Java Card, 15 years later

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 1

Java Card, 15 Years Later

Eric Vétillard, Oracle


10,000,000,000


10,000,000,000 + 2,000,000,000 per year


10,000,000,000 + 2,000,000,000 per year

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16

Program Agenda

1996-1998: The early years

1999-2002: The SIM Toolkit explosion

2003-2009: Java Card 3 Connected

2000-2012: Security certification

2007-2012: The NFC promise

2012-2027: The next 15 years


1996: Java on a Smart Card

At that time, there were many battles around card VM’s

– SIM Toolkit applications were starting to appear

– Every vendor was proposing its own architecture

Schlumberger proposed to use Java

– Crazy idea coming from their advanced R&D lab

– Cyberflex demonstrated that Java could run on a smart card

Cyberflex


1996: Java on a Smart Card

At that time, there were many battles around card VM’s

– SIM Toolkit applications were starting to appear

– Every vendor was proposing its own architecture

Schlumberger proposed to use Java

– Crazy idea coming from their advanced R&D lab

– Cyberflex demonstrated that Java could run on a smart card

Cyberflex


1997: From scripts to objects

The Java Card Forum forms in April, 1997

– Work starts immediately with aggressive schedule

– The Java Card 2.0 specification is issued in October, 1997

– Data is stored in objects, not in a traditional file system

Two products (research prototypes?) are shown at Cartes’1997

– Cyberflex, now with some experience

– A brand new GemXpresso, with Java Card 2.0

– Cyberflex rightfully gets the Sesames award


1997: From scripts to objects

The Java Card Forum forms in April, 1997

– Work starts immediately with aggressive schedule

– The Java Card 2.0 specification is issued in October, 1997

– Data is stored in objects, not in a traditional file system

Two products (research prototypes?) are shown at Cartes’1997

– Cyberflex, now with some experience

– A brand new GemXpresso, with Java Card 2.0

– Cyberflex rightfully gets the Sesames award


1998: OpenPlatform is created

Java Card specification addresses programming

– Building a portable Java Card application

– Running the application on several platforms

OpenPlatform focuses on deployment

– Loading an installing applications

– Defining actors, roles, and tasks

Became the very strong GlobalPlatform organization


1998: OpenPlatform is created

Java Card specification addresses programming

– Building a portable Java Card application

– Running the application on several platforms

OpenPlatform focuses on deployment

– Loading an installing applications

– Defining actors, roles, and tasks

Became the very strong GlobalPlatform organization


1999: Java Card 2.1 and interoperability

Binary-level interoperability

– Java Card 2.1 will have a binary format for cards

– Endless discussions on the card format

Settled on the CAP file and export file

Complex features now stabilized

– Memory management, including transient objects

– Inter-applet communication, with sharing


1999: Java Card 2.1 and interoperability

Binary-level interoperability

– Java Card 2.1 will have a binary format for cards

– Endless discussions on the card format

Settled on the CAP file and export file

Complex features now stabilized

– Memory management, including transient objects

– Inter-applet communication, with sharing


1999: The SIM Toolkit API is released

ETSI defines a specification “for Java Card”

– Access to the GSM file system

– Definition of SIM Toolkit applications

– Mostly an API

Unleashed Java Card in the mobile market

– APIs still exists, being revised regularly


1999: The SIM Toolkit API is released

ETSI defines a specification “for Java Card”

– Access to the GSM file system

– Definition of SIM Toolkit applications

– Mostly an API

Unleashed Java Card in the mobile market

– APIs still exists, being revised regularly


2001: SIMAlliance Interop Stepping Stones

SIM Alliance is formed by a group of SIM vendors

– Focus on easing the use of SIM cards

Interoperability stepping stones a complement of ETSI specifications

– Provides detailed tips about difficult-to-use features

– Refines specifications where they are unclear

– Provides examples and good usage guidelines


2001: SIMAlliance Interop Stepping Stones

SIM Alliance is formed by a group of SIM vendors

– Focus on easing the use of SIM cards

Interoperability stepping stones a complement of ETSI specifications

– Provides detailed tips about difficult-to-use features

– Refines specifications where they are unclear

– Provides examples and good usage guidelines


2002: Java Card 2.2 and RMI

RMI was a symbol of Java Card 2.2

– Introduced by Gemplus in 1997, following Corba work

– Adopted by Schlumberger and part of Java Card in 2002

The vision of RMI

– APDU’s are an anachronistic feature of the past

– Cards need to be easier to use

– RMI is an up-to-date technology for using cards


2002: Java Card 2.2 and RMI

RMI was a symbol of Java Card 2.2

– Introduced by Gemplus in 1997, following Corba work

– Adopted by Schlumberger and part of Java Card in 2002

The vision of RMI

– APDU’s are an anachronistic feature of the past

– Cards need to be easier to use

– RMI is an up-to-date technology for using cards


2009: Java Card 3.0, Connected Edition

The future of Java card, as seen in 2002

– Much bigger chips

– Better connectivity

Major improvement of the technology

– Virtual machine inspired from mobile technology

– Embedded Web server


2009: Java Card 3.0, Connected Edition

The future of Java card, as seen in 2002

– Much bigger chips

– Better connectivity

Major improvement of the technology

– Virtual machine inspired from mobile technology

– Embedded Web server


2001: First CC certificate

The Vocable project

– EAL1+

– Gemplus, Oberthur, Trusted Logic and Serma for Carte Bleue

One of the first Common Criteria certifications

– Mostly an experiment


2001: First CC certificate

The Vocable project

– EAL1+

– Gemplus, Oberthur, Trusted Logic and Serma for Carte Bleue

One of the first Common Criteria certifications

– Mostly an experiment


2003: The Java Card Protection Profile

A common base for the certification of Java Card products

– Defining a security model for Java Card

– Defining the main security functions of Java Card

PP has been certified, and revised several times

– Used in many certifications every year

– Complemented by work performed in JHAS on logical attacks


2003: The Java Card Protection Profile

A common base for the certification of Java Card products

– Defining a security model for Java Card

– Defining the main security functions of Java Card

PP has been certified, and revised several times

– Used in many certifications every year

– Complemented by work performed in JHAS on logical attacks


2010: First Platform certified by EMVCo

EMVCo security certifications have existed for a long time

– Managed individually by Visa, MasterCard, …

– Targeting a single payment application, regardless of platform

With NFC, EMVCo has started evaluating platforms

– Based on a set of security guidelines issued by EMVCo

– Without direct references to payment applications


2010: First Platform certified by EMVCo

EMVCo security certifications have existed for a long time

– Managed individually by Visa, MasterCard, …

– Targeting a single payment application, regardless of platform

With NFC, EMVCo has started evaluating platforms

– Based on a set of security guidelines issued by EMVCo

– Without direct references to payment applications


2009: Java Card Supports NFC Wallets

Java Card at the heart of NFC secure elements

– Mandated by both Google and Isis for their wallets

– Only technology recognized in France by AFSCM

– Similar decisions in many countries

Application providers are also using Java Card

– Visa is providing a Java reference implementation for payment


2009: Java Card Supports NFC Wallets

Java Card at the heart of NFC secure elements

– Mandated by both Google and Isis for their wallets

– Only technology recognized in France by AFSCM

– Similar decisions in many countries

Application providers are also using Java Card

– Visa is providing a Java reference implementation for payment


2012: Embedding the card?

In NFC, SWP SIM vs. eSE

– Power struggle of operators vs. wallet providers

In M2M, embedded formats are becoming common

– Addresses issues with vibrations and more

Strong debate around embedded UICC


2012: Embedding the card?

In NFC, SWP SIM vs. eSE

– Power struggle of operators vs. wallet providers

In M2M, embedded formats are becoming common

– Addresses issues with vibrations and more

Strong debate around embedded UICC


2015: Securing the Internet of Things

A piece in the end-to-end security story

– Most devices are a front-end to the cloud

– Device security is becoming important

Think of PCI, HIPAA, etc.

Java Card has a lot of potential

– Most recognized security platform

– A cousin of Java SE Embedded

– Not linked to a single technology


2015: Securing the Internet of Things

A piece in the end-to-end security story

– Most devices are a front-end to the cloud

– Device security is becoming important

Think of PCI, HIPAA, etc.

Java Card has a lot of potential

– Most recognized security platform

– A cousin of Java SE Embedded

– Not linked to a single technology


2020 and beyond: The Security Subsystem

From factor undecided

– Separate hardware? In the chipset? Software?

– Most likely, all of the above

Key features are not there

– Assurance level is the key

– Provability likely to become more and more important

– Main reason to keep a smaller and simpler security subsystem


2020 and beyond: The Security Subsystem

From factor undecided

– Separate hardware? In the chipset? Software?

– Most likely, all of the above

Key features are not there

– Assurance level is the key

– Provability likely to become more and more important

– Main reason to keep a smaller and simpler security subsystem


So, what is happening?

Some interesting R&D work about Java Card security

– Recently, Ph.D. thesis from Guillaume Barbu

– More research work at Limoges, Nijmegen, Royal Holloway, …

Lots of work on security evaluation of applets

– Talks from Jean-Baptiste Machemie and Emilie Faugeron

Java Card very present around NFC

– Enabling many models throughout yesterday’s NFC talks

Making it happen really


Technology

Java Card, 15 years later