On 22nd November 2022, the Java Card Forum celebrated its 25th Anniversary during the Autumn Plenary in Bremen. We were delighted that Eduard Karel de Jong, who was part of the orginal Java Card development team, was able to join us and share some of his stories from “the good old days”! It was a very enjoyable evening, topped off with a delicious celbration cake. Congratulations to all of you who have been part of the Java Card Forum over the years, working hard to make it into the most pervasive technology for enabling certified security in end products.
JCF addresses key security challenges at its virtual Plenary meeting
The JCF held its 2nd Annual Plenary Meeting from October 13th to 15th, 2020. This was the opportunity to reflect on the Java Card 3.1 specification released a little less than two years ago and prepare for the new challenges ahead.
As Java Card is more and more deployed for the security of IoT devices, key features have been discussed for this market, such as the improved control of sensors or actuators, more efficient protocols and transports, as well as improved power management features for the power constrained IoT devices. The requirements imposed by the trend for some markets of moving the platform from a dedicated secure element to the system-on-chip, also known as the integrated secure element, were discussed.
The impact of post-quantum cryptography was addressed, in anticipation of the upcoming standards and regulations around the world. Several regional initiatives are progressing fast, such as the NIST PQC standard contest entering the third selection round with a handful of candidates, or the German BSI recently issued recommendations. As Java Card is deployed on billions of secure devices and this trend is most likely to continue, the support of post-quantum cryptography is a key requirement.
Finally, the support of TLS 1.3 was debated, as this new release is gaining fast adoption and the TLS protocol is at the center of end-to-end security in numerous use cases, especially IoT.
The virtual meeting was also the opportunity to reflect on past achievements and recognising outstanding contributors. This year, this is with great pleasure that I have seen the Bertrand Award awarded to Volker Gerstenberger, our past President who contributed to a large extent to so many aspects of the Java Card Forum for the past 20 years.
Once again, the Java Card Forum has proven to be an amazing place to drive the evolution of the Java Card technology: to meet future challenges to remain this open, trusted and interoperable security platform that is Java Card.
President of the Java Card Forum
While device growth brings transformative effects to several industries and to people’s daily lives, it also induces an additional level of system complexity to the infrastructure that will handle device data.
In parallel, there is a strong imperative to be able to trust the data that gets acquired and acted on by IoT solutions. The effects of corrupted devices or data on systems that make instant, analytics-based decisions can have a severe cost. As a result, there is an increasing need for solutions that secure the source of data at the edge, creating end-to-end security up to the cloud and beyond to connected devices.
Recognising this need for scalable security, the GSMA (Global System for Mobile Communications) has recently published a specification to establish end-to-end, chip-to-cloud security for IoT products and services called IoT Safe (IoT SIM Applet For Secure End-End Communication), that establishes the SIM or eSIM as the hardware root of trust.
A secure element running Java Card can play a critical role to ensure trust between the cloud and connected device. It can be leveraged by the device to delegate the provisioning of device identity and to manage the initial on-boarding process. It can further secure the cloud authentication and authorisation process and store the related credentials securely.
Thales (one of the Java Card Forum Members) has implemented the GSMA IoT SAFE specifications, leveraging on field proven and standardized SIM and eSIM security solutions to deliver scalable IoT Security. Find out how they use:
Secure Elements to deliver scalable trust for IoT applications (Infographic)
Secure Elements to address the three key IoT security requirements
Secure Elements to enable mutual authentication between IoT devices and the cloud