Another exciting use for Java Card in IoT, is to secure the “last yard” between devices (or gateways) and attached peripherals. This is especially important for systems comprising actuator devices that can have a direct impact on safety. Securing data coming from a sensor (or sent to an actuator), can be a complex cost/ technology equation in untrusted physical environments. It is a challenging problem to solve, as sensors are often very simple devices with severe price constraints. Having them perform cryptographic operations or coupling them with a dedicated security chip brings about some commercial hurdles, in particular in markets where sensor data can be highly sensitive, such as automotive.
The introduction of multi-application secure elements, powered by Java Card offers cost-effective options, as the price of the hardware may be shared by multiple services.
Firstly, the secure element can be granted direct access to peripherals. This can be used to make sure that there is no “in the clear” communication between a sensor and the cloud. One can also leverage the secure element to perform verification of biometric data against an expected value, avoiding side channel attacks. The secure element can also verify the operating conditions using built-in sensors and detect abnormal use. There are also scenarios where a secure chip could perform general purpose operations such as data averaging or initial filtering and even edge analytics, to alleviate the load or act as a substitute to a general purpose MCU.
Java Card is at the core of these use cases. The Java Card Forum and Oracle have standardised APIs and a new I/O model, to allow direct and secure access to peripherals from within Java Card applications. Those features are included in the Java Card 3.1 release, helping to simplify the implementation of Trusted Peripheral use cases and enabling trust and the exchange of sensitive data at the very edge.
Java Card is an open standard from Sun Microsystems for a smart card developmentplatform. Smart cards created using the Java Card platform have Java applets stored on them. The applets can be added to or changed after the card is issued.
There are two basic types of smart cards. The memory smart card is the familiar removable memory device; it usually features read and write capabilities and perhaps security features. The more complex version, the processor smart card, is a very small and extremely portable computing device that could be carried in your wallet. Java-based smart cards belong to the latter category. They store data on an integrated microprocessor chip. Applets are loaded into the memory of the microprocessor and run by the Java Virtual Machine. Similarly to MULTOS, another smart card development technology, Java Card enables multiple application programs to be installed and coexist independently. Individual applets are protected by a firewall to preserve their integrity and prevent tampering. Applications can be updated dynamically.
In the United States, the Department of Defense, Visa, and American Express are among the organizations creating Java Card-based applications.