Chip to Cloud, day 2: Java Card, 15 years later

Yes, this is my own session, so this is not really live. The idea is here to identify the most important events in the past 15 years of Java Card, and to take a look at the future. So, here are the selected events:

  • 1996, Java on a smart card. That’s even more than 15 years ago, and that’s when some maniacs at Schlumberger’s Austin lab came up with the crazy idea of putting a Java virtual machine on a microcontroller with under 1k of RAM. It worked, and that was Cyberflex.
  • 1997: the industry organizes. The Java Card Forum is created in April, and the Java Card 2.0 is released, with two demos at Cartes, Cyberflex and GemXpresso. Cyberflex gets the Sesames award that they deserved. Also, Java Card becomes a bit more Java-like, with data stored in objects rather than files, applets, and a few more things.
  • 1998: OpenPlatform is created. OpenPlatform has been created by Visa, as the first initiative from issuers to work on the management of multi-application cards. A spec is rapidly issued, which is the ancestor of today’s GlobalPlatform Card Specification.
  • 1999: Java Card 2.1 and interoperability. We took more time to release 2.1, because this was the release. The new features include binary interoperability, with the definition of the CAP file, the finalization of the application model, including transient objects and sharing.
  • 1999: The SIM Toolkit API is released. This is the first hit for Java Card, which has been essential to its success in the mobile industry, still present in billions of cards.
  • 2001: SIM Alliance release Interoperability Stepping Stones. This is a major industry forum, representing vendors, issuing a document that removes them a potential differentiation. Interoperability is not just for geeks any more.
  • 2002: Java Card and RMI. This has been a long story, starting with the 1997 Cartes demo by Gemplus. Five years later, RMI gets in the Java Card spec as a mandatory feature, allowing Java Card developers to go beyond APDUs. Or not.
  • 2009: Java Card 3.0, Connected Edition. That’s the end of a cycle in which we add more and more features. Starting in 2002 from forecasts of 1Mb chips in 2006 and a big need for content on cards, we went to high-speed communication, better VM, and a Web server. In the end, we had an iPhone, and rather small chips. And enough new features to last for 10 years.
  • 2001: The first CC certificate. The Vocable was a bit crazy. Launched in 2000, the idea was to get a Common Criteria certification for a Java smart card. It was highly experimental, training the evaluation lab Serma about Java software, even discussing principles with the certification authority. But it worked, and we got the certificate. Certification matters.
  • 2003: The Java Card Protection Profile. This initiative has defined a common base for the certification of Java Card products, and one of the most commonly used PPs, even today. It has also helped us grow a security ecosystem around the security of Java Card.
  • 2010: EMVCo certifies a Java Card platform. It took a long time to convince issuers that it was interesting to certify platforms as well as applications. What got them there is NFC, because they now have to share a platform selected by others. And this is a great move ahead, because it is a first step toward security interoperability. We are not there yet, but Java Card is slowly getting there.
  • 2009: NFC wallets require Java Card. This is important, because NFC is the first market in which Java Card is an obvious choice. Nobody has discussed this choice, since interoperability and openness are key properties. A very strong use case for Java Card.
  • 2012: Embedding the card. With M2M and NFC embedded secure elements, there are talks about embedding Java Card. Once again, this is a strong use case, as the ability to add or update applications is important in this context. In a riskier move, I can mention eUICC, although network operators don’t like this much. The big news about embedded? It changes the control of the secure element, giving more power to device vendors, and taking it away from issuers.
  • 2015: The Internet of Things. That’s a natural step. Everybody is talking about these billions of connected devices. At least some of them will need security, and Java Card will be around to provide this. It is recognized, and not linked to a single technology.
  • 2020 and beyond: The security subsystem. That’s a bit far to bet on form factors, and I don’t know if secure elements will still be around, if they will be integrated in the main chipsets, or if software only will be needed, but I am convinced that a security subsystem will be around, and Java Card is a good candidate to run on it. Why? Because Java Card is small and constrained, but it is also provable in many ways, and can be evaluated with high assurance levels. And in security terms, these things matter.

To conclude, what is happening today? Well, Java Card security is drawing some interest from the research community, and we are seeing great results. For instance, Guillaume Barbu has done great work in his Ph.D. thesis about logical attacks and countermeasures. More work is happening at Limoges, Nijmegen, Royal Holloway, and more. Students who work on that then get jobs at evaluation labs, and we got presentations from Emilie Faugeron and Jean-Baptiste Machemie about new evaluation offers.

Of course, Java Card is everywhere around NFC, and it was present, explicitly or implicitly, in most presentations I saw from the NFC World Congress.

Finally, a personal note or this blog. I have been personnally involved almost full time on Java Card fornthe past 15 years, and I participated in a way or another to most of the events noted here, except of course the initial idea from the Schlumberger guys. I am very proud of everything we have achieved during these years, and I hope that many more people are just as proud of this success. After all, over 10,000,000,000 cards with Java Card have been produced, and this is a big number. Actually, I don’t know of any application framework that can show such numbers. So thank you everybody, and let’s continue for 15 more years!


  • Pierre P. wrote:

    In 1997, Gemplus get a Special Award for CASCADE.

    Cascade was the first 32 bits RISC Microprocessor Card with an “implementation of Java Card 2 specification”. The Direct Methods Invocation was also introduced in this release.

    Pierre P.

  • Hema Kalsi wrote:

    Well said Eric!

Leave a Reply

Your email is never shared.Required fields are marked *