In the second interview of the 25th Anniversary series, 3 members of the Java Card Technical Committee: Christian Kirchstaetter (Technical Committee Chairman), Luca Di Cosmo and Alexandre Frey (past winners of the annual Bertrand Award) discuss how the Java Card specification is changing in response to new markets and the impact this will have for developers.

The last 25 years have led to quite some changes to the specification. What will the work of the technical committee look like over the next 10 years. Or differently asked, what will the specification look like after 10 years?
Java Card will still be the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, Global Platform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal.
In the past we learnt that we needed to look into the market requirements and translate this into the evolution of the specification. We see that the coming years will be challenging due to the increased complexity of our ecosystems. We need to add more flexibility in the provided mechanisms of Java Card, while maintaining the backward compatibility and security.

What challenges is the Java Card Forum facing in new markets?
Traditionally, smart card products have always been associated with the card form factor but, more recently, secure elements soldered on PCBs and integrated secure elements came into play, introducing new technical issues to solve, as well as new kinds of security concerns. As Java Card Forum technical experts, we have wide experience with security evaluation methodologies (Common Criteria, EMVco, etc.) and we collaborate with Oracle in maintaining the Java Card Protection Profile to ease evaluations of Java Card products – but new markets will bring new challenges as well. For instance, the Automotive market defines its own cybersecurity assessment methodology (ISO 21434): fostering integration of Java Card secure elements in the automotive market means looking at the best ways to harmonize smart card security with automotive cybersecurity concerns, including the production of supporting documents.

What are the biggest advantages of using the Java Card Platform?
* Java Card provides a perfect separation between the actual application domain knowledge and the required know-how to securely and efficiently use hardware platforms.

* Application developers can utilize a subset of the Java language and a standardized Java Card API to implement their applications.

* In the past, the number of different use cases has increased due to new markets and requirements. Java Card allows adoption to new environments much faster than specialized native solutions can.

* The biggest advantages compared to native solutions are when it comes to scenarios where different applications need to be served by one product. This also holds true when it comes to the certification of the individual applications.

When you look at the evolution of the Java Card specification over the next few years, will it be necessary to update application code to comply with latest Java Card specs?
No, this not be required. Being a specification designed with backward compatibility in mind, applications not using the latest features will run unchanged on the newest Java Card platforms, thus allowing seamless integration of existing applications with state-of-the-art Java Card platforms. We have seen in the past how important it is to keep backward compatibility. Platform users take legacy applets and install them unchanged on new platforms, together with other applets, creating new product variants. Differently said, an update of the Java Card specification with the exchange of the platform does not cause problems for legacy applets. New applets can benefit from the new features.

What do you find technically interesting about Java Card?
Java Card is the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, GlobalPlatform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal. We like to work on the challenge to utilize the Java language in very small deeply-embedded devices with only kilobytes of memory. It is amazing to see how all impacting factors finally lead to a sound picture in the form of a specification.
It is exciting to work on a specification that leads to broadly spread products in various markets. We talk about billions of devices and the most used operating system on this planet.
We are excited to participate in the success story of a specification that is only 25 years old and will continue to evolve to open up new markets. Java Card is not only a standard; from a technical point of view it is also a very complex platform providing a high amount of functionality used by applets.

You can view the actual interview below: