560:(currently at version 3.0.5 released in June 2015) is an evolution of the Java Card Platform version 2 (which last version 2.2.2 was released in March 2006), which supports traditional card applets on resource-constrained devices such as Smart Cards. Older applets are generally compatible with newer Classic Edition devices, and applets for these newer devices can be compatible with older devices if not referring to new library functions. Smart Cards implementing Java Card Classic Edition have been security-certified by multiple vendors, and are commercially available.
1050:
134:
431:
debugging occurs with Java bytecode, make sure that the class file fits the limitation of Java Card language by converting it to Java Card bytecode; and test in a real Java Card smart card early on to get an idea of the performance); further, one can run and debug both the Java Card code for the application to be embedded in a smart card, and a Java application that will be in the host using the smart card, all working jointly in the same environment.
1428:
1440:
703:
25:
430:
Coding techniques used in a practical Java Card program differ significantly from those used in a Java program. Still, that Java Card uses a precise subset of the Java language speeds up the learning curve, and enables using a Java environment to develop and debug a Java Card program (caveat: even if
390:
Standard Java Card class library and runtime support differs a lot from that in Java, and the common subset is minimal. For example, the Java
Security Manager class is not supported in Java Card, where security policies are implemented by the Java Card Virtual Machine; and transients (non-persistent,
278:
computing environment allowing the same Java Card applet to run on different smart cards, much like a Java applet runs on different computers. As in Java, this is accomplished using the combination of a virtual machine (the Java Card
Virtual Machine), and a well-defined runtime library, which largely
439:
Oracle has released several Java Card platform specifications and is providing SDK tools for application development. Usually smart card vendors implement just a subset of algorithms specified in Java Card platform target and the only way to discover what subset of specification is implemented is to
377:
run by a standard Java
Virtual Machine but with a different encoding to optimize for size. A Java Card applet thus typically uses less bytecode than the hypothetical Java applet obtained by compiling the same Java source code. This conserves memory, a necessity in resource constrained devices like
235:
Java Card is the tiniest of Java platforms targeted for embedded devices. Java Card gives the user the ability to program the devices and make them application specific. It is widely used in different markets: wireless telecommunications within SIM cards and embedded SIM, payment within banking
231:
devices which are called "secure elements" (SE). Today, a secure element is not limited to its smart cards and other removable cryptographic tokens form factors; embedded SEs soldered onto a device board and new security designs embedded into general purpose chips are also widely used. Java Card
350:
At the language level, Java Card is a precise subset of Java: all language constructs of Java Card exist in Java and behave identically. This goes to the point that as part of a standard build cycle, a Java Card program is compiled into a Java class file by a Java compiler; the class file is
413:
As smart cards are externally powered and rely on persistent memory, persistent updates must be atomic. The individual write operations performed by individual bytecode instructions and API methods are therefore guaranteed atomic, and the Java Card
Runtime includes a limited transaction
406:
With Java Card, objects are by default stored in persistent memory (RAM is very scarce on smart cards, and it is only used for temporary or security-sensitive objects). The runtime environment as well as the bytecode have therefore been adapted to manage persistent
308:
Unlike other Java VMs, a Java Card VM usually manages several applications, each one controlling sensitive data. Different applications are therefore separated from each other by an applet firewall which restricts and checks access of data elements of one applet to
518:
Added support for AES cryptography key encapsulation, CRC algorithms, Elliptic Curve
Cryptography key encapsulation,Diffie-Hellman key exchange using ECC, ECC keys for binary polynomial curves and for prime integer curves, AES, ECC and RSA with variable key
378:
smart cards. As a design tradeoff, there is no support for some Java language features (as mentioned above), and size limitations. Techniques exist for overcoming the size limitations, such as dividing the application's code into packages below the 64
567:(currently at version 3.0.2 released in December 2009) aims to provide a new virtual machine and an enhanced execution environment with network-oriented features. Applications can be developed as classic card applets requested by
603:, card management facilities ... As of 2021, there has been little adoption in commercially available Smart Cards, so much that reference to Java Card (including in the present Knowledge (XXG) page) often implicitly excludes the
236:
cards and NFC mobile payment and for identity cards, healthcare cards, and passports. Several IoT products like gateways are also using Java Card based products to secure communications with a cloud service for instance.
420:
The Java Card firewall is a mechanism that isolates the different applets present on a card from each other. It also includes a sharing mechanism that allows an applet to explicitly make an object available to other
279:
abstracts the applet from differences between smart cards. Portability remains mitigated by issues of memory size, performance, and runtime support (e.g. for communication protocols or cryptographic algorithms).
360:
qualifier; enums; arrays of more than one dimension; finalization; object cloning; threads). Further, some common features of Java are not provided at runtime by many actual smart cards (in particular type
263:). Many Java card products also rely on the GlobalPlatform specifications for the secure management of applications on the card (download, installation, personalization, deletion).
469:
Added support for Diffie-Hellman modular exponentiation, Domain Data
Conservation for Diffie-Hellman, Elliptic Curve and DSA keys, RSA-3072, SHA3, plain ECDSA, AES CMAC, AES CTR.
983:
458:
Added configurable key pair generation support, named elliptic curves support, new algorithms and operations support, additional AES modes and
Chinese algorithms.
341:
The applet is a state machine which processes only incoming command requests and responds by sending data or response status words back to the interface device.
298:
Data is stored within the application, and Java Card applications are executed in an isolated environment (the Java Card VM), separate from the underlying
568:
199:
450:
Added API clarifications to help application developers and significantly increase the level of interoperability across multiple implementations
976:
912:
748:
588:
391:
fast RAM variables that can be class members) are supported via a Java Card class library, while they have native language support in Java.
1432:
969:
108:
355:
587:...) with the card. The runtime uses a subset of the Java (1.)6 bytecode, without Floating Point; it supports volatile objects (
1017:
154:
1310:
799:
596:
46:
354:
However, many Java language features are not supported by Java Card (in particular types char, double, float and long; the
1463:
1380:
1290:
1275:
877:
1305:
1034:
1011:
324:
192:
148:
89:
654:
Array Views (views on a subset of an array), Static
Resources embedded within a CAP file and Improved API extensibility
1444:
1260:
1140:
708:
332:
61:
1356:
949:
42:
232:
addresses this hardware fragmentation and specificities while retaining code portability brought forward by Java.
35:
1300:
1242:
592:
68:
544:
The version 3.0 of the Java Card specification (draft released in March 2008) is separated in two editions: the
992:
316:
124:
399:
The Java Card runtime and virtual machine also support features that are specific to the Java Card platform:
1327:
185:
638:
A variety of physical layers and application protocol is supported, beyond smart card protocols defined in
75:
1366:
1232:
1089:
1064:
716:
600:
287:
Java Card technology was originally developed for the purpose of securing sensitive information stored on
1252:
1181:
266:
The main design goals of the Java Card technology are portability, security and backward compatibility.
502:
Added support for SHA-256, SHA-384, SHA-512, ISO9796-2, HMAC, Korean SEED MAC NOPAD, Korean SEED NOPAD.
57:
1468:
1227:
1120:
1079:
1069:
1006:
851:
240:
335:
are supported as well as other cryptographic services like signing, key generation and key exchange.
1371:
1361:
1171:
1161:
904:
Introduction to
Programming: Learn to program in Java with data structures, algorithms, and logic
778:
260:
937:
908:
744:
902:
1411:
1376:
1237:
1196:
811:
299:
252:
228:
1049:
133:
1401:
1110:
328:
1206:
1176:
1156:
1130:
82:
800:"Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card"
365:, which is the default type of a Java expression; and garbage collection of objects).
1457:
1406:
1396:
1201:
1166:
1125:
737:
675:
374:
216:
687:
639:
172:
644:
Logical access to device peripherals by secure element applications is facilitated
373:
Java Card bytecode run by the Java Card
Virtual Machine is a functional subset of
1439:
1105:
829:
702:
24:
1295:
1023:
943:
772:
698:
320:
288:
275:
256:
224:
160:
954:
815:
1265:
961:
664:
Certificate API, Key Derivation API, Monotonic Counter API, System Time API
739:
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
683:
679:
379:
1335:
1270:
1211:
1191:
1186:
1135:
1074:
1039:
248:
244:
169:(bundled in Oracle's JDK from versions 8 to 10 but separately since 11)
1340:
1285:
1115:
1084:
220:
166:
798:
Ahmed Patel; Kenan Kalajdzic; Laleh Golafshan; Mona Taghavi (2011).
1280:
466:
Oracle SDK: Java Card Classic Development Kit 3.0.5u1 (03.06.2015)
584:
580:
576:
572:
477:
Oracle SDK: Java Card Classic Development Kit 3.0.4 (06.11.2011)
291:. Security is determined by various aspects of this technology:
965:
491:
Added support for SHA-224, SHA-2 for all signature algorithms.
18:
674:
Configurable Key Pair generation, Named Elliptic Curves like
625:
Applet functionality can be split into multiple Java packages
351:
post-processed by tools specific to the Java Card platform.
488:
Oracle SDK: Java Card Development Kit 3.0.3 RR (11.11.2010)
804:
International Journal of Information Security and Privacy
527:
Oracle SDK: Java Card Development Kit 2.1.2 (05.04.2001)
251:. Java Card products are based on the specifications by
878:"Unveiling Java Card 3.1: New Cryptographic Extensions"
830:"JCAlgTest - database of supported JavaCard algorithms"
510:
Oracle SDK: Java Card Development Kit 2.2.1 (10.2003)
499:
Oracle SDK: Java Card Development Kit 2.2.2 (03.2006)
1389:
1349:
1326:
1319:
1251:
1220:
1149:
1098:
1057:
999:
49:. Unsourced material may be challenged and removed.
736:
620:New CAP file Format and Applet Deployment Model
595:, inter-application communications facilities,
575:to support web-based schemes of communication (
743:. Addison-Wesley Java Series. Addison-Wesley.
239:The first Java Card was introduced in 1996 by
977:
193:
8:
616:Java Card 3.1 was released in January 2019.
315:Commonly used symmetric key algorithms like
227:and more generally on similar secure small
1323:
984:
970:
962:
447:Introduced support for (D)TLS1.3 protocols
200:
186:
120:
633:New I/O Framework and Trusted Peripherals
243:'s card division which later merged with
109:Learn how and when to remove this message
327:, and asymmetric key algorithms such as
945:Defcon 21: The Secret Life of SIM Cards
727:
123:
771:Oracle Learning Library (2013-01-30),
530:Added support for RSA without padding.
274:Java Card aims at defining a standard
215:is a software technology that allows
7:
850:Ponsini, Nicolas (30 January 2023).
47:adding citations to reliable sources
686:), Chinese Algorithms (SM2 - SM3 -
480:Added support for DES MAC8 ISO9797.
852:"Announcing Java Card 3.2 Release"
14:
774:Developing Java Card Applications
1438:
1427:
1426:
1048:
907:. Packt Publishing. p. 13.
701:
132:
23:
1445:Computer programming portal
781:from the original on 2021-12-13
34:needs additional citations for
1150:Major third-party technologies
628:CAP file sizes can exceed 64KB
571:commands or as servlets using
1:
1381:Sun Microsystems Laboratories
669:New Cryptographic Extensions
709:Computer programming portal
524:Version 2.1.1 (18.05.2000)
485:Version 3.0.1 (15.06.2009)
474:Version 3.0.4 (06.08.2011)
463:Version 3.0.5 (03.06.2015)
333:elliptic curve cryptography
1485:
1357:Apache Software Foundation
649:Core Platform Enhancements
1424:
1243:Free Java implementations
1046:
455:Version 3.1 (17.12.2018)
444:Version 3.2 (30.01.2023)
993:Java (software platform)
816:10.4018/ijisp.2011070101
678:, Additional AES modes (
535:Version 2.1 (07.06.1999)
507:Version 2.2.1 (10.2003)
496:Version 2.2.2 (03.2006)
223:) to be run securely on
1367:Java Community Process
1233:Java Community Process
717:Java Card OpenPlatform
515:Version 2.2 (11.2002)
1099:Platform technologies
901:Samoylov, N. (2018).
219:-based applications (
1464:Java device platform
1228:Java version history
1080:Java virtual machine
1070:Java Development Kit
163:(Enterprise Edition)
43:improve this article
1058:Oracle technologies
386:Library and runtime
1372:Oracle Corporation
1362:Eclipse Foundation
938:Java Card overview
876:Ponsini, Nicolas.
589:garbage collection
295:Data encapsulation
261:Oracle Corporation
157:(Standard Edition)
1451:
1450:
1420:
1419:
914:978-1-78883-416-2
750:978-0-201-70329-0
735:Chen, Z. (2000).
659:Security Services
605:Connected Edition
565:Connected Edition
550:Connected Edition
395:Specific features
210:
209:
119:
118:
111:
93:
1476:
1443:
1442:
1430:
1429:
1412:Patrick Naughton
1377:Sun Microsystems
1324:
1238:Sun Microsystems
1131:Web Start (JNLP)
1052:
986:
979:
972:
963:
955:JavaCards-OpenSC
946:
926:
925:
923:
921:
898:
892:
891:
889:
888:
882:blogs.oracle.com
873:
867:
866:
864:
862:
847:
841:
840:
838:
836:
826:
820:
819:
810:(3). IGI: 1–18.
795:
789:
788:
787:
786:
768:
762:
761:
759:
757:
742:
732:
711:
706:
705:
417:Applet isolation
364:
358:
300:operating system
253:Sun Microsystems
229:memory footprint
202:
195:
188:
136:
121:
114:
107:
103:
100:
94:
92:
51:
27:
19:
1484:
1483:
1479:
1478:
1477:
1475:
1474:
1473:
1454:
1453:
1452:
1447:
1437:
1416:
1402:Arthur van Hoff
1385:
1345:
1315:
1247:
1216:
1145:
1094:
1053:
1044:
995:
990:
944:
934:
929:
919:
917:
915:
900:
899:
895:
886:
884:
875:
874:
870:
860:
858:
849:
848:
844:
834:
832:
828:
827:
823:
797:
796:
792:
784:
782:
770:
769:
765:
755:
753:
751:
734:
733:
729:
725:
707:
700:
697:
671:
661:
651:
635:
622:
614:
558:Classic Edition
546:Classic Edition
542:
440:test the card.
437:
428:
397:
388:
375:Java 2 bytecode
371:
362:
356:
348:
305:Applet firewall
285:
272:
206:
151:(Micro Edition)
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
1482:
1480:
1472:
1471:
1466:
1456:
1455:
1449:
1448:
1425:
1422:
1421:
1418:
1417:
1415:
1414:
1409:
1404:
1399:
1393:
1391:
1387:
1386:
1384:
1383:
1374:
1369:
1364:
1359:
1353:
1351:
1347:
1346:
1344:
1343:
1338:
1332:
1330:
1321:
1317:
1316:
1314:
1313:
1308:
1303:
1298:
1293:
1288:
1283:
1278:
1273:
1268:
1263:
1257:
1255:
1249:
1248:
1246:
1245:
1240:
1235:
1230:
1224:
1222:
1218:
1217:
1215:
1214:
1209:
1204:
1199:
1194:
1189:
1184:
1179:
1174:
1169:
1164:
1159:
1153:
1151:
1147:
1146:
1144:
1143:
1138:
1133:
1128:
1123:
1118:
1113:
1108:
1102:
1100:
1096:
1095:
1093:
1092:
1087:
1082:
1077:
1072:
1067:
1061:
1059:
1055:
1054:
1047:
1045:
1043:
1042:
1037:
1032:
1027:
1021:
1015:
1009:
1003:
1001:
997:
996:
991:
989:
988:
981:
974:
966:
960:
959:
957:
952:
941:
933:
932:External links
930:
928:
927:
913:
893:
868:
856:Java Card Blog
842:
821:
790:
763:
749:
726:
724:
721:
720:
719:
713:
712:
696:
693:
692:
691:
676:Edwards-Curves
670:
667:
666:
665:
660:
657:
656:
655:
650:
647:
646:
645:
642:
634:
631:
630:
629:
626:
621:
618:
613:
610:
609:
608:
593:multithreading
561:
541:
538:
537:
536:
533:
532:
531:
528:
522:
521:
520:
513:
512:
511:
505:
504:
503:
500:
494:
493:
492:
489:
483:
482:
481:
478:
472:
471:
470:
467:
461:
460:
459:
453:
452:
451:
448:
436:
433:
427:
424:
423:
422:
418:
415:
411:
408:
404:
396:
393:
387:
384:
370:
367:
347:
344:
343:
342:
339:
336:
313:
310:
306:
303:
296:
284:
281:
271:
268:
208:
207:
205:
204:
197:
190:
182:
179:
178:
177:
176:
175:(Discontinued)
170:
164:
158:
152:
146:
138:
137:
129:
128:
117:
116:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
1481:
1470:
1467:
1465:
1462:
1461:
1459:
1446:
1441:
1435:
1434:
1423:
1413:
1410:
1408:
1405:
1403:
1400:
1398:
1397:James Gosling
1395:
1394:
1392:
1388:
1382:
1378:
1375:
1373:
1370:
1368:
1365:
1363:
1360:
1358:
1355:
1354:
1352:
1350:Organizations
1348:
1342:
1339:
1337:
1334:
1333:
1331:
1329:
1325:
1322:
1318:
1312:
1309:
1307:
1304:
1302:
1299:
1297:
1294:
1292:
1289:
1287:
1284:
1282:
1279:
1277:
1274:
1272:
1269:
1267:
1264:
1262:
1259:
1258:
1256:
1254:
1253:JVM languages
1250:
1244:
1241:
1239:
1236:
1234:
1231:
1229:
1226:
1225:
1223:
1219:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1193:
1190:
1188:
1185:
1183:
1180:
1178:
1175:
1173:
1170:
1168:
1167:GNU Classpath
1165:
1163:
1160:
1158:
1155:
1154:
1152:
1148:
1142:
1139:
1137:
1134:
1132:
1129:
1127:
1124:
1122:
1119:
1117:
1114:
1112:
1109:
1107:
1104:
1103:
1101:
1097:
1091:
1088:
1086:
1083:
1081:
1078:
1076:
1073:
1071:
1068:
1066:
1063:
1062:
1060:
1056:
1051:
1041:
1038:
1036:
1033:
1031:
1028:
1025:
1022:
1019:
1016:
1013:
1010:
1008:
1005:
1004:
1002:
998:
994:
987:
982:
980:
975:
973:
968:
967:
964:
958:
956:
953:
951:
947:
942:
939:
936:
935:
931:
916:
910:
906:
905:
897:
894:
883:
879:
872:
869:
857:
853:
846:
843:
831:
825:
822:
817:
813:
809:
805:
801:
794:
791:
780:
776:
775:
767:
764:
752:
746:
741:
740:
731:
728:
722:
718:
715:
714:
710:
704:
699:
694:
689:
685:
681:
677:
673:
672:
668:
663:
662:
658:
653:
652:
648:
643:
641:
637:
636:
632:
627:
624:
623:
619:
617:
612:Java Card 3.1
611:
606:
602:
598:
594:
590:
586:
582:
578:
574:
570:
566:
562:
559:
555:
554:
553:
551:
547:
540:Java Card 3.0
539:
534:
529:
526:
525:
523:
517:
516:
514:
509:
508:
506:
501:
498:
497:
495:
490:
487:
486:
484:
479:
476:
475:
473:
468:
465:
464:
462:
457:
456:
454:
449:
446:
445:
443:
442:
441:
434:
432:
425:
419:
416:
412:
409:
405:
402:
401:
400:
394:
392:
385:
383:
381:
376:
368:
366:
359:
352:
345:
340:
337:
334:
330:
326:
322:
318:
314:
311:
307:
304:
302:and hardware.
301:
297:
294:
293:
292:
290:
282:
280:
277:
269:
267:
264:
262:
258:
254:
250:
246:
242:
237:
233:
230:
226:
222:
218:
214:
203:
198:
196:
191:
189:
184:
183:
181:
180:
174:
171:
168:
165:
162:
159:
156:
153:
150:
147:
145:
142:
141:
140:
139:
135:
131:
130:
126:
125:Java platform
122:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
1431:
1029:
1026:(Enterprise)
918:. Retrieved
903:
896:
885:. Retrieved
881:
871:
859:. Retrieved
855:
845:
833:. Retrieved
824:
807:
803:
793:
783:, retrieved
773:
766:
754:. Retrieved
738:
730:
615:
604:
601:transactions
564:
557:
549:
545:
543:
438:
429:
398:
389:
372:
353:
349:
312:Cryptography
286:
273:
265:
241:Schlumberger
238:
234:
212:
211:
173:PersonalJava
143:
105:
99:January 2016
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
1469:Smart cards
1328:Conferences
1035:Android SDK
597:persistence
426:Development
403:Persistence
289:smart cards
270:Portability
225:smart cards
58:"Java Card"
1458:Categories
1407:Urs Hölzle
1296:Processing
1024:Jakarta EE
1020:(Standard)
887:2019-04-18
861:6 February
835:27 January
785:2019-04-18
723:References
414:mechanism.
321:Triple DES
276:smart card
257:subsidiary
161:Jakarta EE
69:newspapers
16:Smart card
1320:Community
1266:BeanShell
1182:Hibernate
1157:Blackdown
1090:Maxine VM
1030:Java Card
1000:Platforms
410:Atomicity
357:transient
255:(later a
213:Java Card
144:Java Card
1433:Category
1111:Servlets
940:(Oracle)
779:archived
695:See also
640:ISO 7816
548:and the
519:lengths.
435:Versions
421:applets.
407:objects.
369:Bytecode
309:another.
283:Security
247:to form
127:editions
1436:
1336:JavaOne
1311:Oxygene
1271:Clojure
1221:History
1212:WildFly
1207:TopLink
1192:Jazelle
1187:IcedTea
1177:Harmony
1162:Eclipse
1141:Modules
1136:Pack200
1116:MIDlets
1106:Applets
1075:OpenJDK
1040:GraalVM
1018:Java SE
1014:(Micro)
1012:Java ME
950:YouTube
920:9 April
756:9 April
382:limit.
249:Gemalto
245:Gemplus
221:applets
155:Java SE
149:Java ME
83:scholar
1390:People
1341:Devoxx
1291:Kotlin
1286:Jython
1276:Groovy
1202:Struts
1197:Spring
1085:JavaFX
1065:Squawk
911:
747:
682:&
346:Design
338:Applet
167:JavaFX
85:
78:
71:
64:
56:
1306:Scala
1301:Rhino
1281:JRuby
90:JSTOR
76:books
1261:Java
922:2019
909:ISBN
863:2023
837:2016
758:2019
745:ISBN
585:SOAP
581:REST
577:HTML
573:HTTP
569:APDU
563:The
556:The
217:Java
62:news
1172:GWT
1126:JSF
1121:JSP
1007:JVM
948:on
812:doi
688:SM4
684:XTS
680:CFB
591:),
380:KiB
363:int
329:RSA
325:AES
317:DES
259:of
45:by
1460::
1379:,
880:.
854:.
806:.
802:.
777:,
599:,
583:,
579:,
552:.
331:,
323:,
319:,
985:e
978:t
971:v
924:.
890:.
865:.
839:.
818:.
814::
808:5
760:.
690:)
607:.
201:e
194:t
187:v
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.