Java Card Forum





What is the Java Card Forum (JCF)?
The Java Card Form is a collaboration of companies from the smart card, secure operating system, and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards and secure devices.
Back to top

How is the Java Card Forum organized?
The Java Card Forum is comprised of a technical and business committee and meets as a whole group every 6 months in a different location, hosted on a rotational basis by a JCF member. On average 20 people attend over 2 days with specific work tasks. Much work is carried out between meetings (with face-to-face meetings and conference calls) to solve specific technical or business requirements and the half yearly Plenary meetings act to fine tune direction and ensure that the industry and Oracle are in alignment with customer and market requirements.
Back to top

Who are the members of the Java Card Forum?
The members of the Java Card Forum are:

Partner of the Java Card Forum:

Back to top

How do I join?
Participation in the Java Card Forum is open to companies and organizations with an interest in setting the future direction of Java Card technology. The JCF is not a developer’s Forum and developers are encouraged to join Oracle’s online community where they can access documentation, share views and ask for assistance.

Membership of the Java Card Forum may be accorded by the Members to any company that:

  • Endorses Java Card,
  • Commits to using Java Card in its products,
  • Commits to promoting Java Card as its favored solution for dynamic multiple application schemes,
  • Supplies products which embed (or will embed) Java Card API,
  • Has licensed Java Card technology from Oracle,
  • Applies for membership, and
  • Agrees to be bound by the by-laws of the group, including commitments to participate in/support the work of the Java Card Forum.

Companies interested in joining the Java Card Forum should contact us.
Back to top

Does the JCF interact with other industry associations?
A smartcard is a complex environment involving different technologies besides the Java Card core. For this reason the Java Card Forum has to ensure coordination with organizations such as ISO, GlobalPlatform, ETSI or SIMalliance.

Back to top


What is  Java Card technology and why should I use it?
Java Card technology preserves many of the benefits of the Java programming language – productivity, security, robustness, tools, and portability – while enabling Java technology for use on smart cards. The Virtual Machine (VM), the language definition, and the core packages have been made more compact and succinct to bring Java technology to the resource – constrained environment of smart cards.

Java Card technology also includes specific smart card features, such as user authentication classes to manage PINs and passwords, as well as specific application isolation features, known as the firewall, that allow applications from several providers to cohabit securely on the same card.

To understand more about the uses of Java Card versus native platforms download our whitepaper. 
Back to top

What is a smart card?
A smart card is identical in size to a typical credit card and is tamper resistant. A smart card embeds a secure microcontroller that can store and process information. The most basic cards are memory cards, which store data locally, but do not contain a CPU for performing computations on that data. Higher-end microprocessor cards include a CPU for performing computations on locally stored data. A Java Card Runtime Environment can in particular run on a microprocessor card.

The secure microcontrollers used in microprocessor cards typically include CPU, a few kilobytes of RAM, as well as some persistent memory, EEPROM of Flash, which is used to store code and data. Most smart card microcontrollers also include cryptographic accelerators, as well as a number of security detectors and other countermeasures, in order to provide adequate tamper-resistance guarantees.
Back to top

What is the Java Card API?
The Application Programming Interface (API) for the Java Card technology defines the calling conventions by which an applet accesses the Java Card Runtime Environment and native services. The Java Card API allows applications written for one Java Card-enabled platform to run on any other Java Card-enabled platform.

The Java Card API is compatible with formal international standards, such as ISO7816, and industry-specific standards, such as EMVCo’s EMV standards for payment, and ESI/3GPP standards for UICC/SIM cards.
Back to top

What are the application fields of Java Card Technology?
Over 50% of the issued Java Card technology is in the mobile telecommunications sector, connecting and securing both 2G and increasingly 3G networks with (U)SIM cards. Double digit growth rates continue in this sector and increasingly payment, ID and content protection applications are being added to the (U)SIM. The Java Card platform can also be widely found in the growing NFC sphere (such as transport, loyalty and payment), as well as the developing arena of M2M and Internet of Things.
Back to top

What is the difference between the Java Card Classic Edition and the Java Card Connected Edition?
Since Java Card 3.0, there are two distinct editions of the Java Card specifications: Classic and Connected..

The Classic Edition of the Java Card specification is a direct successor to the Java Card 2.2.2 specification. It targets smart cards as deployed today on all vertical markets, based on ISO7816 and ISO14443 communication..

The Connected Edition of the Java Card specification is a technological breakthrough, in which Java Card has been extended to support a Web application model, with servlets running on the card, and TCP/IP as basic protocol. In order to support this new application model, the Virtual Machine and Runtime Environment have been upgraded as well, now supporting advanced features like multithreading, hierarchical class loaders, or permissions that are not supported in the simpler Java Card Classic framework. The Connected Edition runs on high-end secure microcontrollers, typically based on a 32-bit processor and supporting a high-speed communication interface like USB.
Back to top

What can I use to develop an applet for the Java Card platform?
Any off-the-shelf development tools for the Java programming language can be used to develop applets for the Java Card platform. Oracle is also providing a developer toolkit for Java Card. In addition, the Netbeans environment includes a Java Card-specific option.
Back to top

What other tools are available for development? Who is producing such tools?
Many of the Java Card platform licensees have created development tools for the Java Card Application Environment. For example, some have simulations of the smart card environment to test and debug the applet written for the Java Card platform.
Back to top

Can contactless cards support the Java Card platform?
The Java Card technology is independent of the type of supporting hardware. The Java Card platform can run on contact and contactless devices. The Java Card platform also runs on secure elements that power the Card Emulation mode in NFC, independently of the form factor (SIM, embedded secure element, or other).
Back to top

Who can contribute to the specifications? 
To date over the last 20 years, the Java Card Forum has worked upon more than 6 iterations of the Java Card API enhancement specifications and associated test and compatibility kits. The group is currently working on enhancements to Java Card 3.0 specification requirements.
Back to top

 Where do I find specifications?
Details about the latest specifications can be found on the Oracle website.
Back to top

What is the role of the JC in the standardization of the Smart Card Technology?

The Java Card specifications are constantly updated to align with specifications developed in other organizations for both horizontal and vertical specifications.
The horizontal or generic standards are the ISO/IEC set of standards for the smart-cards market in general.
The vertical standards for vertical markets are

  • ETSI and 3GPP for the mobile communication market and the deployment of NFC services to mobile phones
  • GlobalPlatform for the secure management of the Java Card Platform and Java Card Applets in the Financial, Government-ID and Telecommunication market
  • EMVco for the development of Payment applications.

Horizontal and vertical alignments are a two way process, either specifications from these organizations are updated to take advantage from latest development of the Java Card Platform, or the Java Card specifications are constantly updated to follow the latest ((e.g. cryptographic) development taking into account specifications and recommendations (e.g. from NIST, BSI, RSA Labs, IETF) .

Back to top

Are the Java Card platform and GlobalPlatform Card Specification related?
The GlobalPlatform consortium has issued a Card Specification that defines a card management framework. This specification complements the Java Card specifications by defining a set of commands that can be used to manage applications on a Java Card product.

The GlobalPlatform Card Specification also defines a Java Card API that allows Java Card developers to further integrate GlobalPlatform support in their applications.

Most Java Card products include at least some support for the GlobalPlatform Card specification. Please refer to GlobalPlatform for more information.
Back to top

What Java Card technology products are available now?
Many Java Card platform licensees have announced product availability. The Java Card technology website includes a list of vendors and their contact information.
Back to top

Is Java Card technology as secure as native smart card technology?
Java Card technology is used in all smart card markets, including the most demanding in terms of security. Oracle has published a Java Card Protection Profile, which has been used by smart card vendors to certify the security of their Java Card products, up to the highest available levels (EAL5+ in many instances, and even EAL7 for one product). To get these certifications, the Java Card products have undergone extensive security testing by government-approved laboratories, which have not been able to identify vulnerabilities in the products they tested.

Compared to native products, Java Card products embed similar core technologies, like cryptography and security countermeasures. Naturally, because Java Card allows the downloading of application code, it faces new threats that do not affect native cards. Of course, these new threats are considered in the Java Card security model, and they are addressed in the Java Card specification, for instance through the definition of the Java Card firewall, and also in the implementation of the Java Card products sold by our licensees.

In addition, because the Java Card specification is openly available, it has fostered an active research community, which has been studying the technology for years, and has contributed to the improvement of the security of Java Card products.

For all these reasons, the Java Card platform is today the most secure smart card platform available, with more security-certified card products than any other smart card framework.

To understand more about the uses of Java Card versus native platforms download our whitepaper.
Back to top

How does the JC Platform contribute to the mobile payment ecosystem?
The Java Card Platform is a solution employing client security, based on a collection of time-tested industry standards – i.e. the well orchestrated combination of Java Card, GlobalPlatform and ISO specifications. This combination has a successful track record of 20+ years experience in the mobile, as well as payment field. Its capability to be certified from a functional and security perspective, makes it the natural, reliable choice for current and future successful mobile payment deployments.
Back to top