Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Category Archives: Use Cases


by

Why Java Card Is a Natural Foundation for Secure Digital Cash

Digital cash is increasingly seen as a critical complement to existing forms of money, particularly in the forms of Central Bank Digital Currencies (CBDCs) or as an add-on to established payment schemes.

Unlike account-based digital payments, digital cash replicates essential properties of physical cash: it must be offline-capable, fungible, privacy-preserving, and peer-to-peer transferable.

Meeting these requirements places strong demands on the underlying technology; especially on the wallets that allows user to manage and transact their digital cash. Those wallets can come in many form factors, such as cards, smartphones, or wearable devices.

This is where Java Card technology plays a key enabling role.


Secure hardware for offline trust

As explained above, digital cash must function without continuous online connectivity. In offline scenarios, fraud prevention cannot rely on real-time backend checks; instead, trust must be anchored in tamper-resistant hardware, so-called Secure Elements (SEs).

Java Card has a long history as the execution environment for SEs used in many applications ranging from payments to identity, provided by a variety of stakeholders both from the public and the private sector.
Industry’s substantial experience in using Java Card to protect critical assets positions it as a suitable platform to safeguard digital cash against cloning, manipulation, and unauthorized extraction.

Strong cryptography and PKI integration

Digital cash heavily depends on public key infrastructure (PKI) to authenticate issuers, wallets, intermediaries, and merchants. Java Card provides standardized cryptographic APIs and key management mechanisms that fit neatly with this architecture. This allows system operators to preserve the integrity of digital cash across its lifecycle: secure issuance, storage, transfer, and redemption.

Lifecycle control and wallet integrity

But not only the digital cash follows a lifecycle, the wallets do too. For example, user onboarding may be delegated to multiple payment service providers, as reflected in emerging standards like ISO 13133. Java Card’s application model supports secure state transitions and policy enforcement within the SE, helping issuers maintain confidence in wallet integrity even in long-lived offline scenarios.

Privacy by design

Like physical cash, digital cash must respect users’ privacy, while still allowing issuers to remain the ultimate authority. Java Card enables this balance by allowing sensitive credentials and cryptographic operations to remain confined within certified hardware, reducing data exposure and supporting privacy-respecting designs without sacrificing security.

Future readiness

Digital cash systems should stay resilient against the backdrop of cryptographic transitions (PQC) and evolving regulatory requirements. Java Card’s modular, standards-based architecture allows wallets and tokens to evolve independently of hardware, supporting updates and extensions without requiring a complete redesign of secure devices.

In summary, digital cash demands the same level of trust, durability, and security historically associated with physical cash. Java Card provides a proven, standardized, and future-ready platform that enables secure offline operation, strong cryptographic protection, controlled lifecycles, and preservation of privacy, making it a natural foundation for digital cash implementations.

You can find out more about Giesecke+Devrient’s solutions in this area here.

Written by Dr. Lars Hupel
Chief Evangelist, Central Bank Digital Currencies
Giesecke+Devrient


by

Why Java Card Is the Logical Choice for SECORA™️ Pay M from Infineon

SECORA Pay M, FIDO, and the Role of Java Card

The new SECORA Pay M platform from Infineon brings together two high-security domains that traditionally lived on separate hardware: EMV-grade payment and FIDO-based authentication. By enabling both functions on a single secure element, SECORA Pay M targets devices such as payment cards and wearables that require seamless “tap-to-pay” and “tap-to-authenticate” behaviour.

To make this convergence practical, Infineon built SECORA Pay M on Java Card 3.1, and there are clear technical reasons why:

1. Multi-application secured co-existence— essential for EMV payment + FIDO on one chip

EMV payment applet and a FIDO authenticator (for passwordless login) have distinctly different threat models and certification paths. Java Card provides strict application sandboxing, ensuring that the FIDO applet cannot access or infer anything about the payment keys, and vice-versa. This isolation is fundamental when combining two high-value credential domains.

2. Standards-aligned platform for FIDO

FIDO authentication relies on modern cryptographic primitives, secure key storage, attestation, and anti-phishing protections. Java Card provides standardized crypto APIs and lifecycle management consistent with GlobalPlatform, making it easier to implement a certified FIDO authenticator while reusing proven secure-element infrastructure.

3. Future-proofing across rapidly evolving authentication standards

FIDO specifications evolve quickly, and authentication requirements (e.g., passkeys, enterprise attestation, hybrid credentials) continue to expand. Java Card’s applet-based modularity allows updates or new authentication functions without redesigning the secure hardware. This gives SECORA Pay M a longer, more flexible lifecycle.

4. Faster certification and deployment for customers

Payment schemes, banks, and authentication providers all rely on well-established certification frameworks. Because Java Card is a long-standing standard in smart cards, much of the security architecture is already audit-proven. This reduces time-to-market for SECORA Pay M deployments that must satisfy both EMVpayment and FIDO requirements.

In short: SECORA Pay M combines contactless EMV payments and modern “tap-to-authenticate” / passwordless login  in a single secure element, and Java Card is the enabling layer – providing isolation, cryptographic consistency, standardization, and an upgrade path that makes this dual-function design both secure and scalable.

More details can be found here on the Infineon site.


by

Why Java Card is used by ST in their next generation payment solution

STMicroelectronics has unveiled STPay-Topaz-2, its next-generation contactless payment card system on chip (SoC). With Java Card providing the engine for critical aspects including multi-application coexistence, payment logic, and security, the new SoC’s arrival is a major advancement for the card industry and consumers. There is more flexibility to support a wider variety of payment brands, while a new auto-tuning feature ensures reader-independent connection quality for an enhanced user experience. In addition, advanced cryptography strengthens security and prepares the platform for upcoming, stronger industry standards.

ST has already supplied more than three billion STPay ready-to-use solutions to the payment market. STPay-Topaz-2 now introduces a specific feature which allows preloading the greatest quantity of payment applets per orderable part number in the market, which simplifies inventory management for card manufacturers. This innovation includes a unique product versioning which embeds the latest and most popular payment applets worldwide, including both VSDC2.8.1g1 and 2.9.2 Visa applets.

“Contactless payment has been a huge hit with consumers and the technology must now move forward as card suppliers strive to meet growing customer demand and more diverse market requirements,” said Bruno Batut, Banking & ID Business Unit Marketing Director, Connected Security Division, STMicroelectronics. “STPay-Topaz-2 can consolidate the largest set of payment apps on one orderable part number to simplify inventory management for card manufacturers, paving the way for further expansion in contactless payment popularity. We’ve also added auto-tuning to ensure the best tap-anywhere user experience and upgraded security ready for future standards including the forthcoming EMVCo C-8 kernel.”

The STPay-Topaz-2 is based on the ST31R480 secure microcontroller (MCU), manufactured in ST’s secure and certified facilities in France. The secure MCU achieved EMVCo certification in November 2024 and recently completed Common Criteria EAL6+ certification.

This STPay solution is ready for the payment industry’s adoption of stronger digital security, ranging from RSA/3DES encryption to advanced encryption standard (AES) and elliptic curve cryptography (ECC): it is designed to comply with the forthcoming EMVCo C 8 kernel. The platform also meets GlobalPlatform and Java Card standards, making it suitable for payments, loyalty programs, and custom applications.

With enhanced wireless performance, STPay-Topaz-2 also simplifies antenna integration for card manufacturers and enables efficient connectivity even with smaller antennas, providing greater design flexibility.

STPay-Topaz-2 samples are available immediately, with production already launched.

For pricing and sample requests, contact your local STMicroelectronics sales office.

Please visit https://www.st.com/en/secure-mcus/banking-id-transport.html for more information or watch this video: https://youtu.be/3FzpA4KIgdY


by

jNet Secure Joins Java Card Forum, Expands Role in Driving Secure Java Card Solutions for Fintech, IoT, and Biometrics

November 13th, 2024—jNet Secure, a leader in Java Card OS and security solutions, is pleased to announce its new membership in the Java Card Forum (JCF), a premier industry association dedicated to advancing Java as the leading technology for smart cards and secure devices. Through this membership, jNet joins global technology leaders in shaping the future of Java Card standards for high-security environments.

In addition to its foundational Java Card OS licensing expertise, jNet Secure has pioneered advanced Fintech, IoT, and Biometric solutions on Java Card technology, now deployed across multiple markets. These innovations empower clients to secure digital transactions, authenticate identities biometrically, and enable safe IoT integrations, all while leveraging Java Card’s secure and scalable framework.

“We are thrilled to join the Java Card Forum and contribute to the evolution of secure, interoperable solutions that protect digital identities and transactions worldwide,” said Mikhail Friedland, CEO at jNet Secure. “Our commitment to innovation in Fintech, IoT, and Biometrics aligns perfectly with JCF’s mission, and we look forward to working together to set new standards in secure digital services.”

“The Java Card Forum is delighted to welcome jNet as a new member.”, declared Jean-Daniel Aussel, President of the Java Card Forum. “jNet has a strong Java Card expertise both in legacy segments, such as payment or identity, or more innovative applications such as crypto wallets. jNet is joining forces with the other leading member organizations collaborating in the Java Card Forum to foster the adoption and to advance the evolution of Java Card-based technology as the base for strong and interoperable digital security.”

As part of the Java Card Forum, jNet Secure will collaborate with other industry leaders to drive advancements in next-generation Java Cards, promoting a more secure and connected digital ecosystem.

For more information about jNet Secure and its solutions, please visit jnet-secure.com.

About jNet Secure
jNet Secure specializes in Java Card OS licensing and advanced security solutions for diverse finance, IoT, and biometrics applications, empowering secure digital experiences across industries.

About Java Card Forum
The Java Card Forum e.V. is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


by

Java Card is platform of choice for STMicroelectronics STeID solutions for trusted e-Identity and e-Government applications

STMicroelectronics has revealed the STeID Java Card smartcard platform that meets state-of-the-art requirements for electronic identity (eID) and eGovernment use cases. As eID documents using secure microcontrollers continue gaining importance in the fight against identity fraud, the STeID platform now accelerates the deployment of advanced solutions. Certified to common criteria EAL 6+, the platform comprises a secure operating system, STeID JC Open OS, and a portfolio of proprietary applets.

The STeID JC Open OS is compliant with the Java Card 3.0.5 card application framework and the Global Platform® 2.3.1 security and card-management architecture. This Open Platform OS provides all the features needed to host important applications such as machine-readable travel documents (eMRTD) compliant with the International Civil Aviation Organization ICAO 9303 standard. It also supports the electronic driving license standard ISO 18013, and eIDAS QSCD for qualified digital-signature creation devices. It will include Match-on-Card support for secure offline biometric authentication.

STeID Java Card incorporates support for Near Field Communication (NFC) specifications thereby providing a secure framework for creation of digital identity on mobile devices. The platform is used in conjunction with secure ICs such as ST’s ST31 microcontrollers, which are based on the dual-core Arm® SecurCore® SC000™ core with additional hardware security features. These low-power devices contain non-volatile memory, support contactless communication, RF-energy harvesting, and biometry, and are available in smartcard industry chip-module form factors and wafer-level chip-scale packages.

ST eID Java Card will be available from www.st.com at the end of June 2024.

For further information please visit https://www.st.com/steid