Java Card for the Internet of Things: Secure Network Access and Communication

Flexible connectivity has become a critical success factor in a world full of connected devices. This is even more critical as more and more devices are joining the IoT, and massive-IoT is an expected outcome of 5G. IoT device manufacturers deploy embedded SIM (eSIM) modules for consumer and M2M use cases to provide a reliable, robust and trusted access to the IoT ecosystem.

Embedded during the device production, blank SIMs are deployed in a variety of different formats and can be updated with the eSIM profiles of local MNOs (Mobile Network Operators) over the air, in the field. This flexibility reduces the need for IoT device makers and their suppliers to stock many different versions of SIMs for use in multiple countries, eliminating a lot of headaches from the manufacturer’s logistics chain.

Furthermore, the GSMA specifications(1) for remote subscription provisioning allows IoT service providers to select and download a subscription inside an embedded SIM for their devices, once they are actually deployed in the field. The remote subscription provisioning system also allows the switch from one subscription to another, which could for instance be triggered based on the device required quality of service or locally available access networks.

The latter aspect is part of a larger scope of power saving strategies required for IoT devices that need to be functioning autonomously for ten or twenty years, in low reachability locations. 3GPP has in this area enhanced the USIM and 3GPP devices specifications with features that allow IoT devices to deactivate or suspend the USIM for a long period of time, with the USIM being able to keep its internal status and thus optimize its wake-up time. These power saving mode features allow IoT devices to reduce battery consumption to a minimum level.

Java Card has traditionally been used in GSM, 3G, 4G and soon 5G networks to secure access to the cellular network. It is referenced in the 3GPP USIM and ISIM specifications(2), and follows the 3GPP authentication and key agreement protocols(3. As a result, Java Card is being used in billions of SIM cards deployed each year worldwide. MNOs develop and deploy Java Card applications to host and manage customer subscription, or implement operator network and power optimisation strategies. The dedicated security features of Java Card provide the perfect environment to securely store credentials, govern the authentication to the communication network and manage MNO customer-specific profiles and applications.

Java Card is an open standard from Sun Microsystems for a smart card developmentplatform. Smart cards created using the Java Card platform have Java applets stored on them. The applets can be added to or changed after the card is issued.

There are two basic types of smart cards. The memory smart card is the familiar removable memory device; it usually features read and write capabilities and perhaps security features. The more complex version, the processor smart card, is a very small and extremely portable computing device that could be carried in your wallet. Java-based smart cards belong to the latter category. They store data on an integrated microprocessor chip. Applets are loaded into the memory of the microprocessor and run by the Java Virtual Machine. Similarly to MULTOS, another smart card development technology, Java Card enables multiple application programs to be installed and coexist independently. Individual applets are protected by a firewall to preserve their integrity and prevent tampering. Applications can be updated dynamically.

In the United States, the Department of Defense, Visa, and American Express are among the organizations creating Java Card-based applications.