Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Java Card enables innovative biometric cards

To further improve the performance and production effectiveness of biometric payment cards, Infineon Technologies AG and its strategic partner Fingerprints™ are developing the all-in-one solution SECORA™ Pay Bio.

This turnkey solution will come with a pre-certified Java Card operating system including Mastercard and Visa bio-applets. It will enable a cost-efficient, scalable production based on state-of-the-art card manufacturing equipment.

SECORA™ Pay Bio will extend Infineon’s well-established SECORA™ Pay turnkey solution family (all based an Java Card technology) to address the fast growing segment of biometric banking cards. SLC39B is Infineon’s advanced system-on-chip (SoC) cryptoprocessor with integrated power source, large memory size and diverse peripherals as well as best-in-class contactless performance. The company’s BCoM is a tailored innovative dual-interface Coil on Module (CoM) for SECORA™ Pay Bio, which integrates Fingerprints’ advanced sensor and Infineon’s upcoming Secure Element into a single package. With the inductive coupling technology, no wire-connection between the card antenna and the module is needed. This allows to significantly improve the robustness and long-term reliability of biometric payment cards. With its innovative concept and enhanced capabilities, SECORA™ Pay Bio will make touchless payments more convenient without the need of  low transaction limits.

Java Card technology as a flexible smart card platform combined with GlobalPlatform card management features ennables fast innovation. With the standardized Java Card API, that separates the application layer from the operating system layer, payment networks can focus on the application design, whereas platform providers innovate at the operating system and chip level. The integration of new interfaces to sensors or libraries to extract and match fingerprint information does not result in a complete re-design of the system, but results in new Java Card APIs that can be used by all players in the industry. All this allows interoperability in the market andwill provide added value for all players in the value chain.

More information is available at Payments-in-Motion.

Java Card Forum celebrates its collaboration with ISO/IEC/JTC1/SC17

As the Java Card Forum celebrates its 25th Anniversary, it acknowledges the collaboration with ISO/IEC/JTC1/SC17 and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance. Moreover, Java Card offered a strong, secure environment for applications, and was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a Billion smart cards per year. Now the number has risen to over 6 Billion per year.

The Java Card Forum and ISO/IEC/JTC1/SC17

SC17 is the committee in ISO/IEC/JTC1 that deals with identification and its related documents (e.g. electronic passports), cards, security devices and tokens, and also standardizes the interfaces associated with their use in inter-industry applications and international interchange. The committee has published over 115 standards which build the base and the backbone for any secure application based on identification. The ISO/IEC 7816 series is, for example, the basis for any smartcard operating system.

Java Card and its specification follows the standards of SC17, that allows their usage in all inter-industry applications. The flexibility of the Java Card operating system allows manufacturers and customers to use one implementation of a compliant smartcard operating system with many independent applications – the implementation of applications is separated from the implementation of the operating system. With this approach, Java Card enhances SC17 standards without contradiction and becomes a major stakeholder for existing and future standards.

Future Opportunities

Some traditional applications, such as identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.

In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.

SC17 and Java Card Forum have had a fruitful, long-lasting partnership and liaison and will continue to inform each other about new developments, features and requirements.

Article by Jean-Daniel Aussel, President of the Java Card Forum and Werner Ness, Business Committee, Java Card Forum

Why STMicroelectronics and G+D Mobile Security have chosen Java Card technology for their In-Vehicle system-on-chip solution for Secure Car Access

STMicroelectronics has announced a new platform to accelerate the introduction of digital car keys giving consumers keyless access to vehicles via their mobile device.

In addition to strengthening security, digital car keys can deliver greater owner conveniences, including customizable usage privileges while continuing to secure the vehicle. Activities such as car sharing, fleet management, and vehicle rental gain benefits such as easier key issuance, usage controls, and access for valeting and servicing.

Based on the most recent ST Automotive grade Secure Element hardware, the global solution, developed in collaboration with Giesecke+Devrient (G+D), supports the latest Car Connectivity Consortium (CCC) Digital Key release 3.0 standard, ensuring the highest security and protection currently available.

Leading automotive brands can now quickly build standards-based, secure car-access solutions that deliver added value for vehicle owners and users,” said Laurent Degauque, Marketing Director, Secure Microcontrollers, STMicroelectronics. “Our solution based on automotive Grade embedded secure element ensures state-of-the-art protection to lead widespread market adoption of digital keys for connected cars.”

“As a long-standing partner in security and connectivity for the automotive sector, G+D contributes a wealth of experience in the field of access control for cars”, says Mario Feuerer, Global Vice President Product Management Connectivity at G+D.“Our G+D Digital Key® application, based on the new ST chip platform, is highly resistant to attacks and features smart and convenient customer access solutions based on NFC, Ultra-Wide-Band and BLE.”

ST’s STSAFE-VJ100-CCC in-vehicle system-on-chip solution is based on CC EAL6+ certified, automotive-grade 2 ST33K-A secure IC, integrating Java Card applications. The SoC stores credentials and other sensitive information, and performs cryptographic operations required to implement CCC Digital Key Release 3 use cases like owner pairing, key sharing, key termination/deletion. This provides a robust foundation for customers to build their digital car-key solutions.

More about ST’s digital car access systems can be found here.

More about G+D’s digital car key solutions can be found here.

Java Card Forum celebrates its 25th Anniversary and looks ahead to future opportunities

A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).

In the interview below, Jean-Daniel Aussel, President of the Java Card Forum, explains how far the technology has come over the last 25 years and what new challenges the Forum faces with emerging markets such as 5G and IoT.


JCF addresses future security challenges at its virtual Plenary meeting

The JCF held its first 2021 Plenary Meeting from March 16th to 18th, 2021. The focus of this plenary meeting was mostly around discussing potential new features for the future releases of Java Card, to meet the security demands of emerging technologies and markets. 

Java Card has been deployed for over twenty years on billions of secure devices in its traditional segments; telecommunication, payment, identity and access control. The unique security features of Java Card make it a platform of choice for new use cases, such as Internet of Things devices and gateways, machine-to-machine communication and wearable devices. At the same time, Java Card is also facing technological platform changes, such as the evolution of the form factor from smart cards to embedded secure elements, and now to complete integration in the System-on-Chip, or the support of cryptographic agility to adapt to security threats such as quantum computing.

The research and standardization on post-quantum cryptography are quickly progressing, and a variety of quantum-safe algorithms are being assessed worldwide. Although it is probably too early to guess which will be the selected quantum-safe algorithms, Java Card will surely have to support a variety of new algorithms, as well as support cryptographic agility to adapt dynamically to security threats or new algorithms.

Massive IoT, with billions of connected IoT devices, is a major use case of 5G, which is starting to be deployed globally. Security is key to massive IoT, to ensure only authorized devices are connected to the network, but also to ensure the privacy and integrity of the data transmitted by those IoT devices. The support of efficient low-power consumption algorithms and protocols are an important feature that Java Card will have to provide for IoT devices, as well as the support of energy saving features such as suspend and resume. Some of these devices will indeed have to operate on battery power for very long periods of time.

Wearable devices, such as smart watches, is a growing segment where Java Card can provide secure features such as payment, connectivity or access control, and here again efficient power consumption is required.

Memory optimization of the Java Card platform was heavily discussed, in particular to better address a wide spectrum of configurations. In low memory configurations, memory optimization can decrease the RAM consumption and hence decrease the bill of material. In large memory configurations, the Java Card platform is integrated in the System-on-Chip and using the memory of the application processor of the SoC.

Finally the Plenary was the occasion to reflect on current technological evolutions, with an extensive review of the current standardization efforts in the security, payment, telecommunications, and identity area. With its unique openness, security, and interoperable features, Java Card is at the heart of major standard initiatives and will be ready to meet their future challenges.

Yours truly,

Jean-Daniel Aussel

President of the Java Card Forum