Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


Java Card is platform of choice for first M2M eSIM certification under GSMA’s Security Assurance scheme

STMicroelectronics has the first machine to machine (M2M) eSIM certified by the GSMA’s Security Assurance scheme.

STMicroelectronics used SGS Brightside in Delft, the Netherlands, to test its ST4SIM-201v1.0.8, with the tests ratified by GSMA’s appointed Certification Body, TrustCB, also in the Netherlands.

The certification scheme by the GSM Association ensures that new eSIM products are resilient against a range of high-level attack threats and is designed to speed up the security certification process, overcome complexities, and reduce time to market for eSIM products.

The GSMA is currently seeking tenders for the provision of eSA Scheme Certification Body services.

M2M and IoT roll outs are moving to remotely configured eSIMs and integrated iSIM devices to simplify the roll out of hundreds of thousands of devices without having to individually provision separate SIM cards. However ensuring that the technology is rugged and secure is vital.

The ST4SIM-201S eSIM (above) is designed for all IoT devices and can remotely manage different MNO profiles while ensuring the appropriate security level.

The device is based on the ST33G1M2 with a tamper-resistant secure element certified by Common Criteria EAL5+, with a 32bit ARM SecurCore SC300 core. It supports a secure and interoperable Java Card environment compliant with Java Card v3.0.5 classic and integrates a dynamic memory management with Java Card garbage collection mechanism optimizing the usage of the memory.

The GSMA certification scheme requires manufacturers to prove a benchmark level of security resilience across product processes. It does this by combining high-security quality with a pragmatic evaluation implementation approach adapted for the mobile market. The processes are in line with industry and ISO requirements and reflect the highest Common Criteria security standards recognised in Europe.

“The GSMA is committed to promoting security across the entire mobile ecosystem to ensure the benefits of mobile connectivity can be enjoyed safely by all. In addition to guaranteeing the highest security – eSA ensures that eSIM products have the same level of security resilience required for chips embedded in passports – we are delighted that our processes enable faster time to market for manufacturers,” said the GSMA’s Chief Technology Officer, Alex Sinclair.

“This is a critical milestone for STMicroelectronics, and we thank the GSMA for maintaining the highest security levels for the product and their efforts to support reduced time-to-market with quick and efficient eSIM certification,” commented Laurent Degauque, Marketing Director at STMicroelectronics.

“SGS Brightsight is pleased to implement the GSMA assurance framework to maintain high security quality using a pragmatic and efficient evaluation approach. The programme ensures we focus on the topics that are fundamental to promoting a ‘security-first’ culture across the entire telecommunication and network industry,” said Adjay Gopie, Director Business Development at SGS Brightsight.

“TrustCB is delighted to issue this first eSA certification. From the very start, the eSA scheme has proved its ability to provide a high-assurance certification in a predictably short timeframe alongside experienced labs. Congratulations to ST for their certified ST4SIM-201v1.0.8 and thanks to SGS Brightsight,” said Wouter Siegers, CEO at TrustCB.

Press Release from eeNews Europe (20/7/22)