Oracle has updated its Java Card open application platform used to secure sensitive devices. Version 3.1 provides more flexibility to help meet the hardware and security requirements of existing secure chips and emerging IoT technologies.
Features introduced with this release address use cases across markets ranging from telecoms and payments to cars and wearables.
Java Card technology provides a secured environment for applications that run on smart cards and other trusted devices with limited memory and processing capabilities. With close to six billion Java Card-based devices deployed each year, it is already a major software platform to run security services on smart cards and secure elements, which are chips used to protect smartphones, banking cards and government services.
Added features make applications more portable across security hardware critical to the IoT. This enables more uses for hardware-based security, such as multi-cloud IoT security models, and makes Java Card suitable for tens of billions of IoT devices that require security at the edge of the network.
Emerging applications for Java Card include:
- Smart meters and industrial IoT: Increasingly sophisticated IoT smart meters and IoT gateways use Java Card to authenticate smart city and corporate services while protecting individual device credentials.
- Wearables: Wearable and consumer electronics are increasingly used for sensitive applications such as near-field communications (NFC) ticketing and payments, as well as tracking health data. Java Card helps meet the security requirements of these devices while allowing the flexibility to add and update services.
- Automotive: Car makers can use strong Java Card-based security to help protect vehicle systems and sensitive data from physical and network attacks.
- Cloud connected devices: Java Card in connected devices can enable access to 5G or NB-IoT networks and offer strong authentication for the IoT cloud.
“Connected devices’ volumes are expected to increase in the upcoming years, posing an increasingly complex challenge as growth adds system complexity to the infrastructure handling device data,” said Volker Gerstenberger, president and chair of the Java Card Forum. “Java Card 3.1 is very significant to the internet of things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security.”
Added features and capabilities include:
- Deployment of edge security services at IoT speed: Java Card 3.1 allows the development of security services that are portable across a wide range of IoT security hardware, helping reduce the risk and complexity of evolving IoT hardware and standards. An extensible IO model enables applications to exchange sensitive data directly with connected peripherals, over various physical layers and application protocols.
- Dedicated IoT features: Version 3.1 introduces APIs and updated cryptography functions to help address the security needs of the IoT and facilitate the design of security applications such as device attestation. Java Card in IoT devices enables deployment of security and connectivity services on the same chip. Multiple applications can be deployed on a single card and new ones can be added to it even after it has been deployed.
- Developer enhancements: There is a set of tools for developing services and applications. An extended file format simplifies application deployment, code upgrade and maintenance. API enhancements boost developer productivity and the memory efficiency of applications in secure devices.
“Java Card is already used and trusted as a leading security platform for countless devices in the multi-billion-dollar smart card and secure element industry,” said Florian Tournier, senior director for Java Card at Oracle. “The 3.1 release enables the rollout of security and SIM applications on the same chip, allowing those services to be used on a large spectrum of networks from NB-IoT to 5G, and on a wide range of devices.”