Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.


PRESIDENT’S PERSPECTIVE SPRING 2021

JCF addresses future security challenges at its virtual Plenary meeting

The JCF held its first 2021 Plenary Meeting from March 16th to 18th, 2021. The focus of this plenary meeting was mostly around discussing potential new features for the future releases of Java Card, to meet the security demands of emerging technologies and markets. 

Java Card has been deployed for over twenty years on billions of secure devices in its traditional segments; telecommunication, payment, identity and access control. The unique security features of Java Card make it a platform of choice for new use cases, such as Internet of Things devices and gateways, machine-to-machine communication and wearable devices. At the same time, Java Card is also facing technological platform changes, such as the evolution of the form factor from smart cards to embedded secure elements, and now to complete integration in the System-on-Chip, or the support of cryptographic agility to adapt to security threats such as quantum computing.

The research and standardization on post-quantum cryptography are quickly progressing, and a variety of quantum-safe algorithms are being assessed worldwide. Although it is probably too early to guess which will be the selected quantum-safe algorithms, Java Card will surely have to support a variety of new algorithms, as well as support cryptographic agility to adapt dynamically to security threats or new algorithms.

Massive IoT, with billions of connected IoT devices, is a major use case of 5G, which is starting to be deployed globally. Security is key to massive IoT, to ensure only authorized devices are connected to the network, but also to ensure the privacy and integrity of the data transmitted by those IoT devices. The support of efficient low-power consumption algorithms and protocols are an important feature that Java Card will have to provide for IoT devices, as well as the support of energy saving features such as suspend and resume. Some of these devices will indeed have to operate on battery power for very long periods of time.

Wearable devices, such as smart watches, is a growing segment where Java Card can provide secure features such as payment, connectivity or access control, and here again efficient power consumption is required.

Memory optimization of the Java Card platform was heavily discussed, in particular to better address a wide spectrum of configurations. In low memory configurations, memory optimization can decrease the RAM consumption and hence decrease the bill of material. In large memory configurations, the Java Card platform is integrated in the System-on-Chip and using the memory of the application processor of the SoC.

Finally the Plenary was the occasion to reflect on current technological evolutions, with an extensive review of the current standardization efforts in the security, payment, telecommunications, and identity area. With its unique openness, security, and interoperable features, Java Card is at the heart of major standard initiatives and will be ready to meet their future challenges.

Yours truly,

Jean-Daniel Aussel

President of the Java Card Forum