Java Card Forum


Berlin, 16th January 2019 – The Java Card Forum (JCF) and Oracle proudly announce the release of Java Card 3.1, which is a major milestone platform update, facilitating the development of advanced security services for existing markets and the emerging Internet of Things (IoT) sector. The JCF have been working in close co-operation with Oracle, providing recommendations for the new specification and the release is a testament to this long-standing partnership of over 20 years.

For current Java Card users, the new version offers a developer-focused technology update to existing secure elements and facilitates the deployment and reuse of large applications. Development of the latest version has also focused on the heightened concern about security and trust in the IoT arena (as more machines and devices become connected), providing new functionality to accelerate development of IoT use cases and support for communication over IoT protocols, and secure access to peripherals.

“I strongly believe in the potential of Java Card technology to benefit new fields of deployment – especially in the Internet of Things,” explains Volker Gerstenberger JCF President and Business Committee Chairman. “With the advent of the IoT age we are seeing more and more connected endpoint devices that need to be connected and secured. We see additional new networks (such as Narrow-Band IoT, for example) that have to be protected and the emergence of a variety of completely new and unforeseen services that need to be enabled, from both a user experience perspective and more importantly, from a security perspective.”

Christian Kirchstaetter, head of the Technical Committee agrees: “The Java Card 3.1 specification has a clear objective to address the Internet of Things security challenges. By this I mean new features supporting integration into IoT devices and new types of communication protocols and therefore becoming the new security powerhouse for IoT.”

“Java Card 3.1 is the most significant feature release of Java Card in over 10 years,” adds Florian Tournier, Senior Director for Java and IoT at Oracle. “The close partnership between Java Card Forum and Oracle has delivered a flexible platform that can fulfil the fast-changing security requirements of Internet of Things devices.”

Java Card 3.1 Documentation can be found here.

Oracle, Java Card and Java are registered trademarks of Oracle and/or its affiliates.

Java Card technology – Building the Foundation for End-to-End IoT Security (new Whitepaper)

The Java Card Forum and Oracle have today released a Whitepaper explaining how Java Card technology is ideally placed when it comes to securing the IoT sector.

cover of Whitepaper

Connected devices volumes are expected to increase exponentially in the upcoming years. Analyst data seem to converge and indicate that the number of things connected to the internet should exceed the number of humans by a factor of 8 come 2020.

While this growth brings transformative effects to several industries and to people’s daily lives, it also induces an additional level of system complexity to the infrastructure that will handle device data. IoT systems need to be cognisant of a vast number of device types, interfaces, communication protocols, or device lifecycles.

In parallel, there is a strong imperative to be able to trust the data that gets acquired and acted on by IoT solutions. It is a well-known fact that Big Data is only as good, or as secure, as the small data that it is built on. The effects of corrupted devices or data on systems that make instant, analytics-based decisions can have a severe financial, material and human cost.

As a result, there is an increasing need for solutions that secure the source of data at the edge, creating end- to-end security up to the cloud, and help IoT customers simplify the overall security equation.

Fortunately, there is an extensive body of work already available detailing the security risks associated with Internet of Things systems. This document does not intend to replicate this work. Instead we will focus specifically on the security of IoT devices. We will make an effort to categorise some of the key challenges faced by IoT vendors at the edge of the network. We will also go over hardware or software solutions that can abstract a good portion of the IoT complexity from the customer. We will discuss what new use cases can be brought about by open, secure application platforms such as Java Card technology.

Download the full Whitepaper here.

Want to find out how to secure IoT Edge with Java Card technology?

On March 21st and 22nd, Oracle are running 3 webinars to share how Java Card technology can help in the design of secure IoT systems.

Security at the device edge has become more critical than ever with the maturation of Internet of Things (IoT) infrastructures based on Cloud Services, Business Intelligence, and Big Data Analytics. The risk of processing data from compromised, rogue, or untrusted devices increases exponentially due to the scale of IoT networks and with potentially dire business outcomes. What is your IoT security vulnerability management strategy?

This webinar session on the applications of Java Card technology will review security risks introduced by massively pervasive connected devices for the IoT market. Join this live interactive presentation to:

  • Find out what hardware and software solutions are available today to anchor security at the heart of device architectures
  • Address technology fragmentation and deployment issues
  • Review IoT edge use cases to identify potential risks and requirements at multiple levels

Click here to find out more and register for the Webinar.


Infineon Technologies joins the Java Card Forum

The Java Card Forum welcomes Infineon during its 20th year anniversary

Berlin, 6th November 2017 – The Java Card Forum (JCF) is delighted to announce Infineon Technologies AG as its latest member.

With more than six billion high security controllers sold since 2010, Infineon is a major player in today’s global security industry. Infineon has a long history working with Java Card technology supporting specification enhancements throughout the various releases, right up to the 3.0 version.

“Infineon can bring a wealth of experience to the Java Card Forum particularly in the area of security and a network of partners who are interested in the further development of the platform,” explains Ioannis Kabitoglou, Vice President & General Manager at Infineon. “There is clear trend towards the use of Java Card technology in Smart Card and Security applications in the area of payment and government. Especially multi-application is driving this development: Java Card gives a maximum of flexibility for combining and upgrading various features on a single card,” concludes Kabitoglou.

“We are delighted that Infineon will be a valued member of the JCF,” declares Volker Gerstenberger, President of the JCF. “They have long been champions of the Java Card platform and we welcome their contributions to the continued specification development. It is especially significant that they are joining in 2017, as we celebrate our 20 year anniversary – a real statement that the technology is very much alive and kicking, with new business opportunities and challenges.”

About the JCF

The primary purpose of the Java Card Forum is to promote, as an industry, the development of Java as the preferred platform for interoperable smart cards and other secure devices. The Forum was founded in 1997 and is composed of a Business Committee and Technical Committee, advancing the Java Card specification in cooperation with Oracle. The Java Card platform is now one of the most pervasive technologies in the world.

About Infineon Technologies

Infineon Technologies AG is a world leader in semiconductor solutions that make life easier, safer and greener. Microelectronics from Infineon is the key to a better future. In the 2016 fiscal year (ending September 30), the company reported sales of about Euro 6.5 billion with more than 36,000 employees worldwide. Infineon is listed on the Frankfurt Stock Exchange (ticker symbol: IFX) and in the USA on the over-the-counter market OTCQX International Premier (ticker symbol: IFNNY).

Oracle and Java are registered trademarks of Oracle and/or its affiliates.

Celebrating our 20 Year Anniversary in Munich

Screen Shot 2017-10-18 at 13.11.25

There have been many different posts on the site highlighting our 20 years Anniversary over the last few months, looking at how the JCF and the technology have evolved over the years, but we also felt it was important to celebrate the achievements with the people who made it happen.

Yesterday evening (17th October) we invited past and current members of the Java Card Forum to join together in celebrating the work carried out over the last 20 years; to reminisce about the ‘good times’ and look forward to the next release of the Java Card specification in 2018.

The Celebration Dinner took place in Munich, during one of the bi-annual Plenary sessions, and was held in a typical Bavarian restaurant, ensuring plenty of hearty food, German beer and Lederhosen!

As Volker Gerstenberger, President of the JCF, welcomed old and new members alike to the event, he reminded guests of a few Java Card facts: “Who would have thought back in 1997, that as an industry we would now be producing enough Java Cards per year to supply every man, woman and child on the planet. And that over the years we’ve shipped enough Java Cards to reach to the moon and back nearly 3 times.
With the current work advancing Java Card technology to become the security powerhouse for IoT, I am proud to say the JCF’s contribution remains as relevant today as it was back in the 90s.

Here’s to the next 20 years!

A Toast to Forum members past and present

Members can view more photos here, using the password provided.

Learn more about Securing the IoT Edge with Java Card + 20 years of Security Innovation

Following the JavaOne conference in October this year, we are delighted to be able to share 2 presentations made by Oracle about Java Card technology:

Securing the IoT Edge with Java Card

This presentation looks at security risks introduced by new connected devices and highlights how Java Card solutions can help design secure IoT systems. It covers the following:
• Connected devices, security risks, and requirements
• Secure hardware options addressing IoT edge security challenges: established (TPM/TEE/Secure Element) and emerging solutions (integrated Secure Element)
• Impact of secure hardware introduction on the IoT infrastructure and ecosystem
• Java Card as an abstraction for new secure hardware solutions and driving cross-market adoption
• IoT edge security use cases (secure TLS, device attestation, secure I/O) and Java Card as an enabler of strong IoT security (certification, openness, verticals, …)

Java Card: 20 Years of Security Innovation

Java Card technology, entering its 20th year of existence, is available in billions of secure devices shipped each year. Oracle and Java Card Forum are working on the next iteration of the Java Card specification, bringing significant additions to address new security form factors in mobile and IoT. This session looks back at the history of Java Card adoption and introduces key features of the upcoming Java Card 3.1 release.

To view, go to the following link and click on the download icon: