The platform, which provides security for smart card and limited-memory device applications, will increase support for the IoT in Version 3.1.
Oracle has announced the availability of Java Card 3.1. It’s the latest version of the company’s open application platform that’s used to secure sensitive devices.
The new update increases flexibility in order to meet the needs of both existing secure chips and new IoT technologies. The features relate to use cases spanning from telecom to cars and more.
“Java Card is already used and trusted as a leading security platform for countless devices in the multi-billion-dollar smart card and secure element industry,” said Florian Tournier, Senior Director for Java Card at Oracle. “The 3.1 release enables the rollout of security and SIM applications on the same chip, allowing those services to be used on a large spectrum of networks from NB-IoT to 5G, and on a wide range of devices.”
Java Card technology is used to ensure a secure environment for apps that run on trusted devices with limited memory and processing power like smart card and secure elements, chips that protect smartphones and banking cards. There are close to six billion Java Card devices deployed each year. The update includes features that give applications more portability across critical IoT security hardware and creates new uses like multi-cloud IoT security models.
According to the company’s announcement, Java Card 3.1 introduces four security services:
- A certificate API to manage trusted keys for resource-constrained devices.
- A key derivation API, to protect sensitive data.
- A monotonic counter API to avoid replay attacks.
- A system time API for timestamping
“Connected devices’ volumes are expected to increase in the upcoming years, posing an increasingly complex challenge as growth adds system complexity to the infrastructure handling device data,” said Volker Gerstenberger, President and Chair of the Java Card Forum. “Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security, and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions.”
Key features include:
- Deployment of edge security services at IoT speed – Java Card 3.1 allows the development of security services that are portable across a wide range of IoT security hardware, helping reduce the risk and complexity of evolving IoT hardware and standards. A new extensible I/O model enables applications to exchange sensitive data directly with connected peripherals, over a variety of physical layers and application protocols.
- Dedicated IoT features – Java Card 3.1 introduces new APIs and updated cryptography functions to help address the security needs of IoT and facilitate the design of security applications such as device attestation. Uniquely, Java Card in IoT devices enables deployment of security and connectivity services on the same chip. Multiple applications can be deployed on a single card and new ones can be added to it even after it has been deployed.
- Developer enhancements – Java Card includes a set of unique tools for developing new services and applications. An extended file format simplifies application deployment, code upgrade and maintenance. API enhancements boost developer productivity and the memory efficiency of applications in secure devices.