As the Java Card Forum celebrates its 25th Anniversary, it acknowledges the collaboration with ISO/IEC/JTC1/SC17 and looks ahead to future opportunities
A lot has been achieved over 25 years and Java Card is the leading platform for secure elements with billions of devices issued each year. Founded in 1997, the Java Card Forum has been the key environment for defining and developing Java Card technology, through constant interaction between Java Card vendors and Oracle (owner of the specification and Java Card technology).
What brought Java Card to the fore in the late 90s is interoperability of the applications running on the smart cards, at a time where interoperability was a pain point for SIM cards, as well as a means to install and host several applications concurrently, even post issuance. Moreover, Java Card offered a strong, secure environment for applications, and was quickly able to address major markets where the highest possible level of security is required, such as SIM cards, payment cards, passports or identity cards. All this was recognised rapidly by the market, and the number of Java Cards in 2004, seven years after the Java Card Forum was created, was already reaching a Billion smart cards per year. Now the number has risen to over 6 Billion per year.
The Java Card Forum and ISO/IEC/JTC1/SC17
SC17 is the committee in ISO/IEC/JTC1 that deals with identification and its related documents (e.g. electronic passports), cards, security devices and tokens, and also standardizes the interfaces associated with their use in inter-industry applications and international interchange. The committee has published over 115 standards which build the base and the backbone for any secure application based on identification. The ISO/IEC 7816 series is, for example, the basis for any smartcard operating system.
Java Card and its specification follows the standards of SC17, that allows their usage in all inter-industry applications. The flexibility of the Java Card operating system allows manufacturers and customers to use one implementation of a compliant smartcard operating system with many independent applications – the implementation of applications is separated from the implementation of the operating system. With this approach, Java Card enhances SC17 standards without contradiction and becomes a major stakeholder for existing and future standards.
Some traditional applications, such as identity cards, although present with a bright future, are also increasingly being deployed onto the mobile phone or wearable devices, such as connected watches. In these devices, Java Card is now running on the soldered embedded secure element, or even integrated onto the system-on-chip. This motivates us to work on new features, such as new communications channels and protocols, improved power management with, for example, the support of suspend and resume, as well as new memory management capabilities or the ability to communicate with sensors, such as fingerprint readers, directly from the Java Card applet.
In addition, cryptographic agility is also a big item on the Java Card Forum agenda, initially to address the support of post-quantum cryptography, but more generally to make sure the security can be updated post-issuance should the need arise.
SC17 and Java Card Forum have had a fruitful, long-lasting partnership and liaison and will continue to inform each other about new developments, features and requirements.
Article by Jean-Daniel Aussel, President of the Java Card Forum and Werner Ness, Business Committee, Java Card Forum