This Blog covers the latest Java technology for small devices and security in the IoT, mobile, ID and Payment

Java Card Protection Profile 3.0.5 available

Florian Tournier
Senior Director, IoT and Security

Announcing Java Card Protection Profile 3.0.5  
(Updated 09/05/18 - Closed Configuration Available)

The Java Card Protection Profile version 3.0.5 has been certified and published. As opposed to the previous versions of the Protection Profile which were certified and published under the French Scheme by Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), this version of the Protection Profile has been certified and published under the German Scheme by Bundesamt für Sicherheit in der Informationstechnik (BSI).

The Java Card  Protection Profile can be used to certify Java Card platforms to Common Criteria EAL4+ level. It relies on CC version 3.1 revision 5.

The Java Card Protection Profile version 3.0.5, is aligned with the latest Java Card specifications version 3.0.5, but can also be used to certify products based on versions 2.2, 2.2.1, 2.2.2, 3.0.1 and 3.0.4 of the Java Card specifications. It supersedes the previously released versions of the Protection Profile. 

What is the Java Card Protection Profile ?

The Java Card Protection Profile provides a modular set of security requirements designed specifically for the characteristics of the Java Card platform. It offers a precise description of the Java Card System, background and possible environments for risk analysis, and describes the division of duties and assignment of responsibilities among the involved actors (physical and IT components) required for definition of security policies. Furthermore it defines the risks and assets to enable creation of Security Targets.  Its goal is to reduce the time and cost for developers of Java Card-based products to complete security evaluations under the Common Criteria for IT Security Evaluation. This work is part of Oracle's Global Initiative on Common Criteria (CC)

The Java Card Protection Profile defines a set of security requirements for the Java Card Runtime Environment, the Java Card Virtual Machine, the Java Card API Framework, and the on-card Installer components. It provides guidelines to develop a secure Java Card platform and obtain high-level security certifications.

The design strategy behind Java Card Protection Profiles represents a breakthrough in the world of security evaluations, as it specifically accommodates the flexible, modular, and open characteristics of Java Card technology. In particular, it is intended to complement existing protection profiles available for Java Card technology-based smart cards and secure elements.

Protection Profile Configurations 

The Java Card Protection Profile comes in two configurations: 

More Information

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.