Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Remaining relevant after 20 years; The Java Card Forum

By Volker Gerstenberger, President of the Java Card Forum

Volker_G h&s

This year marks the 20th Anniversary of the Java Card Forum. At first glance one could look at the Java Card Forum as just another industry association but I think it is so much more. Of course, just like any industrial initiative, it was set up to lay down technical groundwork – but it was also there to promote Java Card technology as a whole concept and platform.

Already in the very early days, the commitment to co-operation was quite unique – with several companies coming together to lay down the technical requirements of the first Java Card specification and passing these specifications to a third party who took on the responsibility to drive, test and make ready for market use. This kind of technological breakthrough was based on successful international co-operative standardization, perhaps only surpassed by the success story of GSM and similarly, as GSM has evolved, so has Java Card technology. Both have a similar commitment to succeed with close co-operation

I wasn’t there in the early days, but I think that one of the highlights of Java Card technology was the initial establishment of the first joint specification – when the ‘baby was born’, so to speak. To my mind that must have been a very rewarding situation for the people involved in the standardization process or being active in driving this technology forward. The actual first shipment to a customer must also have been very exciting for the people behind JCF at the time. And then to witness Java Card technology soaring to new heights with respect to deployment – the ultimate proof of market acceptance.

All of this success was, in the early days, mainly driven out of the telecommunication sector. By far the most successful implementation of Java Card is on the SIM card where Java Card is now contributing to the majority of SIMs delivered since 2005. We are talking about numbers close to 20 Billion being shipped over the last 20 years. Payment and Identification implementations have also been realized from the very beginning, but in terms of volumes could not keep the pace of the telecommunication sector. In the past few years however, the Financial sector is growing rapidly in terms of Java Card deployments. Today we are seeing it expand into new areas, such as the developing area of the Internet of Things.

One of the biggest misconceptions about Java Card is to assume that the technology is only applicable to cards. Yes, it’s all in the name and therefore no one other than us marketing guys are to blame for this naming misconception! But who knew back in 1997 (when the Forum was formed) that we would one day have machines talking to each other – extensively. Even the science fiction movie ‘Terminator 3 – Rise of the Machines’ didn’t appear until 2003.

Java Card technology has always been a highly secure execution platform for innovative services: be it for SIM based services in the telecommunications area, be it for smart payment services in the banking and financial service area or for providing a secure home for identity use cases such as passports or identity and health documents. This still holds true for today’s scenarios. There are a variety of use-cases for the platform and not all of them are card based.

What is important to understand though, is how relevant Java Card technology remains today. With the advent of the age of the Internet of Things we are seeing more and more connected endpoint devices that need to be secured. We see additional new networks (such as Narrow-Band IoT, for example) that have be protected and we are seeing the emergence of a variety of completely new and unforeseen services that need to be enabled from both a user experience perspective and, more importantly, from a security perspective.

With these scenarios in mind I (and the other members of the Forum) believe the Java Card technology still has a lot to offer and we are committed to working together with our partner Oracle to ensure that the Java Card platform meets these challenges.

 Without stealing all the thunder for our anniversary year, I can report that we are now working on the next version of the Java Card specification with the clear objective to address the main Internet of Things challenges. By this I mean being able to be integrated into new devices and adapting to new types of communication protocols and therefore become the new security powerhouse for IoT.

In preparation for the 20th Anniversary celebrations I was asked what my personal feelings in regard to 20 years of JCF were. It’s a tough one to answer, but I think that I would be honoured if 20 years from now I could tell my grandchildren that it was us who brought Java Card technology into the 21st Century.

I am convinced that Java Card technology still has an important role to play and there is an increasing necessity in it providing security for the coming Internet of Things. Having said that – here’s to another 20 years!