How safe is Java Card?

Created Aug 8, 2001

Julien SIMON

This is a very tough question. The security of Java cards is evaluated using the Common Criteria (CC) methodology. A number of platforms (Gemplus, Oberthur Card Systems, Schlumberger, probably others) have passed security level EAL1+. No Java Card platform has passed the EAL4+ level yet: this level is the minimum safety level requested by banking applications. This is where Multos has a key advantage over Java Card, so you can bet that Java Card vendors are hard at work trying to reach it. Let's wait and see!

If you want to learn more on CC, go to:

The CC web site.

The NIST page on CC for smart cards.

Beyond that, one of the overall concerns seems to be the lack of on-card verification. Some argue that it's unnecessary if an Open Platform compliant Card Manager enforces secure applet loading. Some argue it is still necessary and claim that on-card verification is possible using Proof-Carrying Code.

Post a comment

Email Article

Print Article

Share Articles

Digg

del.icio.us

Newsvine

Facebook

Google

LinkedIn

MySpace

Reddit

Slashdot

StumbleUpon

Technorati

Twitter

Windows Live

YahooBuzz

FriendFeed

0 Comments (click to add your comment)

Comment and Contribute

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Most Popular jGuru Stories

Editor's Picks

Most Popular

The Java Game Development Tutorial

Files and Directories in Java

Load Testing your Applications with Apache JMeter

Unit Testing Java Programs

Using SOAP with Java

6 Tips to Improve Java Exception Handling

Best Java interview questions

Dynamic Loading Using Java Reflection and Properties.

Best Practices in OOP

JBoss Case Study: Learn Design Patterns From Real Projects (Part 1)