Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

As part of the Java Card Forum’s 25 year Anniversary celebrations, we have been talking to leading standards organisations to highlight the importance of industry collaboration over the years.
In this interview, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance (TCA) explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.

What is the role of Java Card in Telecoms and how has it evolved over the last 25 years?

Java Card is a key pillar of the Telecoms industry; it’s a key technology for our Secure Element ecosystem. And why is it like this? Because it’s providing the capabilities our ecosystem actually needs.

First of all, it’s providing flexibility, but of course it also provides one of the main features and capabilities, which is interoperability. And due to this, many of the demands that the ecosystem has, can be answered.

The other aspect of evolution, is of course in regards to its market share – you may know that the TCA, formerly the SIMalliance, is tracking its Members’ market data and we started doing this almost 20 years ago (not quite 25 years!). We already started tracking the market share of Java Card in 2004 and back then, I think it’s not a secret if I disclose that we had a market share which was significant, but not yet reaching the level of native operating systems – we had something like 40%. Since then, the market share of Java Card and its adoption in the field steadily grew year on year and we see that this is going to grow even further in the future. So, with new exciting technologies, such as the eSIM, we see that, as far as I am aware, all the eSIMs that are commercially deployed out there in the field are all based on Java Card technology.

It has evolved significantly, because it’s adapting its requirements and capabilities to the needs of our ecosystems very well.

How have the TCA and JCF collaborated?

This started many years ago. The way that the TCA organises its work is by establishing Working Groups. And one of the first working groups that the TCA established was dealing with interoperability – a Working Group that is still alive today. Java Card was a brand new technology in the early days and even though it was claiming to be interoperable from the beginning, different vendors actually interpreted the specification slightly differently and also some of the capabilities and features requested by the customers of those same vendors, were not yet available in the Java Card specification, so proprietary extensions were implemented and that’s what was always causing problems when it comes to the interoperability. As we have key members of the TCA who are also key members of the JCF, we established some sort of “exchange”, so that findings of the TCA were then reported back into the JCF and could be brought into the specifications of Java Card, thus enhancing interoperability and also enhancing the feature set.

What benefits did this collaboration bring?

It improved interoperability – it brought benefits in particular to the whole SIM ecosystem I would say.
Maybe for the network operators it brought the benefit that they had one type of application, so it brought interoperability on the applet level in particular. The idea was to develop an applet once and to run it on all the different platforms of the various SIM vendors and that improved the network operators’ time to market, introducing new services on different SIM vendors’ platforms, because they just had to take the existing applet and put it onto the new SIM and deploy.

For the SIM vendors themselves, it also reduced their efforts, because they just had to develop their application once, and to run it, or even licence it to other SIM vendors, thus also creating additional revenue potential. So, it brought many benefits, in particular, increasing the interoperability of technical implementations.

How does the TCA see Java Card changing in line with the evolving IoT landscape?

The Internet of Things is actually very fragmented, so everyone is understanding something different by this term. You have a wide area of use cases and a wide area of different types of devices. But what they have in common, is that most of those devices need to be connected – so they have a need for connectivity again. And we think that this connectivity should be trusted. In the IoT you don’t currently have security experts, certainly not in the early days at least; they think – let’s connect a device and talk about security later. We think we have to make sure this is done at the very beginning. The technology that we are offering, with SIM technology, eSIM technology and also integrated SIM technology, provides a foundation for first of all enabling trusted connectivity, and of course also for putting additional applications on top of those platforms, that are increasing the security level of the IoT in general. So we think that with Java Card, we can inherit the benefits we have from the traditional SIM and take it and transfer it over into the IoT. And just to add on top of that, of course we also think that eSIM technology, which is based on Java Card these days, is also enabling the IoT to be trusted and more secure. There is also a lot that Java Card can bring with regards to Low Power, to Memory Sizes and so on…there are many features that Java Card is implementing already, that we can leverage off very well, so I think the future is bright for Java Card in IoT and I am very much looking forward to the continued collaboration between the 2 associations on this topic as well.

You can see this interview in video format here.


Java Card is platform of choice for first M2M eSIM certification under GSMA’s Security Assurance scheme

STMicroelectronics has the first machine to machine (M2M) eSIM certified by the GSMA’s Security Assurance scheme.

STMicroelectronics used SGS Brightside in Delft, the Netherlands, to test its ST4SIM-201v1.0.8, with the tests ratified by GSMA’s appointed Certification Body, TrustCB, also in the Netherlands.

The certification scheme by the GSM Association ensures that new eSIM products are resilient against a range of high-level attack threats and is designed to speed up the security certification process, overcome complexities, and reduce time to market for eSIM products.

The GSMA is currently seeking tenders for the provision of eSA Scheme Certification Body services.

M2M and IoT roll outs are moving to remotely configured eSIMs and integrated iSIM devices to simplify the roll out of hundreds of thousands of devices without having to individually provision separate SIM cards. However ensuring that the technology is rugged and secure is vital.

The ST4SIM-201S eSIM (above) is designed for all IoT devices and can remotely manage different MNO profiles while ensuring the appropriate security level.

The device is based on the ST33G1M2 with a tamper-resistant secure element certified by Common Criteria EAL5+, with a 32bit ARM SecurCore SC300 core. It supports a secure and interoperable Java Card environment compliant with Java Card v3.0.5 classic and integrates a dynamic memory management with Java Card garbage collection mechanism optimizing the usage of the memory.

The GSMA certification scheme requires manufacturers to prove a benchmark level of security resilience across product processes. It does this by combining high-security quality with a pragmatic evaluation implementation approach adapted for the mobile market. The processes are in line with industry and ISO requirements and reflect the highest Common Criteria security standards recognised in Europe.

“The GSMA is committed to promoting security across the entire mobile ecosystem to ensure the benefits of mobile connectivity can be enjoyed safely by all. In addition to guaranteeing the highest security – eSA ensures that eSIM products have the same level of security resilience required for chips embedded in passports – we are delighted that our processes enable faster time to market for manufacturers,” said the GSMA’s Chief Technology Officer, Alex Sinclair.

“This is a critical milestone for STMicroelectronics, and we thank the GSMA for maintaining the highest security levels for the product and their efforts to support reduced time-to-market with quick and efficient eSIM certification,” commented Laurent Degauque, Marketing Director at STMicroelectronics.

“SGS Brightsight is pleased to implement the GSMA assurance framework to maintain high security quality using a pragmatic and efficient evaluation approach. The programme ensures we focus on the topics that are fundamental to promoting a ‘security-first’ culture across the entire telecommunication and network industry,” said Adjay Gopie, Director Business Development at SGS Brightsight.

“TrustCB is delighted to issue this first eSA certification. From the very start, the eSA scheme has proved its ability to provide a high-assurance certification in a predictably short timeframe alongside experienced labs. Congratulations to ST for their certified ST4SIM-201v1.0.8 and thanks to SGS Brightsight,” said Wouter Siegers, CEO at TrustCB.

Press Release from eeNews Europe (20/7/22)


Trusted Connectivity Alliance celebrates collaboration with Java Card Forum

In the third interview of the 25th Anniversary series, Claus Dietze, Chair of the Board, Trusted Connectivity Alliance explains the importance of Java Card technology in the Telecoms industry, how the 2 organisations have successfully collaborated over the years and why Java Card should be the platform of choice for IoT solutions.


JCF President shares his insights into the success of Java Card over the last 25 years & plans for the future

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Why do you think Java Card has been so successful?

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance.  Moreover, Java Card offered a strong, secure environment for applications, and Java Card was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a billion smart cards per year. 

There are several major benefits of Java Card:

  • Application interoperability, with one single solution in terms of coding, testing, certification and executing on different vendor platforms 
  • Hardware independence, with the ability to support any type of secure element, such as removable smart cards, embedded secure elements or integrated, so that vendors can reuse the sample Java Card platform for different markets and products 
  • Market segment independence, as the same Java Card platform can be deployed to host payment, identity, telecommunications or IoT applications
  • Perfect fit for secure element requirements, in terms of security, footprint, or performance
    • Recognition and very close alignment with the technology evolution and standardisation in various major standard organisations referencing Java Card
    • A high degree of backward compatibility of the specifications – continuity of product portfolios

How was the Java Card Forum instrumental for the success of Java Card?

Early on, the pioneers of Java Card realised that this technology was a major shift that required standardisation to ensure interoperability. They decided to join efforts within a newly created Java Card Forum and provide recommendations to the owner of the Java language – at that time Sun – for the maintenance and evolution of the Java Card technology. 

The Java Card Forum is the key place and indispensable environment where Java Card technology is defined and developed, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology). 

The Java Card Forum is an open Forum where recommendations are discussed to influence the future features of Java Card and shape the evolution of Java Card, making it the major platform for smart cards.

What is the outlook of Java Card from a Java Card Forum perspective?  

We see some evolution on two major levels, due to the increasing demand for security solutions. 

Some traditional applications, such as the SIM cards, payment cards or identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

Moreover, we see new applications that can benefit from Java Card’s unique features, for example, Internet-of-Things devices or gateways, which are bound to rise exponentially with 5G and massive IoT. Here again, efficient power management, communication with external sensors, as well as lightweight cryptographic or communication protocols with the cloud, is key.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

If companies are interested in joining the Java Card Forum, how would they go about it?

The Java Card Forum is an open Forum and there is only one condition – that you have to be an Oracle licencee. Then you can apply for membership and help shape the future of Java Card. We look forward to welcoming you. [Find out more about membership here.]

You can see this interview in video format below:


Java Card Forum celebrates its 25th Anniversary and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

In the interview below, Jean-Daniel Aussel, President of the Java Card Forum, explains how far the technology has come over the last 25 years and what new challenges the Forum faces with emerging markets such as 5G and IoT.