Java Card is a technology developed by Sun Microsystems, which was later acquired by Oracle Corporation. It is a specialized platform that allows the development of secure, portable, and interoperable applications known as “applets” for smart cards and other constrained devices. With Java Card, developers can create applets that run on tiny, resource-limited devices, providing them with the ability to securely store and process data, perform cryptographic operations, and execute various applications.
Java Card applets are written in the Java programming language, leveraging its robustness, flexibility, and wide developer community. The applets are typically loaded onto smart cards, which are small embedded devices with microprocessors and memory chips. These smart cards can be used for various purposes, such as payment systems, mobile phone SIM cards, logical access, physical access control, ePassports, identity verification, and secure authentication.
Oracle, after acquiring Sun Microsystems, became the primary steward of Java Card technology. They have continued to support and enhance Java Card, ensuring its compatibility with the Java platform and providing tools and resources for developers. Oracle’s commitment to security and compatibility has allowed Java Card to become widely adopted in the smart card industry.
To ensure interoperability and standardization, Java Card technology is compliant with industry standards set by organizations such as GlobalPlatform and OpenPlatform. GlobalPlatform is an industry association that defines specifications for secure chip technology, including smart cards. Java Card adheres to GlobalPlatform standards, enabling interoperability and allowing applets to be deployed on different card platforms.
OpenPlatform, on the other hand, is an open-source initiative that provides a framework for developing and deploying secure applications on smart cards. It promotes openness, transparency, and collaboration in the smart card ecosystem, and Java Card aligns with OpenPlatform principles, making it compatible with the initiative’s goals.
Java Card Language
Java Card uses a subset of the Java programming language specifically tailored for developing applications for smart cards and other resource-constrained devices. The language used in Java Card is referred to as the Java Card Language.
The Java Card Language is based on a subset of the Java programming language, which means it includes a limited set of features compared to the full Java language. This subset is designed to be compatible with the resource limitations of smart cards, which typically have limited processing power, memory, and storage capabilities.
The Java Card Language retains the object-oriented programming paradigm of Java, allowing developers to define classes, create objects, and implement methods. However, it omits certain features that are not essential or feasible for smart card environments. Some of the notable differences and restrictions in the Java Card Language include:
- No support for certain data types and classes: The Java Card Language only supports a limited set of primitive data types, such as boolean, byte, short, and int. It does not include support for advanced data types like long, float, or double. Similarly, certain standard Java classes and libraries are not available in Java Card.
- Restricted memory management: Java Card employs a specialized memory management system suited for smart cards. It uses an object-oriented persistent memory model, where objects and data persist even when power is removed. However, the memory model is more constrained than in standard Java, and developers must be mindful of memory limitations and manage memory usage efficiently.
- Limited runtime environment: The Java Card runtime environment, known as the Java Card Virtual Machine (JCVM), is specifically optimized for smart cards. It provides only a subset of the Java runtime environment features, including basic execution and memory management capabilities.
- Enhanced security mechanisms: Java Card emphasizes security and includes features like secure storage, cryptography, and secure execution environments. The Java Card Language incorporates security-related constructs and enforces strict access control mechanisms to ensure the integrity and confidentiality of sensitive data.
Despite these restrictions, the Java Card Language maintains compatibility with the broader Java ecosystem, allowing developers to leverage their existing Java programming skills and reuse code snippets or libraries. Java Card development typically involves using specialized development tools and APIs provided by Oracle and other vendors to compile, test, and deploy applets onto smart cards.
Overall, the Java Card Language provides a subset of the Java programming language that is optimized for resource-constrained environments like smart cards, enabling developers to create secure and portable applications for these devices.
Oracle has released several Java Card platform specifications and is providing SDK tools for application development. Usually smart card vendors implement just a subset of algorithms specified in Java Card platform target and the only way to discover what subset of specification is implemented is to test the card.
- Version 3.2 (30.01.2023)
- Introduced support for (D)TLS1.3 protocols
- Added API clarifications to help application developers and significantly increase the level of interoperability across multiple implementations
- Version 3.1 (17.12.2018)
- Added configurable key pair generation support, named elliptic curves support, new algorithms and operations support, additional AES modes and Chinese algorithms.
- Version 3.0.5 (03.06.2015)
- Oracle SDK: Java Card Classic Development Kit 3.0.5u1 (03.06.2015)
- Added support for Diffie-Hellman modular exponentiation, Domain Data Conservation for Diffie-Hellman, Elliptic Curve and DSA keys, RSA-3072, SHA3, plain ECDSA, AES CMAC, AES CTR.
- Version 3.0.4 (06.08.2011)
- Oracle SDK: Java Card Classic Development Kit 3.0.4 (06.11.2011)
- Added support for DES MAC8 ISO9797.
- Version 3.0.1 (15.06.2009)
- Oracle SDK: Java Card Development Kit 3.0.3 RR (11.11.2010)
- Added support for SHA-224, SHA-2 for all signature algorithms.
- Version 2.2.2 (03.2006)
- Oracle SDK: Java Card Development Kit 2.2.2 (03.2006)
- Added support for SHA-256, SHA-384, SHA-512, ISO9796-2, HMAC, Korean SEED MAC NOPAD, Korean SEED NOPAD.
- Version 2.2.1 (10.2003)
- Oracle SDK: Java Card Development Kit 2.2.1 (10.2003)
- Version 2.2 (11.2002)
- Added support for AES cryptography key encapsulation, CRC algorithms, Elliptic Curve Cryptography key encapsulation,Diffie-Hellman key exchange using ECC, ECC keys for binary polynomial curves and for prime integer curves, AES, ECC and RSA with variable key lengths.
- Version 2.1.1 (18.05.2000)
- Oracle SDK: Java Card Development Kit 2.1.2 (05.04.2001)
- Added support for RSA without padding.
- Version 2.1 (07.06.1999)
Java Card technology supports various form factors, enabling its deployment in diverse devices and applications. Here’s a description of some common Java Card form factors:
- Contactless Cards: Contactless Java Card form factors include smart cards that communicate wirelessly using radio frequency (RF) technology. These cards can be waved or tapped near a card reader for data exchange, making them convenient for applications like access control, transportation systems, and contactless payments.
- Dual-Interface Cards: Dual-interface Java Cards combine contact and contactless communication capabilities in a single card. They have both metal contact pads and an embedded antenna for contact and contactless transactions. Dual-interface cards are widely used in applications that require flexibility and backward compatibility, such as banking, e-government, and transit systems.
- Contact Cards: Contact Java Cards feature metal contact pads that establish physical electrical connections with card readers. When inserted into a reader, the contacts facilitate data transfer and power supply. Contact cards are commonly used in applications like banking, identity verification, and secure access control.
- SIM Cards: Java Card technology is widely used in SIM (Subscriber Identity Module) cards, which are essential components in mobile devices for secure authentication and communication with cellular networks. Java Card-powered SIM cards provide security features and support various mobile applications, such as secure messaging, mobile payments, and network access control. SIM cards come in three different sizes 2FF (Mini-SIM), 3FF (Micro-SIM), and 4FF (Nano-SIM).
- Human or Animal Implantable Devices: Java Card technology can also be implemented in implantable devices, such as microchips implanted in humans or animals. These devices enable secure identification, medical data storage, and access control. Implantable Java Card devices find applications in healthcare, veterinary services, and personal identification.
- USB Tokens: Java Card-based USB tokens are compact devices that connect to a computer’s USB port. They provide secure authentication, data storage, and cryptographic operations for applications like secure login, digital signatures, and data encryption. USB tokens are commonly used in enterprises and organizations for secure access and data protection.
- Key Fobs: Java Card technology can be integrated into key fobs, small devices attached to keychains or carried in pockets. Key fobs typically provide contactless or dual-interface capabilities and are used for applications like building access, vehicle entry, and payment systems.
- Stickers: Java Card stickers are thin adhesive labels that contain a Java Card microcontroller. These stickers can be attached to various surfaces, objects, or devices, providing them with smart card capabilities. They are used in applications like asset tracking, authentication, and identification in environments where physical cards are not practical.
- Embedded Systems: Java Card technology extends to embedded systems, where it enables the development of secure and portable applications in resource-constrained environments. Embedded systems encompass a wide range of devices, such as smart meters, industrial control systems, healthcare devices, and automotive systems. Java Card’s compact footprint, security features, and compatibility with the Java programming language make it an ideal choice for developing applications in embedded systems. With Java Card, embedded systems can leverage its secure storage, cryptographic capabilities, and communication protocols to enable secure data processing, device control, and connectivity.Java Card’s presence in embedded systems ensures that these devices can securely store and process sensitive information, perform cryptographic operations, and provide robust functionality while maintaining a high level of security. The platform’s compatibility with industry standards and its ability to interoperate with other Java-based systems make it a versatile and widely adopted solution for developing secure and portable applications in embedded systems.
These Java Card form factors demonstrate the versatility and adaptability of the technology across a wide range of devices and applications. Whether it’s contact-based, contactless, or embedded in different form factors, Java Card enables secure and portable applications in areas such as finance, identification, access control, and IoT security.
The history of Java Card dates back to the mid-1990s when smart cards were gaining popularity as secure devices for various applications. Here is an overview of the key milestones and developments in the history of Java Card:
- Development at Sun Microsystems (1996-2010):
- In 1996, Sun Microsystems, led by James Gosling and his team, began the development of Java Card as a platform for running applets on smart cards.
- The first version of Java Card, known as Java Card 1.0, was released in 1997. It provided a subset of the Java programming language and runtime environment for smart card development.
- Over the years, Sun Microsystems continued to enhance Java Card with new features and security enhancements. Java Card 2.0 was released in 2000, followed by Java Card 2.2.1 in 2003, which added support for more advanced features and cryptographic operations.
- Acquisition by Oracle Corporation (2010):
- In 2010, Oracle Corporation acquired Sun Microsystems, including the Java Card technology.
- Oracle took over as the steward of Java Card, continuing its development and support for the smart card industry.
- Standardization and GlobalPlatform (2000s-present):
- In the early 2000s, industry organizations recognized the need for standardization in the smart card ecosystem.
- GlobalPlatform, an industry association, established specifications for secure chip technology and interoperability, including smart cards. Java Card aligned with GlobalPlatform standards, ensuring compatibility and enabling applets to be deployed on different card platforms.
- The collaboration between Java Card and GlobalPlatform facilitated the widespread adoption of Java Card technology in various industries.
- OpenPlatform Initiative (2008-present):
- The OpenPlatform initiative emerged in 2008 as an open-source framework for developing and deploying secure applications on smart cards.
- OpenPlatform promotes openness, transparency, and collaboration in the smart card ecosystem.
- Java Card aligned with the principles of OpenPlatform, making it compatible with the initiative’s goals and enabling interoperability between different smart card platforms.
- Continued Evolution and Adoption:
- Oracle has continued to evolve Java Card, introducing new versions and features to meet the changing demands of the smart card industry.
- Java Card 3.0, released in 2010, brought significant improvements, including support for more advanced Java features, increased memory capacity, and enhanced security mechanisms.
- Subsequent versions, such as Java Card 3.1 and 3.1 Classic Edition, further expanded the capabilities and compatibility of Java Card.
Schlumberger, who was a leading provider of technology and services for the oil and gas industry, played a significant role in the development and advancement of Java Card technology. They were one of the early adopters and contributors to the platform, providing valuable expertise in secure chip technology and promoting its adoption in various industries.
Throughout its history, Java Card has gained widespread adoption in various industries, including finance, telecommunications, government, and healthcare. Its versatility, security features, and compatibility with the Java ecosystem have made it a preferred platform for developing secure and portable applications on smart cards and other constrained devices.
Manufacturers such as NXP, Infineon, STMicroelectronics, Samsung, and Inside Secure are prominent players in the market of microcontrollers specifically designed for Java Card technology. These manufacturers provide microcontroller chips that serve as the foundation for Java Card-based smart card solutions. Here’s a description of each manufacturer:
- NXP Semiconductors: NXP is a leading semiconductor manufacturer that offers a wide range of microcontrollers for smart card applications, including Java Card. Their microcontrollers are known for their high-security features, performance, and compatibility with Java Card specifications. NXP’s Java Card microcontrollers are widely used in various sectors, such as banking, payment systems, government identification, and access control. NXP develops their own Java Card OS to run on their microcontroller called JCOP (Java Card OpenPlatform), their latest Java Card platform is JCOP 4.
- Infineon Technologies: Infineon is another key player in the smart card microcontroller market, with a strong focus on security and reliability. Their microcontrollers for Java Card applications offer robust hardware-based security features and optimized performance. Infineon’s microcontrollers are used in diverse applications, including financial transactions, mobile communications, public transportation, and e-government. Infineon typically relies on 3rd party developer to provide Java Card OS’s such as JNET, Oracle, and Trusted Logic, Infineon’s latest Java Card platform is their SECORA™.
- STMicroelectronics: STMicroelectronics is a renowned semiconductor manufacturer that produces microcontrollers suitable for Java Card deployments. Their microcontrollers combine advanced security features, low power consumption, and high performance. STMicroelectronics’ Java Card microcontrollers find applications in various domains, such as payment cards, mobile NFC (Near Field Communication) solutions, and secure authentication systems.
- Samsung Semiconductor: Samsung Semiconductor is a leading provider of microcontrollers for Java Card-based smart card solutions. Samsung’s microcontrollers offer a balance of performance and security, making them suitable for a range of applications, including mobile payments, secure access control, and identity verification. Their Java Card-compatible microcontrollers are known for their reliability and integration capabilities.
- Inside Secure: Inside Secure is a trusted manufacturer of secure microcontrollers tailored for Java Card applications. Their microcontrollers provide strong security features, including cryptographic accelerators, secure storage, and secure execution environments. Inside Secure’s Java Card microcontrollers are used in various industries, such as banking, transit, telecommunications, and IoT (Internet of Things) security.
These manufacturers play a vital role in the Java Card ecosystem, providing the hardware foundation for secure and interoperable smart card solutions. Their microcontrollers, combined with Java Card technology, enable the development of robust and scalable applications for a wide range of industries that require secure authentication, data storage, and cryptographic operations on smart cards.