Digital cash is increasingly seen as a critical complement to existing forms of money, particularly in the forms of Central Bank Digital Currencies (CBDCs) or as an add-on to established payment schemes.

Unlike account-based digital payments, digital cash replicates essential properties of physical cash: it must be offline-capable, fungible, privacy-preserving, and peer-to-peer transferable.

Meeting these requirements places strong demands on the underlying technology; especially on the wallets that allows user to manage and transact their digital cash. Those wallets can come in many form factors, such as cards, smartphones, or wearable devices.

This is where Java Card technology plays a key enabling role.

Secure hardware for offline trust

As explained above, digital cash must function without continuous online connectivity. In offline scenarios, fraud prevention cannot rely on real-time backend checks; instead, trust must be anchored in tamper-resistant hardware, so-called Secure Elements (SEs).

Java Card has a long history as the execution environment for SEs used in many applications ranging from payments to identity, provided by a variety of stakeholders both from the public and the private sector.
Industry’s substantial experience in using Java Card to protect critical assets positions it as a suitable platform to safeguard digital cash against cloning, manipulation, and unauthorized extraction.

Strong cryptography and PKI integration

Digital cash heavily depends on public key infrastructure (PKI) to authenticate issuers, wallets, intermediaries, and merchants. Java Card provides standardized cryptographic APIs and key management mechanisms that fit neatly with this architecture. This allows system operators to preserve the integrity of digital cash across its lifecycle: secure issuance, storage, transfer, and redemption.

Lifecycle control and wallet integrity

But not only the digital cash follows a lifecycle, the wallets do too. For example, user onboarding may be delegated to multiple payment service providers, as reflected in emerging standards like ISO 13133. Java Card’s application model supports secure state transitions and policy enforcement within the SE, helping issuers maintain confidence in wallet integrity even in long-lived offline scenarios.

Privacy by design

Like physical cash, digital cash must respect users’ privacy, while still allowing issuers to remain the ultimate authority. Java Card enables this balance by allowing sensitive credentials and cryptographic operations to remain confined within certified hardware, reducing data exposure and supporting privacy-respecting designs without sacrificing security.

Future readiness

Digital cash systems should stay resilient against the backdrop of cryptographic transitions (PQC) and evolving regulatory requirements. Java Card’s modular, standards-based architecture allows wallets and tokens to evolve independently of hardware, supporting updates and extensions without requiring a complete redesign of secure devices.

In summary, digital cash demands the same level of trust, durability, and security historically associated with physical cash. Java Card provides a proven, standardized, and future-ready platform that enables secure offline operation, strong cryptographic protection, controlled lifecycles, and preservation of privacy, making it a natural foundation for digital cash implementations.

You can find out more about Giesecke+Devrient’s solutions in this area here.

Written by Dr. Lars Hupel
Chief Evangelist, Central Bank Digital Currencies
Giesecke+Devrient