are fundamental to promoting a ‘security-first’ culture across the entire telecommunication and network industry,” said Adjay Gopie, Director Business Development at SGS Brightsight.

“TrustCB is delighted to issue this first eSA certification. From the very start, the eSA scheme has proved its ability to provide a high-assurance certification in a predictably short timeframe alongside experienced labs. Congratulations to ST for their certified ST4SIM-201v1.0.8 and thanks to SGS Brightsight,” said Wouter Siegers, CEO at TrustCB.

Press Release from eeNews Europe (20/7/22)


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

In the third interview of the 25th Anniversary series, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.


Why STMicroelectronics and G+D Mobile Security have chosen Java Card technology for their In-Vehicle system-on-chip solution for Secure Car Access

STMicroelectronics has announced a new platform to accelerate the introduction of digital car keys giving consumers keyless access to vehicles via their mobile device.

In addition to strengthening security, digital car keys can deliver greater owner conveniences, including customizable usage privileges while continuing to secure the vehicle. Activities such as car sharing, fleet management, and vehicle rental gain benefits such as easier key issuance, usage controls, and access for valeting and servicing.

Based on the most recent ST Automotive grade Secure Element hardware, the global solution, developed in collaboration with Giesecke+Devrient (G+D), supports the latest Car Connectivity Consortium (CCC) Digital Key release 3.0 standard, ensuring the highest security and protection currently available.

Leading automotive brands can now quickly build standards-based, secure car-access solutions that deliver added value for vehicle owners and users,” said Laurent Degauque, Marketing Director, Secure Microcontrollers, STMicroelectronics. “Our solution based on automotive Grade embedded secure element ensures state-of-the-art protection to lead widespread market adoption of digital keys for connected cars.”

“As a long-standing partner in security and connectivity for the automotive sector, G+D contributes a wealth of experience in the field of access control for cars”, says Mario Feuerer, Global Vice President Product Management Connectivity at G+D.“Our G+D Digital Key® application, based on the new ST chip platform, is highly resistant to attacks and features smart and convenient customer access solutions based on NFC, Ultra-Wide-Band and BLE.”

ST’s STSAFE-VJ100-CCC in-vehicle system-on-chip solution is based on CC EAL6+ certified, automotive-grade 2 ST33K-A secure IC, integrating Java Card applications. The SoC stores credentials and other sensitive information, and performs cryptographic operations required to implement CCC Digital Key Release 3 use cases like owner pairing, key sharing, key termination/deletion. This provides a robust foundation for customers to build their digital car-key solutions.

More about ST’s digital car access systems can be found here.

More about G+D’s digital car key solutions can be found here.


JCF Technical Committee Members discuss the challenges that Java Card technology will address in the coming years

In the second interview of the 25th Anniversary series, 3 members of the Java Card Technical Committee: Christian Kirchstaetter (Technical Committee Chairman), Luca Di Cosmo and Alexandre Frey (past winners of the annual Bertrand Award) discuss how the Java Card specification is changing in response to new markets and the impact this will have for developers.

The last 25 years have led to quite some changes to the specification. What will the work of the technical committee look like over the next 10 years. Or differently asked, what will the specification look like after 10 years?
Java Card will still be the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, Global Platform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal.
In the past we learnt that we needed to look into the market requirements and translate this into the evolution of the specification. We see that the coming years will be challenging due to the increased complexity of our ecosystems. We need to add more flexibility in the provided mechanisms of Java Card, while maintaining the backward compatibility and security.

What challenges is the Java Card Forum facing in new markets?
Traditionally, smart card products have always been associated with the card form factor but, more recently, secure elements soldered on PCBs and integrated secure elements came into play, introducing new technical issues to solve, as well as new kinds of security concerns. As Java Card Forum technical experts, we have wide experience with security evaluation methodologies (Common Criteria, EMVco, etc.) and we collaborate with Oracle in maintaining the Java Card Protection Profile to ease evaluations of Java Card products – but new markets will bring new challenges as well. For instance, the Automotive market defines its own cybersecurity assessment methodology (ISO 21434): fostering integration of Java Card secure elements in the automotive market means looking at the best ways to harmonize smart card security with automotive cybersecurity concerns, including the production of supporting documents.

What are the biggest advantages of using the Java Card Platform?
* Java Card provides a perfect separation between the actual application domain knowledge and the required know-how to securely and efficiently use hardware platforms.

* Application developers can utilize a subset of the Java language and a standardized Java Card API to implement their applications.

* In the past, the number of different use cases has increased due to new markets and requirements. Java Card allows adoption to new environments much faster than specialized native solutions can.

* The biggest advantages compared to native solutions are when it comes to scenarios where different applications need to be served by one product. This also holds true when it comes to the certification of the individual applications.

When you look at the evolution of the Java Card specification over the next few years, will it be necessary to update application code to comply with latest Java Card specs?
No, this not be required. Being a specification designed with backward compatibility in mind, applications not using the latest features will run unchanged on the newest Java Card platforms, thus allowing seamless integration of existing applications with state-of-the-art Java Card platforms. We have seen in the past how important it is to keep backward compatibility. Platform users take legacy applets and install them unchanged on new platforms, together with other applets, creating new product variants. Differently said, an update of the Java Card specification with the exchange of the platform does not cause problems for legacy applets. New applets can benefit from the new features.

What do you find technically interesting about Java Card?
Java Card is the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, GlobalPlatform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal. We like to work on the challenge to utilize the Java language in very small deeply-embedded devices with only kilobytes of memory. It is amazing to see how all impacting factors finally lead to a sound picture in the form of a specification.
It is exciting to work on a specification that leads to broadly spread products in various markets. We talk about billions of devices and the most used operating system on this planet.
We are excited to participate in the success story of a specification that is only 25 years old and will continue to evolve to open up new markets. Java Card is not only a standard; from a technical point of view it is also a very complex platform providing a high amount of functionality used by applets.

You can view the actual interview below: