Oracle’s Java Card platform, which provides security for smart card and limited-memory device applications, increases support for the internet of things in Version 3.1.
Java Card is a software technology providing isolation between secure hardware and software services. Typical hardware platforms that use Java Card include embedded secure elements, smart card chips, and secure systems with a general-purpose CPU. Sensitive materials such as cryptographic keys can be provisioned. The development kit is free, but manufacturers using Java Card must get a paid commercial license to use the technology.
Java Card 3.1 enables development of security services portable across a range of IoT security hardware. An extensible I/O model lets applications exchange data directly with connected peripherals over a variety of physical layers and application protocols. The new version also introduces APIs and updated cryptography functions to address IoT security and assist with design of security applications, including device attestation.
Java Card 3.1’s extended file format simplifies application deployment, code upgrade and maintenance. API enhancements improve developer productivity and memory efficiency of applications.
Java Card 3.1 introduces four security services:
- A certificate API to manage trusted keys for resource-constrained devices.
- A key derivation API, to protect sensitive data.
- A monotonic counter API to avoid replay attacks.
- A system time API for timestamping