Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Smart Payment Association highlights the importance of Java Card technology for enabling secure payments

As part of the Java Card Forum’s 25 year celebrations in 2022, we asked the Smart Payment Association why the work of the Java Card Forum, and in particular the release of the Java Card 3.1 specification, is key to the evolution of payment security.

By Lorenzo Gaston, Technical Director, Smart payment Association

The IoT use case for card payments and Java Card v3.1 Specifications

IoT is a debated technology in the card payments industry since 2017. Different pilots are ongoing for a series of identified scenarios: Smart home, wearables and intelligent cars, as well as the next generation of petrol stations. Yet they still remain inconclusive.  Use cases in these scenarios assume that an IoT device may initiate a purchase and/or a payment on behalf of the end-user. These use cases are not that easy to categorize from a legal perspective.  IoT card payments also raise challenges in terms of legal compliance, with requirements for authentication, end-user consent and payment repudiation.

Moreover, IoT systems are cyber-vulnerable and shall be subject to specific design security certification procedures according to the EU Cybersecurity Act and the recent EU Cyber Resilience Act (“The CRA”). It’s still unclear how these EU Acts will impact card payment products implemented in different form factors. The reality is that (1) early compromise of IoT payments would kill the aforementioned uses cases and (2) security vulnerabilities exist in IoT because of the broad level of heterogeneous devices in field, with reduced memory and processing capabilities.

The deployment of IoT systems suffers from a lack of technical standards as well, especially if the payment processing back-office is hosted in the Cloud. These different legal and technical unknowns make the broad adoption of IoT by banks difficult. As a result, the payments card industry, is in a “wait and see” position, until IoT devices reach the level of maturity in terms of security, required to support card-based payment applications.

In this context, SPA can only welcome the effort provided by the Java Card Forum to release the Java Card 3.1 specifications, intended to also enable the development of an open and interoperable application platform for the security of IoT devices.  Java Card 3.1 introduces new APIs and updated cryptography functions to address IoT security needs. Java Card 3.1 also allows the development of security services that are portable across a wide range of IoT security hardware. Remote device attestation services as specified by the JC 3.1 will contribute to the early identification of IoT components that have been tampered with. IoT systems will feature a diversity of technical architectures and communication pathways between individual IoT devices, intermediate gateways and back-office payment authorization servers. The new extensible I/O model enables central applications to exchange sensitive data directly with connected IoT devices, over different physical layers and application protocols. In this context, the ability to address and fix individual IoT devices is a core security requirement. If IoT devices support JC 3.1 implementations, the monitoring capability of central banking facilities will be substantially improved.

SPA believes that the publication of JC 3.1 represents a key step forward to increase trust in IoT technology by the financial community. With that in mind, SPA draws your attention to the fact that PCI-SSC has just released its first bulletin including security considerations when deploying IoT in card payments. It includes with a definition for IoT devices, not specific to payments and more interestingly it provides a list of 10 “high level” security controls IoT “secure” devices should meet. These 10 security controls are mapped onto specific detailed requirements in a US ANSI/CTA 2088-A “Baseline Cybersecurity Standard for Devices and Systems”. Things are starting to move in the payments industry with respect to IoT technology and JC 3.1 appears as a timely enabler for this positive market evolution.

Is there a case for the implementation of Post-Quantum payment cards using JC v3.1 specifications?

Cryptographic extensions proposed by Java Card 3.1 significantly increases the potential for the card to provide security services to payment systems. Card payment systems are in the process of evaluating migration patterns towards stronger cryptography. A new generation of chips supporting more efficient Java Virtual Machines will allow the usage of more complex cryptographic algorithms. The challenges for the migration differ:

  • Migration to AES 256 bit will protect symmetric cryptography for card payment systems against quantum cryptanalysis. Given that, symmetric post quantum cryptographic algorithms are defined and standardized and can already be adopted. Domestic and International Card Schemes are already in the process of migrating from TDES to AES. JC v3.1 supports new cipher modes for AES and updated cryptographic packages to handle symmetric keys as trusted objects
  • The pathway for stronger asymmetric cryptography is more complex and different, as there are currently no post quantum cryptographic algorithms for the asymmetric use case defined or available. Furthermore, some of the proposed algorithms impose some challenges to current secure elements that implement Java Card technology, in terms of performance and available memory space. Within the payment industry, migration strategies are under discussion. SPA defends the use case of offline payment authentication using ECC according to:
  • The EMVCo recently released specifications: EMV Specification Bulletin 243 for contact cards and ECC C-8 Contactless Kernel specification for contactless payments and,
  • Backwards compatibility with existing RSA-based products

Therefore, in the short term, SPA outlines the need to specify methods for the ECC algorithms for both the EMV contact and EMV C-8 contactless specifications.

In the medium term, hybrid cryptographic payment cards and terminals will support classical and post-quantum public key mechanisms in addition to AES.  Because of the traditional long term migration periods for devices in card payment systems, it matters that future versions of the Java Card API include methods for access of payment applets to Post-Quantum cryptographic algorithms, such as those under standardization by US NIST after the conclusion of the 3rd round in the NIST selection contest.

What new regulated payment instruments could benefit from JC v3.1 extended functionalities?

The current payment landscape is dominated by cash and card payments for retail and person-to person transactions. For online payments, there are additional methods established, mostly based on direct credit transfer. New methods, such as instant payment or central bank digital currencies are on the horizon.  Regulations, such as PSD2 for example, and the planned PSD3 from the EU, enforce higher security for all of these payment methods by mandating strong customer authentication (SCA). They also intend to open payment methods to independent players, so-called Payment Initiation Service Providers (PISPs) and Account Servicing Payment Service Providers (ASPSPs).

Java Card technology is well suited to support these new payment instruments and comply with SCA, by implementing the legally defined authentication factor “something you own”. This can typically be a Smart Card, a mobile phone with an embedded Secure Element or (embedded) UICC, or other form factors. When these secure elements are based on JC 3.1 technology, they offer a simple possibility to add on these platforms multiple payment applications for different payment systems, which can, for instance, share essential confidential personal authentication data, such as the PIN code. As a further extension, it can also provide biometrics as an on-device cardholder verification method supporting the authentication factor “what you are”. Finally, the highly standardized JCF technology also allows a simple usage of these applications on different product platforms, without the need to change the application in the form of a Java Card applet itself.

State of the global market for payment cards and how SPA is advocating the use of card technology as the preferred retail payment instrument 

The Smart Payment Association (SPA) includes the leading payment card vendors (AUSTRIACARD, IDEMIA, G+D, Thales DIS) and silicon manufacturers (Infineon, ST).  SPA is organized in eight different WG’s addressing key domains of the payments card industry. Four of these WGs are of a technical nature and support the activity of SPA in standards bodies (EMVCo, PCI-SCC, European Cards Stakeholders Group (ECSG), European Payments Council (EPC)), payments industry groups led by European Payment Regulators (i.e. Payment Systems Market Expert Group – PSMEG), as well as the close monitoring of the evolving regulatory context for payments and the corresponding security certification framework (e.g., ENISA). SPA is recognized by its partners by our high level of commitment and contribution.

The smart payment cards market continues growing:

  • 2.63 billion smart payment cards and modules were delivered worldwide in 2021 by SPA Members and Advisory Council participants
  • Contactless cards accounted for 76% of all shipments, hitting the 2 billion threshold for the first time.
  • Circa 100 million next-generation eco-friendly smart payment cards delivered globally

** The views expressed in this article are solely those of the author listed and do not necessarily reflect the views of the Java Card Forum, its Members or Oracle. **

Saqib Ahmad is announced as the 2022 “Bertrand” Award Winner during 25th Anniversary Year

Saqib is recognised by his peers for his exceptional contribution to the Java Card Forum’s work

To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF who sadly passed away in February 2019), the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF was keen to showcase the “Bertrand” as a visible recognition of the continued drive and dedication still shown by its Members, 25 years since its inception.

Each year the Business and Technical Committee Chairs nominate up to four Members who have made a significant contribution to the Forum and voting is then open to each individual JCF participant. This year’s nominees were:

  • Saqib Ahmad (Oracle)
  • Nicolas Regnault (Thales)
  • Werner Ness (G+D)
  • Ettore Toscano (ST)

Although Saqib could not be at the Award ceremony held during the JCF Autumn Plenary meeting in person, he participated via Zoom and could be congratulated by his peers.

“Saqib is a well-deserved winner,” said Jean-Daniel Aussel, President of the Java Card Forum e.V. “In his position at Oracle, Saqib had a long history with Java Card technology, particularly in the areas of specification improvement, extension and protection profile maintenance and has significantly contributed to the specification extension with his considerable knowledge and experience. We are delighted to have this opportunity to formally recognize his hard work and expertise.”

“I’m honored to be chosen the recipient of the Bertrand Award for the year 2022 by my peers at Java Card Forum,” declared Saqib. “I was part of the Java Card Forum, on and off, for about 20 years. During this time I had the privilege to work with great professionals like Bertrand Du Castel himself, after whom this award is named. Java Card is marvelous technology and the Java Card Forum is doing an excellent job steering it in the right direction and driving its market adoption. While I’m not part of the Java Card family anymore, I still remain a strong proponent and evangelist for the technology and I see a great future for it.” 

Congratulations to all of the selected nominees and in particular Saqib Ahmad for his win.

Java Card enables innovative biometric cards

To further improve the performance and production effectiveness of biometric payment cards, Infineon Technologies AG and its strategic partner Fingerprints™ are developing the all-in-one solution SECORA™ Pay Bio.

This turnkey solution will come with a pre-certified Java Card operating system including Mastercard and Visa bio-applets. It will enable a cost-efficient, scalable production based on state-of-the-art card manufacturing equipment.

SECORA™ Pay Bio will extend Infineon’s well-established SECORA™ Pay turnkey solution family (all based an Java Card technology) to address the fast growing segment of biometric banking cards. SLC39B is Infineon’s advanced system-on-chip (SoC) cryptoprocessor with integrated power source, large memory size and diverse peripherals as well as best-in-class contactless performance. The company’s BCoM is a tailored innovative dual-interface Coil on Module (CoM) for SECORA™ Pay Bio, which integrates Fingerprints’ advanced sensor and Infineon’s upcoming Secure Element into a single package. With the inductive coupling technology, no wire-connection between the card antenna and the module is needed. This allows to significantly improve the robustness and long-term reliability of biometric payment cards. With its innovative concept and enhanced capabilities, SECORA™ Pay Bio will make touchless payments more convenient without the need of  low transaction limits.

Java Card technology as a flexible smart card platform combined with GlobalPlatform card management features ennables fast innovation. With the standardized Java Card API, that separates the application layer from the operating system layer, payment networks can focus on the application design, whereas platform providers innovate at the operating system and chip level. The integration of new interfaces to sensors or libraries to extract and match fingerprint information does not result in a complete re-design of the system, but results in new Java Card APIs that can be used by all players in the industry. All this allows interoperability in the market andwill provide added value for all players in the value chain.

More information is available at Payments-in-Motion.

25 Year Celebration Dinner

On 22nd November 2022, the Java Card Forum celebrated its 25th Anniversary during the Autumn Plenary in Bremen. We were delighted that Eduard Karel de Jong, who was part of the orginal Java Card development team, was able to join us and share some of his stories from “the good old days”! It was a very enjoyable evening, topped off with a delicious celbration cake. Congratulations to all of you who have been part of the Java Card Forum over the years, working hard to make it into the most pervasive technology for enabling certified security in end products.

Java Card is platform of choice for first M2M eSIM certification under GSMA’s Security Assurance scheme

STMicroelectronics has the first machine to machine (M2M) eSIM certified by the GSMA’s Security Assurance scheme.

STMicroelectronics used SGS Brightside in Delft, the Netherlands, to test its ST4SIM-201v1.0.8, with the tests ratified by GSMA’s appointed Certification Body, TrustCB, also in the Netherlands.

The certification scheme by the GSM Association ensures that new eSIM products are resilient against a range of high-level attack threats and is designed to speed up the security certification process, overcome complexities, and reduce time to market for eSIM products.

The GSMA is currently seeking tenders for the provision of eSA Scheme Certification Body services.

M2M and IoT roll outs are moving to remotely configured eSIMs and integrated iSIM devices to simplify the roll out of hundreds of thousands of devices without having to individually provision separate SIM cards. However ensuring that the technology is rugged and secure is vital.

The ST4SIM-201S eSIM (above) is designed for all IoT devices and can remotely manage different MNO profiles while ensuring the appropriate security level.

The device is based on the ST33G1M2 with a tamper-resistant secure element certified by Common Criteria EAL5+, with a 32bit ARM SecurCore SC300 core. It supports a secure and interoperable Java Card environment compliant with Java Card v3.0.5 classic and integrates a dynamic memory management with Java Card garbage collection mechanism optimizing the usage of the memory.

The GSMA certification scheme requires manufacturers to prove a benchmark level of security resilience across product processes. It does this by combining high-security quality with a pragmatic evaluation implementation approach adapted for the mobile market. The processes are in line with industry and ISO requirements and reflect the highest Common Criteria security standards recognised in Europe.

“The GSMA is committed to promoting security across the entire mobile ecosystem to ensure the benefits of mobile connectivity can be enjoyed safely by all. In addition to guaranteeing the highest security – eSA ensures that eSIM products have the same level of security resilience required for chips embedded in passports – we are delighted that our processes enable faster time to market for manufacturers,” said the GSMA’s Chief Technology Officer, Alex Sinclair.

“This is a critical milestone for STMicroelectronics, and we thank the GSMA for maintaining the highest security levels for the product and their efforts to support reduced time-to-market with quick and efficient eSIM certification,” commented Laurent Degauque, Marketing Director at STMicroelectronics.

“SGS Brightsight is pleased to implement the GSMA assurance framework to maintain high security quality using a pragmatic and efficient evaluation approach. The programme ensures we focus on the topics that are fundamental to promoting a ‘security-first’ culture across the entire telecommunication and network industry,” said Adjay Gopie, Director Business Development at SGS Brightsight.

“TrustCB is delighted to issue this first eSA certification. From the very start, the eSA scheme has proved its ability to provide a high-assurance certification in a predictably short timeframe alongside experienced labs. Congratulations to ST for their certified ST4SIM-201v1.0.8 and thanks to SGS Brightsight,” said Wouter Siegers, CEO at TrustCB.

Press Release from eeNews Europe (20/7/22)

Why STMicroelectronics and G+D Mobile Security have chosen Java Card technology for their In-Vehicle system-on-chip solution for Secure Car Access

STMicroelectronics has announced a new platform to accelerate the introduction of digital car keys giving consumers keyless access to vehicles via their mobile device.

In addition to strengthening security, digital car keys can deliver greater owner conveniences, including customizable usage privileges while continuing to secure the vehicle. Activities such as car sharing, fleet management, and vehicle rental gain benefits such as easier key issuance, usage controls, and access for valeting and servicing.

Based on the most recent ST Automotive grade Secure Element hardware, the global solution, developed in collaboration with Giesecke+Devrient (G+D), supports the latest Car Connectivity Consortium (CCC) Digital Key release 3.0 standard, ensuring the highest security and protection currently available.

Leading automotive brands can now quickly build standards-based, secure car-access solutions that deliver added value for vehicle owners and users,” said Laurent Degauque, Marketing Director, Secure Microcontrollers, STMicroelectronics. “Our solution based on automotive Grade embedded secure element ensures state-of-the-art protection to lead widespread market adoption of digital keys for connected cars.”

“As a long-standing partner in security and connectivity for the automotive sector, G+D contributes a wealth of experience in the field of access control for cars”, says Mario Feuerer, Global Vice President Product Management Connectivity at G+D.“Our G+D Digital Key® application, based on the new ST chip platform, is highly resistant to attacks and features smart and convenient customer access solutions based on NFC, Ultra-Wide-Band and BLE.”

ST’s STSAFE-VJ100-CCC in-vehicle system-on-chip solution is based on CC EAL6+ certified, automotive-grade 2 ST33K-A secure IC, integrating Java Card applications. The SoC stores credentials and other sensitive information, and performs cryptographic operations required to implement CCC Digital Key Release 3 use cases like owner pairing, key sharing, key termination/deletion. This provides a robust foundation for customers to build their digital car-key solutions.

More about ST’s digital car access systems can be found here.

More about G+D’s digital car key solutions can be found here.

JCF President shares his insights into the success of Java Card over the last 25 years & plans for the future

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Why do you think Java Card has been so successful?

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance.  Moreover, Java Card offered a strong, secure environment for applications, and Java Card was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a billion smart cards per year. 

There are several major benefits of Java Card:

  • Application interoperability, with one single solution in terms of coding, testing, certification and executing on different vendor platforms 
  • Hardware independence, with the ability to support any type of secure element, such as removable smart cards, embedded secure elements or integrated, so that vendors can reuse the sample Java Card platform for different markets and products 
  • Market segment independence, as the same Java Card platform can be deployed to host payment, identity, telecommunications or IoT applications
  • Perfect fit for secure element requirements, in terms of security, footprint, or performance
    • Recognition and very close alignment with the technology evolution and standardisation in various major standard organisations referencing Java Card
    • A high degree of backward compatibility of the specifications – continuity of product portfolios

How was the Java Card Forum instrumental for the success of Java Card?

Early on, the pioneers of Java Card realised that this technology was a major shift that required standardisation to ensure interoperability. They decided to join efforts within a newly created Java Card Forum and provide recommendations to the owner of the Java language – at that time Sun – for the maintenance and evolution of the Java Card technology. 

The Java Card Forum is the key place and indispensable environment where Java Card technology is defined and developed, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology). 

The Java Card Forum is an open Forum where recommendations are discussed to influence the future features of Java Card and shape the evolution of Java Card, making it the major platform for smart cards.

What is the outlook of Java Card from a Java Card Forum perspective?  

We see some evolution on two major levels, due to the increasing demand for security solutions. 

Some traditional applications, such as the SIM cards, payment cards or identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

Moreover, we see new applications that can benefit from Java Card’s unique features, for example, Internet-of-Things devices or gateways, which are bound to rise exponentially with 5G and massive IoT. Here again, efficient power management, communication with external sensors, as well as lightweight cryptographic or communication protocols with the cloud, is key.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

If companies are interested in joining the Java Card Forum, how would they go about it?

The Java Card Forum is an open Forum and there is only one condition – that you have to be an Oracle licencee. Then you can apply for membership and help shape the future of Java Card. We look forward to welcoming you. [Find out more about membership here.]

You can see this interview in video format below: