Java Card Forum

The Java Card Forum is an industry association of companies from the smart card, secure operating system and secure silicon industry, working together to promote and develop Java as the preferred programming language for multi-application smart cards, secure devices and other execution environments.

Tag Archives: security


by

Why Java Card is used by ST in their next generation payment solution

STMicroelectronics has unveiled STPay-Topaz-2, its next-generation contactless payment card system on chip (SoC). With Java Card providing the engine for critical aspects including multi-application coexistence, payment logic, and security, the new SoC’s arrival is a major advancement for the card industry and consumers. There is more flexibility to support a wider variety of payment brands, while a new auto-tuning feature ensures reader-independent connection quality for an enhanced user experience. In addition, advanced cryptography strengthens security and prepares the platform for upcoming, stronger industry standards.

ST has already supplied more than three billion STPay ready-to-use solutions to the payment market. STPay-Topaz-2 now introduces a specific feature which allows preloading the greatest quantity of payment applets per orderable part number in the market, which simplifies inventory management for card manufacturers. This innovation includes a unique product versioning which embeds the latest and most popular payment applets worldwide, including both VSDC2.8.1g1 and 2.9.2 Visa applets.

“Contactless payment has been a huge hit with consumers and the technology must now move forward as card suppliers strive to meet growing customer demand and more diverse market requirements,” said Bruno Batut, Banking & ID Business Unit Marketing Director, Connected Security Division, STMicroelectronics. “STPay-Topaz-2 can consolidate the largest set of payment apps on one orderable part number to simplify inventory management for card manufacturers, paving the way for further expansion in contactless payment popularity. We’ve also added auto-tuning to ensure the best tap-anywhere user experience and upgraded security ready for future standards including the forthcoming EMVCo C-8 kernel.”

The STPay-Topaz-2 is based on the ST31R480 secure microcontroller (MCU), manufactured in ST’s secure and certified facilities in France. The secure MCU achieved EMVCo certification in November 2024 and recently completed Common Criteria EAL6+ certification.

This STPay solution is ready for the payment industry’s adoption of stronger digital security, ranging from RSA/3DES encryption to advanced encryption standard (AES) and elliptic curve cryptography (ECC): it is designed to comply with the forthcoming EMVCo C 8 kernel. The platform also meets GlobalPlatform and Java Card standards, making it suitable for payments, loyalty programs, and custom applications.

With enhanced wireless performance, STPay-Topaz-2 also simplifies antenna integration for card manufacturers and enables efficient connectivity even with smaller antennas, providing greater design flexibility.

STPay-Topaz-2 samples are available immediately, with production already launched.

For pricing and sample requests, contact your local STMicroelectronics sales office.

Please visit https://www.st.com/en/secure-mcus/banking-id-transport.html for more information or watch this video: https://youtu.be/3FzpA4KIgdY


by

Nicolas Regnault is announced as the 2024 “Bertrand” Award Winner

Nicolas is recognised by his peers for his exceptional contribution to the Java Card Forum’s work

To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF who sadly passed away in February 2019), the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory. The JCF has been keen to showcase the “Bertrand Award” as a visible recognition of the continued drive and dedication still shown by its Members, over 25 years since its inception.

Nicolas Regnault (left) receives his Award from Jean-Daniel Aussel (right), President of JCF

A new voting process has been introduced this year, where all members were listed and could be voted for (rather than just 4 members nominated by the Technical and Business Chairmen). The top 3 then went through to a second ballot to produce a Winner. 

This year’s top 3 were:
Alexandre Frey (NXP)
Nicolas Regnault (Thales)
Christian Kirchstaetter (NXP)

“It was a great pleasure in Munich during our Java Card Forum Fall meeting to present on behalf of the Java Card Forum the 2024 Bertrand Award to Nicolas Regnault of Thales,” declared Jean-Daniel Aussel, President of the Java Card Forum. “As the Java Card Forum is preparing for the great challenge to keep up with ever evolving security attacks and the upcoming of quantum computers, Nicolas has been fully dedicated to work on a Java Card based cryptographic framework for crypto agility and the support of post-quantum cryptographic algorithms with the other members of the Java Card Forum Technical Committee. This year’s award was based on an open vote without nomination, and truly reflects the peer recognition of Nicolas for his outstanding work on the topic.”

“I am really honoured to receive the 2024 Bertrand Award and the recognition of my peers,” responded Nicolas Regnault. “You can still count on me for my commitment in the Java Card Forum to make the technology as good and secure as possible.”

Congratulations to all 3 of the selected members and in particular, to Nicolas for his win.


by

Calinel Pasteanu is announced as the 2023 “Bertrand” Award Winner

Calinel is recognised by his peers for his exceptional contribution to the Java Card Forum’s work

To celebrate the work of Bertrand du Castel (one of the Founder members of the JCF who sadly passed away in February 2019), the Java Card Forum (JCF) has worked with his family to initiate an Annual Award in his memory: The “Bertrand”. The JCF has been keen to showcase the “Bertrand Award” as a visible recognition of the continued drive and dedication still shown by its Members, over 25 years since its inception.

Each year the Business and Technical Committee Chairs nominate up to four Members who have made a significant contribution to the Forum and voting is then open to each individual JCF participant. This year’s nominees were:
Calinel Pasteanu (Oracle)
Nicolas Regnault (Thales)

Although Calinel could not be present at the Award ceremony held during the JCF Autumn Plenary in person, he participated via TEAMS and could be congratulated by his peers.

“Calinel is a well-deserved winner,” said Jean-Daniel Aussel, President of the Java Card Forum e.V. “In his position at Oracle, he gave unwavering support to the JCF. His long standing active participation in the steering and advancement of the Forum’s activities was instrumental in shaping and making a success of the successive Java Card releases.”

“The Java Card Forum has been designing the most advanced APIs to match up to date security requirements for billions of devices. Java Card technology has been and remains, the first choice for mass deployments in several markets, e.g. ID, Payment, Telco, and several IoT industrial profiles and fulfilling security requirements defined by different security schemes at different security levels (CC, FIPS, EMVCo, SESIP, etc.),” declared Calinel. “I am honoured to have been nominated for and to have received this Java Card Forum award. And I recommend joining the Java Card Forum to be part of designing the future – Java Card technology is getting more and more relevant as time goes on, due to the increasing importance of security requirements and the technology relevance reflected in setting standards organizations.”

Congratulations to both of the selected nominees and, in particular, Calinel for his win.


by

25 Year Celebration Dinner

On 22nd November 2022, the Java Card Forum celebrated its 25th Anniversary during the Autumn Plenary in Bremen. We were delighted that Eduard Karel de Jong, who was part of the orginal Java Card development team, was able to join us and share some of his stories from “the good old days”! It was a very enjoyable evening, topped off with a delicious celbration cake. Congratulations to all of you who have been part of the Java Card Forum over the years, working hard to make it into the most pervasive technology for enabling certified security in end products.


by

Java Card – A Foundation for the Future

As part of the 25 Year Anniversary celebrations, the JCF has produced an Infographic to demonstrate the unique benefits of the Java Card platform in providing secure solutions across converging industry segments.

To view the Infographic as a PDF, please click here.


by

ENISA Lead Certification Expert reflects on JCF longevity & future of Java Card

In the fourth interview of the 25th Anniversary series, Eric Vétillard, Lead Certification Expert at ENISA explains ENISA’s certification mandate and discuses how Java Card certification schemes are related to the ENISA scope. He also reflects on his time as the JCF Technical Committee (TC) Chairman and how it has shaped his career path since.


by

JCF Technical Committee Members discuss the challenges that Java Card technology will address in the coming years

In the second interview of the 25th Anniversary series, 3 members of the Java Card Technical Committee: Christian Kirchstaetter (Technical Committee Chairman), Luca Di Cosmo and Alexandre Frey (past winners of the annual Bertrand Award) discuss how the Java Card specification is changing in response to new markets and the impact this will have for developers.

The last 25 years have led to quite some changes to the specification. What will the work of the technical committee look like over the next 10 years. Or differently asked, what will the specification look like after 10 years?
Java Card will still be the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, Global Platform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal.
In the past we learnt that we needed to look into the market requirements and translate this into the evolution of the specification. We see that the coming years will be challenging due to the increased complexity of our ecosystems. We need to add more flexibility in the provided mechanisms of Java Card, while maintaining the backward compatibility and security.

What challenges is the Java Card Forum facing in new markets?
Traditionally, smart card products have always been associated with the card form factor but, more recently, secure elements soldered on PCBs and integrated secure elements came into play, introducing new technical issues to solve, as well as new kinds of security concerns. As Java Card Forum technical experts, we have wide experience with security evaluation methodologies (Common Criteria, EMVco, etc.) and we collaborate with Oracle in maintaining the Java Card Protection Profile to ease evaluations of Java Card products – but new markets will bring new challenges as well. For instance, the Automotive market defines its own cybersecurity assessment methodology (ISO 21434): fostering integration of Java Card secure elements in the automotive market means looking at the best ways to harmonize smart card security with automotive cybersecurity concerns, including the production of supporting documents.

What are the biggest advantages of using the Java Card Platform?
* Java Card provides a perfect separation between the actual application domain knowledge and the required know-how to securely and efficiently use hardware platforms.

* Application developers can utilize a subset of the Java language and a standardized Java Card API to implement their applications.

* In the past, the number of different use cases has increased due to new markets and requirements. Java Card allows adoption to new environments much faster than specialized native solutions can.

* The biggest advantages compared to native solutions are when it comes to scenarios where different applications need to be served by one product. This also holds true when it comes to the certification of the individual applications.

When you look at the evolution of the Java Card specification over the next few years, will it be necessary to update application code to comply with latest Java Card specs?
No, this not be required. Being a specification designed with backward compatibility in mind, applications not using the latest features will run unchanged on the newest Java Card platforms, thus allowing seamless integration of existing applications with state-of-the-art Java Card platforms. We have seen in the past how important it is to keep backward compatibility. Platform users take legacy applets and install them unchanged on new platforms, together with other applets, creating new product variants. Differently said, an update of the Java Card specification with the exchange of the platform does not cause problems for legacy applets. New applets can benefit from the new features.

What do you find technically interesting about Java Card?
Java Card is the root of a complex ecosystem with many influencing standards (e.g. communication standards, banking, secure identity, GlobalPlatform). The future will bring a high level of serious multi-application scenarios, where mixing payment, eGov, IoT, telecom, automotive applications will be normal. We like to work on the challenge to utilize the Java language in very small deeply-embedded devices with only kilobytes of memory. It is amazing to see how all impacting factors finally lead to a sound picture in the form of a specification.
It is exciting to work on a specification that leads to broadly spread products in various markets. We talk about billions of devices and the most used operating system on this planet.
We are excited to participate in the success story of a specification that is only 25 years old and will continue to evolve to open up new markets. Java Card is not only a standard; from a technical point of view it is also a very complex platform providing a high amount of functionality used by applets.

You can view the actual interview below: