Two commonplaces about Java Card

Prior to getting into more details about the evolution of Java Card technology in future posts, I would like to point out two common clichés about the platform :

1st cliché: "Java Card is just for smart cards."

“Card” in Java Card is a misnomer. A more accurate name (but will less marketing appeal) may be “Java for resource-constrained devices to run securely Java technology-based applications”. While the Java Card framework and runtime are security oriented and designed to run on a Secure Element i.e a secure MCU with a few kilobytes of ROM, EEPROM and RAM and countermeasures against hardware attacks, it does not limit the scope to the Card form factor. There are already embedded and integrated Secure Elements on System on Chip in different markets: for IoT gateways, smart phones or in automotive area for instance. The aim here is not to deny the smart card history, the inheritance is strong anyway, but rather to express that Java Card is also running anywhere else and its evolution made it a security framework beyond the smart card world.

2nd cliché: "A knowledgeable Java developer is a Java Card developer."

Actually, even skilled Java developers may be disconcerted by Java Card programming. Java Card is a Java subset but has a number of additional specificities like objet persistency and atomicity for instance. Historically, Java Card development has been a matter of specialists. Powerful virtual machine and object oriented language concepts are intrinsic to Java Card as a Java-based platform and make the development on a secure element by far easy compared to any other alternatives. On the other side, developing an applet that has to be formally proven for long lasting deployment and against software and hardware attacks (imagine payment and ID applets) requires additional strong security skills. Anyone can play with the Java Card Development Kit (and is encouraged to do so), but it takes time and experience to acquire the necessary expertise to deploy an applet in the field. The good news is that there is no shortage of resources available online (including on Oracle Technology Network) to start building that specific knowledge.

  About Java Card:

  Java Card Technology

  Java Card 3.1 Documentation