Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Why Infineon have Java Card technology at the heart of their SECORA™ ID solution

Java Card accelerates regional ID Integration – whatever the requirements

SECORA™ ID is a new member of Infineon’s SECORA™ family based on SECORA™ Pay. It supports, in addition to SECORA™ Pay, all the features necessary to serve typical ID use cases. Typical ID applications are standardized to a high extent.

Identification is mostly based on the ICAO 9303, which defines the MRTD (machine readable travel document). This standard, primarily developed for electronic passports (ePP), is also used for National electronic ID (NeID) cards and a variation for the electronic Driving License (eDL). Authentication needed for applications such as NeID or electronic health cards is predominately based on ISO and CEN (European Committee for Standardization) standards, as well as newer standards such as FIDO.

However, every country has its own system and solution based on national requirements and applications. It is these scenarios that demonstrate the benefits from developing with Java Card technology. Java Card based technology provides a high flexibility to support various use cases and interfaces. The open platform allows the user to implement their own applet through the use of sophisticated tools from Infineon. Additionally, the customer can use a ready-to-go solution, comprising of applets for eGovernment applications.

Performance and security are key for governmental applications. SECORA™ ID is secured by a security controller based on high-speed 100MHz CPU technology, equipped with state-of- the-art security features. Both the hardware and SECORA™ ID are certified on highest security levels CC EAL 6+ and EMVCo based on the Java Card protection profile.

Find out more:  https://www.infineon.com/cms/en/product/security-smart-card-solutions/secora-security-solutions/secora-id-security-solutions/


Luca Di Cosmo is announced as the third Annual “Bertrand” Award Winner during Java Card Forum’s Autumn Plenary

Luca Di Cosmo is recognised by his peers for his exceptional contribution to Forum’s work

To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF who sadly passed away in February 2019), the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF was keen to showcase the “Bertrand” as a visible recognition of the continued drive and dedication still shown by its Members, more than 24 years since its inception.

Each year the Business and Technical Committee Chairs nominate up to four Members who have made a significant contribution to the Forum and voting is then open to each individual JCF participant. This year’s nominees were Luca Di Cosmo (Technical Committee) from ST, Alexandre Frey (Technical Com-mittee) from NXP, Werner Ness (Business Committee) from G+D and Michele Scarlatella (Business Committee) from ST – all strong candidates for the Award. Although the Autumn Plenary was held virtually, Members were present online to congratulate Luca Di Cosmo on his win and Ettore Toscano, ST’s Business Committee representative, presented Luca with the Award in person.

Luca Di Cosmo (right) receiving the Award from Ettore Toscano (left)

“Luca is a well-deserved winner,” said Jean-Daniel Aussel, President of the JCF. “Luca is a long-standing contributor to the Java Card Forum’s Technical Committee, demonstrating extensive industry experience and specification knowledge. Thanks to his background, dedication, and common-sense approach to feasibility, the discussions within the Technical Committee are both lively and fruitful. We are delighted to finally have the opportunity to thank him more formally for all of his hard work and dedication.”

“I’m surprised and delighted to win this Award,” declared Luca Di Cosmo. “I’ve been part of the JCF for over 15 years, which has helped to strengthen my knowledge and expertise in the field of Java Card technology and has allowed me to actively contribute to the evolution of the specification. It’s wonderful to know that the effort I’ve put into the JCF has been recognised in this way and I feel honoured that JCF colleagues have voted for me.”


Scalability, integration & interoperability: why STMicroelectronics uses Java Card technology to deploy secure solutions

Many market segments are witnessing growing security concerns and challenges associated with the design of effective, application-specific security, while still ensuring fast time to market.

A flexible, efficient, and secure platform, Java Card is a pervasive technology that can address multiple use cases on a single device, help device makers reach the highest security levels, and simplify security certifications. It offers a framework that hosts and manages already-approved components and third-party applets at any time in the product lifecycle.

As it is instrumental to meet customer security needs, the majority of ST’s secure microcontrollers STSECURE are based on Java Card and cover a wide range of applications, from mobile, banking, identification and transport, to secure solutions for M2M, automotive applications and connected devices. ST’s Java Card-based solutions are highly appreciated and often preferred by customers, standardization bodies and de facto standard committees.

Java Card is at the heart of many embedded architectures, allowing ST customers to overcome the challenges of deploying secure applications and fostering the deployment of secure solutions around the world.

Find out more about STSECURE


Former JCF President is recognised with a “Bertrand” Award

Volker Gerstenberger is recognised in 2020 by his peers for his exceptional contribution to Forum’s work

Picture: Volker Gerstenberger (left) receiving his “Bertrand” Award from Werner Ness (right)

Munich, 21st June 2021 – To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF), who sadly passed away in February 2019, the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF was keen to showcase the “Bertrand” as a visible recognition of the continued drive and dedication still shown by its Members, more than 20 years since its inception.

The “Bertrand” has become a much-anticipated activity in the Forum’s calendar and in 2020, only 1 nominee was put forward; Volker Gerstenberger, the former JCF Business Committee Chairman and President who left his role in March of that year. Due to COVID-19 restrictions, we have been unable to present the Award in person before now, so we are delighted that Werner Ness (G+D Mobile Security Business Committee Member of the JCF) could finally hand over the “Bertrand” in Munich today.

Each year the Business and Technical Committee Chairs nominate a maximum of 4 Members who have made a significant contribution to the Forum and voting is then open to each individual JCF participant. Nominees must demonstrate one or more of the following attributes:
• A major contribution to the current Java Card specification
(e.g. use case proposal(s), solution(s) for identified issue(s))
• A significant contribution to future Java Card specifications
(e.g. use case proposal(s), potential new feature(s), solution(s) for identified issue(s))
• A major contribution to the advancement of the usage of Java Card technology, either within traditional or new markets
The Winner is then announced at each Autumn Plenary meeting.

“Volker is a well-deserved winner,” said Jean-Daniel Aussel, current Business Committee Chairman and President of the JCF. “He played a pivotal role in motivating the Forum over the last few years; from the successful finalisation of the Java Card 3.1 specification recommendations to producing key marketing deliverables, so we felt he was the natural candidate to nominate. We are delighted to finally have the opportunity to thank him more formally for all of his hard work and dedication.”

“I’m surprised and delighted to win this Award,” declared Volker Gerstenberger, “and feel honoured that my colleagues nominated and voted for me. It’s wonderful to know that my time spent in the Forum is still appreciated by my peers to this day.”


Why IDEMIA are using Java Card technology for their Digital Car Key solution

Smartphones have become the central object of people’s daily lives. Rare are those who forget them, even for short errands. Therefore, it makes sense for smartphone manufacturers and carmakers to work together to gradually replace car keys.

Smartphones will be at the center of the progress towards hands-free car access and ignition. Thanks to their communication abilities, Bluetooth, NFC, integration of UWB (Ultra Wide Band for precise location) technology, and their capability to secure exchanges, smartphones appear to be the easiest and safest solution.

These Digital Car Keys are highly secure. They cannot be duplicated since they are unique to each user and connect wirelessly to the car through integrated sensors. They can also be secured by exchanging authentication certificates over the network. In case of theft or loss, the key function or the smartphone itself can be remotely deactivated.

The application part of the Digital Car Key solution running on the Smart Card (UICC) in the mobile phone has been implemented in Java Card technology, as Java Card is providing the interoperability to easily load this applet onto UICCs from different manufacturers. The UICCs in mobile phones will come from different UICC suppliers and thus Java Card was the platform of choice to avoid the need for developing device specific applets. This way, the car manufacturer can rely on the fact that his applet will run on any mobile device.

Find out more:

Background to Digital Car Keys: https://www.idemia.com/key-unlock-and-start-your-car-bit-backstory-about-car-keys

Digital Car Key solutions: https://www.idemia.com/digital-car-keys


PRESIDENT’S PERSPECTIVE SPRING 2021

JCF addresses future security challenges at its virtual Plenary meeting

The JCF held its first 2021 Plenary Meeting from March 16th to 18th, 2021. The focus of this plenary meeting was mostly around discussing potential new features for the future releases of Java Card, to meet the security demands of emerging technologies and markets. 

Java Card has been deployed for over twenty years on billions of secure devices in its traditional segments; telecommunication, payment, identity and access control. The unique security features of Java Card make it a platform of choice for new use cases, such as Internet of Things devices and gateways, machine-to-machine communication and wearable devices. At the same time, Java Card is also facing technological platform changes, such as the evolution of the form factor from smart cards to embedded secure elements, and now to complete integration in the System-on-Chip, or the support of cryptographic agility to adapt to security threats such as quantum computing.

The research and standardization on post-quantum cryptography are quickly progressing, and a variety of quantum-safe algorithms are being assessed worldwide. Although it is probably too early to guess which will be the selected quantum-safe algorithms, Java Card will surely have to support a variety of new algorithms, as well as support cryptographic agility to adapt dynamically to security threats or new algorithms.

Massive IoT, with billions of connected IoT devices, is a major use case of 5G, which is starting to be deployed globally. Security is key to massive IoT, to ensure only authorized devices are connected to the network, but also to ensure the privacy and integrity of the data transmitted by those IoT devices. The support of efficient low-power consumption algorithms and protocols are an important feature that Java Card will have to provide for IoT devices, as well as the support of energy saving features such as suspend and resume. Some of these devices will indeed have to operate on battery power for very long periods of time.

Wearable devices, such as smart watches, is a growing segment where Java Card can provide secure features such as payment, connectivity or access control, and here again efficient power consumption is required.

Memory optimization of the Java Card platform was heavily discussed, in particular to better address a wide spectrum of configurations. In low memory configurations, memory optimization can decrease the RAM consumption and hence decrease the bill of material. In large memory configurations, the Java Card platform is integrated in the System-on-Chip and using the memory of the application processor of the SoC.

Finally the Plenary was the occasion to reflect on current technological evolutions, with an extensive review of the current standardization efforts in the security, payment, telecommunications, and identity area. With its unique openness, security, and interoperable features, Java Card is at the heart of major standard initiatives and will be ready to meet their future challenges.

Yours truly,

Jean-Daniel Aussel

President of the Java Card Forum


Why G+D uses Java Card technology in their StarSign Key Fob; a unique biometric access device

Enterprises and employees alike find passwords and PINs to access corporate facilities or assets cumbersome, whilst being increasingly worried about its security. Authentication with passwords are a big problem, as many people use less than 5 passwords for all accounts, or use simple passwords because they are easier to remember, or write their passwords down on paper.

FIDO Alliance defined ways for overcome these problems of password authentication and other restrictions. The free and open standard, addresses many authentication use cases e.g. using security keys, multi factors, fingerprints, facial recognition, etc. and allows a simpler and stronger authentication with public key cryptography. No information fishing, no stored secrets on the server-side, no third party protocols are necessary, and the key material and biometrics are stored on the device only. The presented StarSign KeyFob Token by Giesecke+Devrient (one of the JCF Members) combines FIDO’s authentication with a personal fingerprint identification in a single device, as a convenient and secure two-factor authenticator. 

The heart of the battery powered key fob is the Java Card Sm@rt Café Expert, as Java Card technology is predestined to support all the different applications and enables the required features, e.g. the personal identification of the holder. 

The Java Card securely stores numerous independent applications relying on the integrated access control. All these applications can be loaded on the platform by using secure GlobalPlatform means, even in the field with DSEM/SCP11c. The Java Card API and its services are used by new and existing applications and specific Java Card mechanisms e.g. “shared interfaces” allows the applet services. Java Card also supports different transmission interfaces and for example the biometric services are helpful for such a personal device.

The StarSign KeyFob implements, besides others, the FIDO application and includes a state-of-the art alternative for a convenient and secure two-factor authentication, by using a single device and fingerprint identification – all in the coin-like dimensions of a key fob.

The StarSign Key Fob is the industry’s unique biometric token that supports both logical and physical access control securely and seamlessly, by supporting a wide range of communication channels including NFC, USB and Bluetooth Low Energy. It not only authenticates users while accessing desktop PCs, notebooks, workstations, tablet PCs, smartphones or IoT devices, but also authorizes physical access to buildings, departments or offices. With this, the StarSign KeyFob covers many essential use cases in enterprise environments.

Find out more:

Product website: https://mobile-security.gi-de.com/key-fob

Product Info Sheet: https://f.hubspotusercontent00.net/hubfs/3068656/Product%20Info%20StarSign%20Key%20Fob.pdf

Product Video: https://www.youtube.com/watch?v=0K8_R3pibrk