Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Java Card brings flexibility to Infineon’s new SECORA™ ID Key S USB secured authentication solution

Java Card Forum member Infineon has launched SECORA™ ID Key S USB, a new Java Card-based security solution designed to support passwordless authentication, digital signatures and PKI applications. The solution combines USB and NFC connectivity with preloaded applets for FIDO authentication, qualified digital signatures and PKI functions. At its core is an open Java Card environment, compliant with Java Card 3.1 and GlobalPlatform 2.3.1, which allows organisations to develop, migrate and deploy their own applets alongside the existing functionality.

This application flexibility enables the same secured hardware platform to be extended beyond authentication and digital signatures, to address use cases including physical access, cold wallets and software rights management. Java Card also helps simplify the development and deployment of these additional services. Infineon provides a Java Card development environment and configuration tools enabling customers to create custom applets and personalise the onboard operating system. The launch demonstrates how Java Card continues to provide a secured, interoperable and adaptable foundation for identity and authentication solutions – allowing new services to be introduced without requiring a completely new hardware platform.

Engineering samples are available now, with volume production expected to begin in September 2026.

Read the full Infineon announcement: https://www.infineon.com/technology-news/2026/ifxtn202607-119

Learn more: www.infineon.com/secora-id-key


Why Java Card Is the Logical Choice for SECORA™️ Pay M from Infineon

SECORA Pay M, FIDO, and the Role of Java Card

The new SECORA Pay M platform from Infineon brings together two high-security domains that traditionally lived on separate hardware: EMV-grade payment and FIDO-based authentication. By enabling both functions on a single secure element, SECORA Pay M targets devices such as payment cards and wearables that require seamless “tap-to-pay” and “tap-to-authenticate” behaviour.

To make this convergence practical, Infineon built SECORA Pay M on Java Card 3.1, and there are clear technical reasons why:

1. Multi-application secured co-existence— essential for EMV payment + FIDO on one chip

EMV payment applet and a FIDO authenticator (for passwordless login) have distinctly different threat models and certification paths. Java Card provides strict application sandboxing, ensuring that the FIDO applet cannot access or infer anything about the payment keys, and vice-versa. This isolation is fundamental when combining two high-value credential domains.

2. Standards-aligned platform for FIDO

FIDO authentication relies on modern cryptographic primitives, secure key storage, attestation, and anti-phishing protections. Java Card provides standardized crypto APIs and lifecycle management consistent with GlobalPlatform, making it easier to implement a certified FIDO authenticator while reusing proven secure-element infrastructure.

3. Future-proofing across rapidly evolving authentication standards

FIDO specifications evolve quickly, and authentication requirements (e.g., passkeys, enterprise attestation, hybrid credentials) continue to expand. Java Card’s applet-based modularity allows updates or new authentication functions without redesigning the secure hardware. This gives SECORA Pay M a longer, more flexible lifecycle.

4. Faster certification and deployment for customers

Payment schemes, banks, and authentication providers all rely on well-established certification frameworks. Because Java Card is a long-standing standard in smart cards, much of the security architecture is already audit-proven. This reduces time-to-market for SECORA Pay M deployments that must satisfy both EMVpayment and FIDO requirements.

In short: SECORA Pay M combines contactless EMV payments and modern “tap-to-authenticate” / passwordless login  in a single secure element, and Java Card is the enabling layer – providing isolation, cryptographic consistency, standardization, and an upgrade path that makes this dual-function design both secure and scalable.

More details can be found here on the Infineon site.


Java Card – A Foundation for the Future

As part of the 25 Year Anniversary celebrations, the JCF has produced an Infographic to demonstrate the unique benefits of the Java Card platform in providing secure solutions across converging industry segments.

To view the Infographic as a PDF, please click here.