Java Card is software technology for Java-based applications (applets) to run securely on smart cards and other embedded devices, by providing isolation of hardware and software services.
While the Java Card development kit is available for free, it requires a paid commercial license to use the technology. And typical platforms that run Java Card include smart card chips and embedded secure elements, though sensitive items like cryptographic keys can be provisioned.
Java Card specifications are developed by Sun Microsystems (a subsidiary of Oracle Corporation) and many of the Java Card products rely on the GlobalPlatform specifications for the secure management of applications (download, installation, personalization, deletion) on the card.
The first Java Card was introduced by Schlumberger's card division in 1996, and the organization later merged with Gemplus to form Gemalto and the technology is widely used in SIMs (card used in GSM mobile phones) and ATM cards.
Oracle announced the availability of Java Card 3.1 on January 16, with the latest version of one of the world’s most popular and open application platform expanding support that enables development of security services across a range of IoT security hardware.
The extensive update provides even more flexibility to meet the unique hardware and security requirements of both existing secure chips and emerging Internet of Things (IoT) technologies, with the introduction of APIs and updated cryptography functions to address IoT security and design of security applications.
It introduces four core security services, namely: certificate API for resource-constrained devices, key derivation API to protect sensitive data, monotonic counter API to avoid replay attacks and timestamping system API.
The features will enable new uses for hardware-based security, such as multi-cloud IoT security models, and make Java Card the ideal solution for the billions of IoT devices that require security at the edge of the network.